Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Customizing sshlockout

    Firewalling
    2
    4
    3044
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • M
      Maxamoto last edited by

      Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

      1 Reply Last reply Reply Quote 0
      • marcelloc
        marcelloc last edited by

        @Maxamoto:

        Is there any way to customize the behavior of the sshlockout script? For example, change to block after three failed attempts instead of 15, making the table permanent between reboots, etc. Even the mighty Google didn't seem to be able to answer this one… Thanks in advance!

        To make it permanent, install cron package and remove/edit sshlockout clean script.

        */60    *      *      *      *      root    /usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout

        Of course, test any change on lab before production.

        1 Reply Last reply Reply Quote 0
        • M
          Maxamoto last edited by

          Thanks for the assist, but I already tried that. Table is still erased after reboot. There is no option to customize the amount of failed logins it takes to initiate a sshlockout?

          1 Reply Last reply Reply Quote 0
          • M
            Maxamoto last edited by

            Kudos to phil.davis for knowing how this works. Here's his howto:

            /etc/inc/system.inc has the code that write /var/etc/syslog.conf
            This does "exec /usr/local/sbin/sshlockout_pf 15"
            sshlockout_pf.c takes the failed attempt limit as a parameter.
            In the current system, you would have to manually edit /etc/inc/system.inc to change the parameter.

            1 Reply Last reply Reply Quote 0
            • First post
              Last post

            Products

            • Platform Overview
            • TNSR
            • pfSense
            • Appliances

            Services

            • Training
            • Professional Services

            Support

            • Subscription Plans
            • Contact Support
            • Product Lifecycle
            • Documentation

            News

            • Media Coverage
            • Press
            • Events

            Resources

            • Blog
            • FAQ
            • Find a Partner
            • Resource Library
            • Security Information

            Company

            • About Us
            • Careers
            • Partners
            • Contact Us
            • Legal
            Our Mission

            We provide leading-edge network security at a fair price - regardless of organizational size or network sophistication. We believe that an open-source security model offers disruptive pricing along with the agility required to quickly address emerging threats.

            Subscribe to our Newsletter

            Product information, software announcements, and special offers. See our newsletter archive to sign up for future newsletters and to read past announcements.

            © 2021 Rubicon Communications, LLC | Privacy Policy