Differences between version 6 and previous revision of pam_tally(8).
Other diffs: Previous Major Revision, Previous Author, or view the Annotated Edit History
| Newer page: | version 6 | Last edited on Thursday, August 17, 2006 4:36:22 am | by TomGreen | Revert |
| Older page: | version 5 | Last edited on Thursday, August 17, 2006 4:33:52 am | by TomGreen | Revert |
@@ -7,13 +7,13 @@
Note that this only uses a local file (defaults to /var/adm/faillog) and has no facility to use LDAP or similar systems to combine results from several machines (or a cluster).
pam_tally provides a subset of the functionality of pam_abl (http://www.hexten.net/pam_abl/), but where pam_tally simply counts failing usernames, pam_abl allows for:
-- counting failing hosts as well as usernames (most ssh attackers won't keep retrying
the same username
)
+- counting failing hosts as well as usernames (my logs show
the same attacking hostnames trying lots of different usernames rather than the other way round
)
- configurable time-based failures (e.g. record a failure if the user or host fails 5 times in an hour or 10 in a day)
- configurable time-based auto-purging of failure database
On the other hand, pam_abl seems to have 2 issues at the moment:
1. some users (including me) report failures not being recorded in database (fixed in current CVS from sourceforge)
2. an issue with OpenSSH where failures don't seem to be recorded (more details here: http://sourceforge.net/tracker/?group_id=148927&atid=773100)
