[BlueOnyx:10770] Re: Failed logins

[Michael Stauber]

Hi Gregg:

> I started the process of upgrading all my bluequartz servers to the
> blueonyx ones. I noticed a nice new feature under security called
> failed logins.
>
> When you go there you find a list of failed login ip addresses and
> their hostnames, which is great. Some of the failed logins were up to
> 100+ but the server was still allowing them because their access was
> green?

This functionality is provided by a service called PAM_ABL. It ties 
into the Pluggable Authentication Mechanism (PAM) that pretty much all 
BlueOnyx services use.

When someone from the same originating IP or host fails to authenticate 
repeatedly against any service, his access to all services will be 
blocked for a certain amount of time. Usually 15 minutes. As long as he 
is blocked, even using a correct username and password will not let him 
in.

Once the failed logins from that IP or host stop and 15 minutes have 
passed, he may try again.


> Anyway, when I click on the whois for more information a window
> pops up but I get an error, and also the main page displays an error:
> "You do not have permission to access the requested file on this
> server."
>
> The pop up window comes up with "cannot display the webpage" error.
>
> Are these features not working yet, or are they broken on my server?
> If so, how do I fix them?

That typically works, but it requires working WHOIS services. So your 
server must be able to resolve IP addresses or hostnames and must allow 
to make outgoing connections. Typically that page would then display the 
WHOIS record of the offender. I don't know why that is not working for 
you. Perhaps the error logfile has more information on it. Please check 
/var/log/admserv/adm_error for any error messages related to clicking on 
the whois icon.

-- 

With best regards,

Michael Stauber