Customizing sshlockout

Maxamoto

Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

marcelloc

@Maxamoto:

Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

To make it permanent, install cron package and remove/edit sshlockout clean script.

*/60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout

Of course, test any change on lab before production.

Maxamoto

Thanks for the assist, but I already tried that. Table is still erased after reboot. There is no option to customize the amount of failed logins it takes to initiate a sshlockout?

Maxamoto

Kudos to phil.davis for knowing how this works. Here's his howto:

/etc/inc/system.inc has the code that write /var/etc/syslog.conf
This does "exec /usr/local/sbin/sshlockout_pf 15"
sshlockout_pf.c takes the failed attempt limit as a parameter.
In the current system, you would have to manually edit /etc/inc/system.inc to change the parameter.