Scientific Linux

  Reply to this topicStart new topicStart Poll

> Set time delay between login attempts?, to make brute force attacks harder?
 Posted: Aug 31 2011, 04:23 AM
Quote Post

SLF Member

Group: Members
Posts: 54
Member No.: 127
Joined: 6-May 11

So I've read that, in addition to using a long and secure password, it is also helpful to set a time delay (say, 5 seconds) between password login attemps (SSH or anything else that requires password login). Also, one might set it up so that after a certain number of failed attempts, login will be disabled for another set amount of time (e.g. 24 hours).
How can this be setup on a SL system? If the method varies greatly, a SSH login example would be great.
Finally, is this really an effective secuirty measure?
 Posted: Aug 31 2011, 10:42 AM
Quote Post

Retired SLF Administrator

Group: Admins
Posts: 1276
Member No.: 2
Joined: 8-April 11

QUOTE (avamk @ Aug 31 2011, 06:23 AM)
Finally, is this really an effective secuirty measure?

Can't tell you how to set this up. But, looking at from a statistical point of view, it will never be 100% adequate. IF they want to break your system, they will succeed. But than they would need your system at their place.

For external safety I believe it will always be helpful. But don't depend on it, expect it to be enough. In order to keep the crackers out, you need to think like one. Compare it to a car thief wanting to steal a car. If he has the choice for a "normal" one or one that has one of those buggy bars attached to the steeringwheel, he will almost certainly go for the "normal" car.

You might want to have a look at this topic on practical tips how to secure SSH.

"Sometimes the best helping hand you can give is a good, firm push."
 Posted: Aug 31 2011, 12:48 PM
Quote Post

SLF Administrator

Group: Admins
Posts: 837
Member No.: 4
Joined: 8-April 11

linux security is really wide theme and you can set it up service-wise (if possible - like with sshd) or OS-wise in the:
1. "/etc/pam.d/"
2. iptables
3. tcpwrappers
4. any special tool (fail2ban)
5. anything that i forgot now smile.gif

In your case, if it is ssh securing, check:
1. /etc/ssh/sshd_config
this part:
# Authentication:
LoginGraceTime 1m
PermitRootLogin no
#StrictModes yes
MaxAuthTries 3
AllowUsers xxx yyy

2. /etc/pam.d/system-auth
(manpage it)

3. iptables (this is not from my head, just googled it, but seams it could work, or work around this bases)
iptables -A INPUT -m tcp -p tcp -m recent --dport 22 --rcheck --seconds 30 --hitcount 2 --name sshlist --rsource -j LOG --log-prefix "SSH ATTACK: "
iptables -A INPUT -m tcp -p tcp -m recent --dport 22 --rcheck --seconds 30 --hitcount 2 --name sshlist --rsource -j DROP
iptables -A INPUT -m state --state NEW -m tcp -p tcp -m recent --dport 22 --set --name sshlist --rsource -j ACCEPT
That will block any ip that tries to connect more than twice in 30 seconds.

other good googled example:
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -m tcp -p tcp -s --dport 22 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -m state --state NEW -m limit --limit 3/min --limit-burst 3 -j ACCEPT
iptables -A INPUT -m tcp -p tcp --dport 22 -j DROP

The second line allows the hosts on the network block to connect an unlimited number of times. Do this for hosts that you would normally connect from. Then, in an emergency, you can get in from another machine, as long as someone else isn't hitting the machine more than 3 times per second.
The 3rd line allows a burst of up to 3 SSH connection attempts from a given remote IP address, and once that's exceeded it will limit that IP to 3 attempts per minute. The burst recharges every time that the limit is not hit. This set of rules only gets invoked on the initial SSH connection establishment attempt, so it doesn't impact SSH connections after they are made.

4. /etc/hosts.allow and hosts.deny

if any particular q, ask further, it's really quite wide area to cover in forum post smile.gif

PMEmail Poster
0 User(s) are reading this topic (0 Guests and 0 Anonymous Users)
0 Members:

Topic Options Reply to this topicStart new topicStart Poll