Unix/Linux Go Back    


Solaris The Solaris Operating System, usually known simply as Solaris, is a Unix-based operating system introduced by Sun Microsystems. The Solaris OS is now owned by Oracle.

Dynamically ban ip after failed login

Solaris


Reply    
 
Thread Tools Search this Thread Display Modes
    #1  
Old Unix and Linux 4 Weeks Ago
Zorken Zorken is offline
Registered User
 
Join Date: Sep 2013
Last Activity: 21 December 2016, 11:43 AM EST
Posts: 16
Thanks: 9
Thanked 2 Times in 2 Posts
Dynamically ban ip after failed login

Hello,

I need some help with network/firewall settings in Solaris 11.3.

What I want to achieve is that if someone tries to log in to my server and fails I want that IP to be banned for some time.

So if a computer/user tries to login to my ssh-server on a specified port (normally 22) and have for example 3 failed attempts in 5 minutes, the IP should be blocked for a set time, lets say 10 minutes, and then be opened again if no further login attempts are made.

This seems to be fairly easy to do with iptables and two rows of code, and is something my 8+ year old 4-bay nas is able to do via GUI, but in Solaris I cannot find a clear answer to how to achieve this.

I would like to apply this to more services than just ssh, and for ssh I have tried to use the option MaxAuthTries which I haven't seen any effect of at all.

The closest I have seen in Solaris is to use IPfilter (IP Filter Configuration File Examples - Securing the Network in Oracle Solaris 11.1), but as far as I can see it is just used to statically open or close ports to certain preset addresses.

I found a article at Creating a fairly secure public SSH daemon | Rants about the Solaris OS which seems to do almost what I want, but it looks a little clumsy compared to iptables and it does not dynamically "release" an IP after the set time unless you run the script manually or via cron. And it seems to work with ssh due to the way ssh works and hence is not very flexible for other services on the server.

I cannot be the first one to wonder this and I would be really surprised if Solaris who claims to be a cloud os is not able to do this.
Sponsored Links
    #2  
Old Unix and Linux 4 Weeks Ago
ccj4467 ccj4467 is offline
Registered User
 
Join Date: Jan 2009
Last Activity: 19 January 2017, 2:32 PM EST
Posts: 30
Thanks: 1
Thanked 1 Time in 1 Post
I have been using a program called DenyHosts. It is a python script that is very configurable and will do exactly what you want.

http://denyhosts.sourceforge.net/
Sponsored Links
    #3  
Old Unix and Linux 4 Weeks Ago
Zorken Zorken is offline
Registered User
 
Join Date: Sep 2013
Last Activity: 21 December 2016, 11:43 AM EST
Posts: 16
Thanks: 9
Thanked 2 Times in 2 Posts
I will check out denyhosts.
But that this mean that this cannot be achieved with Solaris own firewall system?
Sponsored Links
Reply

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes

Linux More UNIX and Linux Forum Topics You Might Find Helpful
Thread Thread Starter Forum Replies Last Post
Console Login Failed.. sudhansu Solaris 2 08-06-2011 11:59 AM
Application failed when remote login r_sethu Windows & DOS: Issues & Discussions 0 01-20-2010 10:35 PM
FTP login failed. Stin Solaris 2 02-01-2009 05:54 AM
Last Failed Login gilberteu Solaris 2 08-06-2007 11:32 PM
failed login time limit zuessh AIX 2 05-24-2006 03:19 PM



All times are GMT -4. The time now is 02:22 AM.