[BlueOnyx:10775] Re: Failed logins

Gregg greggk1 at cox.net
Tue Jun 12 17:41:16 -05 2012 


> -----Original Message-----
> From: blueonyx-bounces at mail.blueonyx.it [mailto:blueonyx-
> bounces at mail.blueonyx.it] On Behalf Of Michael Stauber
> Sent: Tuesday, June 12, 2012 9:51 AM
> To: BlueOnyx General Mailing List
> Subject: [BlueOnyx:10770] Re: Failed logins
> 
> Hi Gregg:
> 
> > I started the process of upgrading all my bluequartz servers to the
> > blueonyx ones. I noticed a nice new feature under security called
> > failed logins.
> >
> > When you go there you find a list of failed login ip addresses and
> > their hostnames, which is great. Some of the failed logins were up to
> > 100+ but the server was still allowing them because their access was
> > green?
> 
> This functionality is provided by a service called PAM_ABL. It ties
> into the Pluggable Authentication Mechanism (PAM) that pretty much all
> BlueOnyx services use.
> 
> When someone from the same originating IP or host fails to authenticate
> repeatedly against any service, his access to all services will be
> blocked for a certain amount of time. Usually 15 minutes. As long as he
> is blocked, even using a correct username and password will not let him
> in.
> 
> Once the failed logins from that IP or host stop and 15 minutes have
> passed, he may try again.
> 
> 
> > Anyway, when I click on the whois for more information a window
> > pops up but I get an error, and also the main page displays an error:
> > "You do not have permission to access the requested file on this
> > server."
> >
> > The pop up window comes up with "cannot display the webpage" error.
> >
> > Are these features not working yet, or are they broken on my server?
> > If so, how do I fix them?
> 
> That typically works, but it requires working WHOIS services. So your
> server must be able to resolve IP addresses or hostnames and must allow
> to make outgoing connections. Typically that page would then display
> the
> WHOIS record of the offender. I don't know why that is not working for
> you. Perhaps the error logfile has more information on it. Please check
> /var/log/admserv/adm_error for any error messages related to clicking
> on
> the whois icon.

Hello and thanks for the info. I checked on the error log and this is what
it displays when I click on it:
Directory index forbidden by Options directive:
/usr/sausalito/ui/web/base/console/, referer:
https://www.mydomain.com:81/base/console/pam_abl_status.php


Thanks,
Gregg

More information about the Blueonyx mailing list