[BlueOnyx:16745] Is pam and in GUI Security on 5208R working properly?

Dirk Estenfeld dirk.estenfeld at bpanet.de
Tue Dec 23 02:11:57 -05 2014 

Hello,

did somebody check if pam_abl and Security -> Failed Logins in GUI work properly?

My settings are default:

Config File: /etc/security/pam_abl.conf
User purge: 2d
Host purge: 2d
User rule: disabled
Host rule 30/1h

In Failed Logins I see nothing.
Nothing for Hosts and nothing for User.

If I do a pam_abl -v I see:

Reading config from /etc/security/pam_abl.conf
Failed users:
    username (2)
        Mon Dec 22 15:55:04 2014
        Mon Dec 22 15:55:04 2014
Failed hosts:
    host.name.net (2)
        Mon Dec 22 15:55:04 2014
        Mon Dec 22 15:55:04 2014


So what I would expect is one entry in User and one entry in Hosts (both with a green dot). But again there is nothing.


Then the next curiosity. I have a lot of failed pop3 Logins:

[...]
Dec 23 07:13:02 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=</jMMEdwKwgDZBedS>
Dec 23 07:19:02 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<WSGDJtwK0QDZBedS>
Dec 23 07:24:30 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<TKwBOtwKOwDZBedS>
Dec 23 07:29:54 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<+fNSTdwK2QDZBedS>
Dec 23 07:35:18 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<0YmtYNwKaQDZBedS>
Dec 23 07:41:40 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<lgZ0d9wKygDZBedS>
Dec 23 07:47:10 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 5 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<VPMSi9wKAgDZBedS>
Dec 23 07:52:43 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<j9nuntwKNgDZBedS>
Dec 23 07:58:13 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<kWOmstwKTQDZBedS>
Dec 23 08:03:37 servername dovecot: pop3-login: Aborted login (auth failed, 1 attempts in 4 secs): user=<info>, method=PLAIN, rip=1.2.3.4, lip=5.6.7.8, session=<DhX0xdwKQwDZBedS> 
[...]

But pam_abl do not know something about.
And also in Security -> Failed Logins in the GUI I can see nothing.

Is this feature working on any other 5208R?
Michael could you please check this?

I can see this behaviour on two 5208R. Both have all updates installed.

Best regards,
Dirk


-----------------------------------------------
Black Point Arts Internet Solutions GmbH - Hanauer Landstrasse 423a - 60314 Frankfurt

More information about the Blueonyx mailing list