[BlueOnyx:18469] Re: New pam_abl: quick start guide
Michael Stauber
mstauber at blueonyx.it
Fri Oct 2 22:25:18 -05 2015
Hi Larry,
> Ok, probably just me, but how does one clear pam_abl blocks from the
> command line now? Since the latest changes went in, the old:
>> >pam_abl --okhost <IP>
> and
>> >pam_abl --okuser <name>
> do not seem to work, and every variation I try (pam_abl -w <IP>)
> returns :
> No such file or directory (2) while reading config file
5207R, 5208R and 5209R have the newest PAM_ABL, which functions differently.
See "pam_abl --help" or "pam_abl -h" for the new command line switches
and parameters.
#> pam_abl --help
Usage: pam_abl [OPTION] [CONFIG]
Perform maintenance on the databases used by the pam_abl (auto blacklist)
module. CONFIG is the name of the pam_abl config file (defaults to
/etc/security/pam_abl.conf). The config file is read to discover the names
of the pam_abl databases and the rules that control purging of old data
from them. The following options are available:
MAINTENANCE
-h, --help See this message.
-d, --debugcommand Print the block/clear commands split in arguments.
-p, --purge Purge databases based on rules in config.
-r, --relative Display times relative to now.
-v, --verbose Verbose output.
NON-PAM INTERACTION
-f --fail
Fail user or host.
-w --whitelist
Perform whitelisting (remove from blacklist, does not provide
immunity).
-c --check
Check status. Returns non-zero if currently blocked
Prints 'name: status' if verboseness is specified.
-u --update
Update the state of all users/hosts in the db.
This will also cause the appropriate scripts to be called.
-s --service
Operate in context of specified service. Defaults to 'none'.
-U --user
Operate on user (wildcards are ok for whitelisting).
-H --host
Operate on host (wildcards are ok for whitelisting).
-R --reason
Only used when -f is provided (defaults to "AUTH").
Possible values are USER, HOST, BOTH, AUTH
So if you want to whitelist a host on the CLI (better use the GUI for
that!) you could use this:
#> pam_abl -wH 10.1.128.1
To manually block a host you could use this:
#> pam_abl -fH 10.1.128.1
To check the blocks you can (as before) use this:
#> pam_abl -v
Reading config from /etc/security/pam_abl.conf
No user_db in /etc/security/pam_abl.conf
Failed hosts:
10.1.128.1 (1)
none AUTH Fri Oct
2 22:22:33 2015
The easiest way to remove *all* blocks is to restart the service "pam_abl":
#> /sbin/service pam_abl restart
That will delete the pam_abl databases and will make it start fresh.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list