-
1
- #1
Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Does anyone know of a third party package that locks a user account af 1
- Thread starter chito
- Start date
I wasn't sure if you had a security concern or if it was something else. On a really quick thought, I don't know of such a product, but there are always options.<br>
<br>
You should be able too log failed logins to /var/adm/loginlog and have a cron job that watches for three login failures in a row by a user within a certain time limit. The cron job could then do something like change that users password or drop a new .profile in that would lock the user out, or change the users shell to /bin/false. One thing that this cron MUST do is send a notification to the administrator immediately.<br>
<br>
I haven't actually tried this, but at a first glance it should be possible to do. The man pages for login and usermod should give you some help. If this were going to be done on one of my systems, I would start by logging the failed logins and then setting up a cron that would send me an email whenever the error condition occours (3 failures in 2 minutes for example) and see what I get back.<br>
<br>
If we had a little more detail as to your exact concern/problem, we might have the answer for you.
<br>
You should be able too log failed logins to /var/adm/loginlog and have a cron job that watches for three login failures in a row by a user within a certain time limit. The cron job could then do something like change that users password or drop a new .profile in that would lock the user out, or change the users shell to /bin/false. One thing that this cron MUST do is send a notification to the administrator immediately.<br>
<br>
I haven't actually tried this, but at a first glance it should be possible to do. The man pages for login and usermod should give you some help. If this were going to be done on one of my systems, I would start by logging the failed logins and then setting up a cron that would send me an email whenever the error condition occours (3 failures in 2 minutes for example) and see what I get back.<br>
<br>
If we had a little more detail as to your exact concern/problem, we might have the answer for you.
Possible problem with what you are asking:<br>
<br>
If somebody is attempting to access your system for dubious reasons (ie, our cracker friends) then they'll probably try standard system accounts first: root, adm, uucp, etc. How'd you feel if you walked in one morning and suddenly couldn't access your system because root was locked out? Hmmm... You could say that root would be excluded from the lock out, but then you've still got this "vulnerabilty".<br>
<br>
Like uudavid said, you could set something up yourself with scripts, etc. But make sure you exclude root from the checks...<br>
<br>
Rather than look at locking users out, start by checking how secure your passwords are. Get hold of 'crack' or similar and point it at a copy of you passwd files. See how many people have chosen 'password' for a password... Then have a look at password ageing, etc. That way, you know how secure your door locks are, and may have a better idea of whether you need to add any additional bolts.<br>
<br>
Hope this helps.
<br>
If somebody is attempting to access your system for dubious reasons (ie, our cracker friends) then they'll probably try standard system accounts first: root, adm, uucp, etc. How'd you feel if you walked in one morning and suddenly couldn't access your system because root was locked out? Hmmm... You could say that root would be excluded from the lock out, but then you've still got this "vulnerabilty".<br>
<br>
Like uudavid said, you could set something up yourself with scripts, etc. But make sure you exclude root from the checks...<br>
<br>
Rather than look at locking users out, start by checking how secure your passwords are. Get hold of 'crack' or similar and point it at a copy of you passwd files. See how many people have chosen 'password' for a password... Then have a look at password ageing, etc. That way, you know how secure your door locks are, and may have a better idea of whether you need to add any additional bolts.<br>
<br>
Hope this helps.
Sun has long considered what you want to be a form of Denial of Service attack. They don't let you do that with their system as it comes out of the box.<br>
There are other tools that you can BUY to accomplish this. One I am familiar with is Guardian, from datalynx. Check out <A HREF=" TARGET="_new"> You can send me a box of money if you like it. ;-)
There are other tools that you can BUY to accomplish this. One I am familiar with is Guardian, from datalynx. Check out <A HREF=" TARGET="_new"> You can send me a box of money if you like it. ;-)
- Status
Similar threads
- Locked
- Question