DragonFly BSD
DragonFly users List (threaded) for 2010-03
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Re: Security process

From: Walter <walter@xxxxxxx>
Date: Tue, 09 Mar 2010 12:25:15 -0500

Pierre Abbat wrote:
On Monday 08 March 2010 15:33:11 Walter wrote:
I got curious about BSD (DragonFly, specifically) security and
wondered why there wasn't a security process that processed all
security-relevant error messages which could then be used to
block IPs, disable user accounts, and kill processes.  At least
it'd be a step to automating *some* obvious security measures
rather than requiring root action.  Things like repeated login-
in failures from external (as in China) IPs.  Anyone?

How would you write a program to process error messages and decide which user accounts to disable?

I don't know what error messages are available for when an account tries to do things for which it has no privilege, causes a system/privileged program to crash... whatever. I was hoping there was some security trail for things that might open a door... I don't know.. too many errors, a temporary privilege being granted for too long might mean someone hacked a system utility... I don't know.

As to blocking repeated login failures, there are such things. I wrote one myself and have it running on my Linux box (the DragonFly box is a laptop and isn't publicly visible). It doesn't care whether the source of the logins is in China or my net-door neighbor (or even the laptop, which looks like the router's external IP the way it's forwarded).

China was just an example.

Can you direct me to where/how I can block IPs based
upon error messages (login failures, etc.)?

[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]