[BlueOnyx:18469] Re: New pam_abl: quick start guide

Michael Stauber mstauber at blueonyx.it
Fri Oct 2 22:25:18 -05 2015 

Hi Larry,

> Ok, probably just me, but how does one clear pam_abl blocks from the
> command line now? Since the latest changes went in, the old:
>> >pam_abl --okhost <IP>
> and
>> >pam_abl --okuser <name>
> do not seem to work, and every variation I try (pam_abl -w <IP>)
> returns :
> No such file or directory (2) while reading config file

5207R, 5208R and 5209R have the newest PAM_ABL, which functions differently.

See "pam_abl --help" or "pam_abl -h" for the new command line switches
and parameters.

#> pam_abl --help
Usage: pam_abl [OPTION] [CONFIG]
Perform maintenance on the databases used by the pam_abl (auto blacklist)
module. CONFIG is the name of the pam_abl config file (defaults to
/etc/security/pam_abl.conf). The config file is read to discover the names
of the pam_abl databases and the rules that control purging of old data
from them. The following options are available:

MAINTENANCE
  -h, --help              See this message.
  -d, --debugcommand      Print the block/clear commands split in arguments.
  -p, --purge             Purge databases based on rules in config.
  -r, --relative          Display times relative to now.
  -v, --verbose           Verbose output.

NON-PAM INTERACTION
  -f  --fail
      Fail user or host.
  -w  --whitelist
      Perform whitelisting (remove from blacklist, does not provide
immunity).
  -c  --check
      Check status.  Returns non-zero if currently blocked
      Prints 'name: status' if verboseness is specified.
  -u  --update
      Update the state of all users/hosts in the db.
      This will also cause the appropriate scripts to be called.
  -s  --service
      Operate in context of specified service.  Defaults to 'none'.
  -U  --user
      Operate on user (wildcards are ok for whitelisting).
  -H  --host
      Operate on host (wildcards are ok for whitelisting).
  -R  --reason
      Only used when -f is provided (defaults to "AUTH").
      Possible values are USER, HOST, BOTH, AUTH

So if you want to whitelist a host on the CLI (better use the GUI for
that!) you could use this:

#> pam_abl -wH 10.1.128.1


To manually block a host you could use this:

#> pam_abl -fH 10.1.128.1

To check the blocks you can (as before) use this:

#> pam_abl -v
Reading config from /etc/security/pam_abl.conf
No user_db in /etc/security/pam_abl.conf
Failed hosts:
        10.1.128.1 (1)
                none                            AUTH            Fri Oct
 2 22:22:33 2015

The easiest way to remove *all* blocks is to restart the service "pam_abl":

#> /sbin/service pam_abl restart

That will delete the pam_abl databases and will make it start fresh.


-- 
With best regards

Michael Stauber

More information about the Blueonyx mailing list