View Single Post
  #5  
Old 06-21-2017, 04:37 PM
ChuckS@CAM-Ohio's Avatar
ChuckS@CAM-Ohio ChuckS@CAM-Ohio is offline
Registered User
 
Join Date: Jun 2017
Location: Ohio, USA
Posts: 6
Re: Configuring root login attempts for AuthFailed trigger

"We may be able to get you the behavior you desire by setting DenyRoot false and adding root to the Deny Users list. What would you like to have happen when someone attempts to log in as root. What action would you like to trigger? "

We would like to:
  1. Continue blocking 'root' logins, and will do so by changing the following vshelld_config settings:
    AccessControl {
    Login {
    AllowUsers{*}
    DenyUsers{ root }
    }
    ...
    }

    DenyRoot false
  2. Continue having failed user login attempts, now including 'root', to generate FailedAuthCommand triggered event, by this trigger:
    #FailedAuthCommand
    FailedAuthCommand /bin/su app_user -c "/usr/local/bin/vshell-trigger FailedLogin $U $D $T $S $I"
  3. Failed login attempts to automatically block IP addresses, by adding the following:
    DenyHostAfterFailure true
    DenyHostsFile /our/path/to/denyhosts.txt
    DenyHostAfterFailureCount 3
Will those changes work for what we need?

Thanks again!
Chuck

Last edited by ChuckS@CAM-Ohio; 06-21-2017 at 04:43 PM.
Reply With Quote