Thanks to all who replied.....at present you have been:
Mike Connolly mjconnly@ckcorp.com
Sabrina Downard sabrina@wwa.com
Jochen Bern bern@uni-trier.de/bern@ti.uni-trier.de
Kevin Sheehan
Robert Rose
Amanul Haque ahaque@colltech.com
Robert Clift rclift@nswc.navy.mil
Consensus is that Solaris provides no method of disabling an account after a
number of failed login attempts.
We can script around this, looking in /var/adm/loginlog for information
about recent logins and report on this
or use this info to abort a login in progress but other than than and some
commercial third party product suggestions
we're looking at a product called swatch (investigating, thanks Sabrina) and
ASET (investigating, thanks Kevin).
I haven't managed to get hold of either of these yet and I'll post back if I
find a clever way out of this hole.
The question did raise some good points about denial of service attacks
whereby all users are locked out purely by
repeated login attempts by a malicious third party. At the end of the day, I
think a mail message to the SA or a pager message
is a neat way out of automating the locking of an account - I guess it
depends on how paranoid you/your employers are!
Thanks again to all.
Vince Merrell
This archive was generated by hypermail 2.1.2 : Fri Sep 28 2001 - 23:12:51 CDT