On Monday 08 March 2010 15:33:11 Walter wrote: > I got curious about BSD (DragonFly, specifically) security and > wondered why there wasn't a security process that processed all > security-relevant error messages which could then be used to > block IPs, disable user accounts, and kill processes. At least > it'd be a step to automating *some* obvious security measures > rather than requiring root action. Things like repeated login- > in failures from external (as in China) IPs. Anyone?
How would you write a program to process error messages and decide which user accounts to disable? As to blocking repeated login failures, there are such things. I wrote one myself and have it running on my Linux box (the DragonFly box is a laptop and isn't publicly visible). It doesn't care whether the source of the logins is in China or my net-door neighbor (or even the laptop, which looks like the router's external IP the way it's forwarded). Pierre -- Don't buy a French car in Holland. It may be a citroen.
