cyrus sasl Password lock after n failed attempts
Scott Lambert
lambert at lambertfam.org
Fri Oct 12 15:28:48 EDT 2012
On Fri, Oct 12, 2012 at 04:54:12PM +1030, Daniel O'Connor wrote:
>
> On 12/10/2012, at 15:21, Ram <ram at netcore.co.in> wrote:
> > Of late I have seen lots of attempts at getting in weak weak
> > passwords. Is there a way I can implement password lock out within
> > cyrus if there are more than n consecutive bad attempts
>
> I think a feature like this is likely to result in a denial of service
> to yourself :)
>
> I use sshguard which can parse many different program's outputs (not
> just SSH) for failed login attempts and then add a rule to a firewall
> to block the IP making the attempts.
>
> It has support for many different firewall types - I use PF but it
> does ipfw, ip tables, etc etc..
>
> It is probably available as a package for your OS/distro or you can
> get it from http://www.sshguard.net/
There is also fail2ban (python based) which is working well for me.
It just depends on which tool you like best.
--
Scott Lambert KC5MLE Unix SysAdmin
lambert at lambertfam.org
More information about the Info-cyrus
mailing list