Webconfiguratorlockout cron job notification

sand7000

After updating to 2.2 I started receiving emails like this:

/usr/sbin/cron: (root) CMD (/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 webConfiguratorlockout)

I read here: that this is new behavior in 2.2 intended to stop brute force attacks.  I have two questions:

First how can I stop the emails notifying me that this cron job is running?  I looked at System:Advanced:Notifications but I don't see it there.

Second is expiring after 1 hour optimal?  It will definitely slow brute forcing down but I am wondering if clearing the table is necessary at all.  If someone tries to log in 15 times with the wrong password they probably have no business being the configurator at all so why give them another chance?

jimp

The fact that you get the e-mail at all is due to the arpwatch package which adds a sendmail work-alike script.

The brute force blocking was always there before, but the expiration job was missing. So if someone was locked out, they'd stay locked out indefinitely until manually cleared or a reboot.

You could install the cron package and adjust the job to have no output (perhaps add >/dev/null or 2>/dev/null at the end).

The one hour time isn't configurable.

rcfa

Someone else gave me this answer to a similar question:

https://forum.pfsense.org/index.php?topic=88347.msg488730#msg488730

Only issue seems to be, that the line has to be added anew after each OS upgrade, or so it seems, but otherwise it does the trick for me.

So the first few lines of my /etc/crontab file now look like this:

SHELL=/bin/sh
PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
HOME=/var/log
MAILTO=""
#minute hour    mday    month   wday    who      command
#

You can easily edit the file with the Diagnostics > Edit File page.