[BlueOnyx:12874] Re: Renaming user accounts
Lew Berry
LCBerry at lcbconsulting.net
Wed Apr 17 08:35:01 -05 2013
Set pam_abl to be more aggressive on the ip address of the source so it blocks via ip first. This should reduce legit user lockout.
Lew Berry
Chris,
You are right that pam_abl will help prevent the attacker from successfully guessing the password. But the problem is that pam_abl locks the accounts when the attacks are running, preventing the legitimate users from accessing their accounts. Changing the user name associated with the email address has significantly reduced the unauthorized activity's interference with legitimate operations.
We create new accounts with more obscure user names but there are a few old ones that have repeatedly been locked.
Eric
On 4/17/13 8:02 AM, Chris Gebhardt - VIRTBIZ Internet wrote:
> Hi Eric,
> On 4/17/2013 7:55 AM, Eric Peabody wrote:
>> Or is it recommended to create a second account, copy the data from
>> the old home directory to the new? That might be simpler in the end.
> Yes. That way. ;)
>
> Or... just make sure that you have good strong passwords on all the
> accounts and lock out attackers with pam_abl. That has worked for a
> long, long time for us. Ever since 5106R was first implemented (and
> we were an early adopter!)
>
_______________________________________________
Blueonyx mailing list
Blueonyx at mail.blueonyx.it
http://mail.blueonyx.it/mailman/listinfo/blueonyx
More information about the Blueonyx
mailing list