Re: Limit the number of erroneous logins of root from the same IP



On 2011-11-14, Luis Gon?alves <luisgo@xxxxxxxxxx> wrote:
Dear All

There any way to limit the number erroneous logins of root from the
same IP? After the limit that IP can not try to login anymore.

Of course that could allow a denial of service attack--someone tries to
log in from an IP you want to use, and deny your login.
I assume that you are concerned about login attempts from people trying
to break in

Anyway, you could use /etc/hosts.allow
eg
sshd:111.222.333.444 222.333.444.111 ....:deny
to deny any ssh login from those IP addresses (Note you MUST make sure
that there are fewer than 128 addresses on any one line. The tcpwrapper suite has a bug
which causes it to loop forever if there are more. Venema refuses to fix
the bug. )

Eg run a script every 5 min via cron with
grep 'Failed password for root' /var/log/messages>$OUTPUT
for i in `awk '{print $11}' $OUTPUT|sort -u`
do
N=`grep "$i " $OUTPUT|wc -l`
if [ "$N" -gt 5 ]; then
if ! grep "$i " /etc/hosts.allow>/dev/null; then
/bin/ed /etc/hosts.allow 2>/dev/null <<EOF
/^sshd.*deny *$/s/:deny/ $i :deny/
wq
EOF
echo "Too many failed ssh root attempts from $i"
fi
fi
done

awk 'BEGIN{f=0}
$0~/sshd.*deny$/{match($0,/^sshd.*deny$/);s=RLENGTH;f=f+1 } s>1024 &&
f==1 {print "sshd: :deny";s=0} {print $0}' /etc/hosts.allow >/etc/hosts.allow$$
mv -f /etc/hosts.allow$$ /etc/hosts.allow
chmod a+r /etc/hosts.allow




The tries could be consecutive or during a day. After that no more
logins.

Thanks

Luis Gon?alves
.



Relevant Pages

  • SUMARY: Cant login as root
    ... As a result, i was not able to log in as root, neither create a new ... Asunto: RE: Can't login as root ... > console. ... > If we log as any other user everythig is ok, but we cannot either do su-. ...
    (Tru64-UNIX-Managers)
  • RE: Urgent help needed with Login problems after installation of FC1
    ... symptom trying to su back to root. ... After another minimal install, I was able to add my user and su to it and su ... I was unable to boot using the boot floppy. ... I did a minimal install and was able to login as root, ...
    (Fedora)
  • Re: BSM, SSH, and Session ID
    ... Are you logging in as root through ssh or is that just the way it is ... Sun SSH/OpenSSH should fork off before the login because the sshd ... It should always be a different session, ...
    (Focus-SUN)
  • Re: Urgent help needed with Login problems after installation of FC1
    ... login would do anything but loop back to the Login: ... >From Gnome desktop, I was able to logout user, login root, over and ... Am able to boot from floppy. ... >After another minimal install, I was able to add my user and su to ...
    (Fedora)
  • Re: i can not log as a root
    ... >> how i can log as a user but not as a root. ... > Problem seems to be with the X session not your login but we'll try a few ... > select the OS/kernel that you boot to, ... > Looks like something is wrong with your Xsessions script or one of the ...
    (linux.redhat)