A topic of concern in Linux
Joseph C. Lininger
jbahm at pcdesk.net
Wed Jan 21 12:29:00 EST 2004
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
What distro are you using? Some distros have the faillog program,
which will implement failed logins. You also need a version of the
shadow utilities that supports this function. If you have faillog,
chances are you have everything else too. Password expiration is
implemented using the passwd program. Be careful with this one
though, as if the password is expired, open ssh will not allow a user
to log in at all. At least that's what happens in Slackware.
- ---
Joseph C. Lininger
jbahm at pcdesk.net
- ----- Original Message -----
From: "Steve Holmes" <steve at holmesgrown.com>
To: <speakup at braille.uwo.ca>
Sent: Wednesday, January 21, 2004 5:46 AM
Subject: Re: A topic of concern in Linux
> This is a very excellent point! I've also been looking for ways to
> implement this along with expiration of passwords - in other words,
> force a user to change the password after so many days. How can
> one go about these things in linux? I've seen the expires value
> when
> building user accounts but I haven't seen anything that would locak
> out after so many invalid attempts. Is there anything out there
> readily available or does one need to build it?
>
> On Wed, Jan 21, 2004 at 03:02:54AM -0700, Joseph C. Lininger wrote:
> >
> > -----BEGIN PGP SIGNED MESSAGE-----
> > Hash: SHA1
> >
> > This doesn't really apply to the root user, but another thing you
> > can do which will help to increase security is to implement an
> > account lockout polacy. That is, logins are disabled on an
> > account after say, three invalid login attempts. The disadvantage
> > to this is that you have to manually unlock an account when this
> > happens, but this also means you know if someone is trying to
> > break in to an account. Like I said before, though, this
> > obviously doesn't work for root. You should definitely make sure
> > your remote login software (telnet, ssh, etc.) disconnects users
> > after to many invalid login attempts.
> > - ---
> > Joseph C. Lininger
> > jbahm at pcdesk.net
>
> --
> HolmesGrown Solutions
> The best solutions for the best price!
> http://ld.net/?holmesgrown
>
> _______________________________________________
> Speakup mailing list
> Speakup at braille.uwo.ca
> http://speech.braille.uwo.ca/mailman/listinfo/speakup
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0.3
iQA/AwUBQA622ienap9Jqj2wEQJazQCfTSr3nq62dZQocIE2FK5kqAsr70AAn3M3
fOemt1KfGpTEtLKbn0g1MNxM
=TbW5
-----END PGP SIGNATURE-----
More information about the Speakup
mailing list