The article fail to cover the standard pam module pam_tally. It locks for some time an account being attacked and is very simple to configure. In my debian server I put in /etc/pam.d/common-account: account required pam_tally.so in /etc/pam.d/common-auth: auth required pam_tally.so deny=5 unlock_time=300 That will lock an account being attacked for 300 seconds if password failed 5 times. It is effective for all services using pam authentication, like imap and authenticated smtp. Just warn users that they will have to expect 5 minutes if they fail to log in for 5 times. Also, with any brute force attack counter measures, in a multi user system one must be sure that passwors are strong (if some user chooses as the password its own username, chances are that the account will be cracked in a single try). One cannot rely on advising people to be responsible. Therefore, password cracking tools like john the ripper are very useful. That should be covered in the article too.
Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds