[FreeNX-kNX] fail2ban and freenx

Verner Kjærsgaard vk at os-academy.dk
Fri Mar 14 09:46:46 UTC 2008 

Fabian Franz skrev:
>> Hi,
>>
>>
>>
>>   I started to use fail2ban, an application that read log files and when 
>> it finds an IP that is trying to login too many times and failing it 
>> blocks it in the firewall for ten minutes. This is to prevent 
>> dictionary attacks. I wanted to see if it finds my nx login failures 
>> but unfortunately when nx client is login in it first login from its IP 
>> using the key, and then using a password from 127.0.0.1. So the 
>> failures are registering on 127.0.0.1 and not on the real IP.
>>
>>   Please tell me if there is some log file where login failures would be 
>> registered with the real IP and the time of failure.  Or if I can 
>> modify something to get that.
> 
> You can modify nxserver.
> 
> Search for 404 and add a syslog command or whatever. The IP can be gotten from SSH_CLIENT.
> 
> So:
> 
> echo "NX> 404 [...]"
> syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".
> 
> Or whatever.
> 
> As I pointed out in IRC you can also use another public/private key pair, which you deploy to clients to reach your goal of preventing attackers. 
> 
> Best Regards,
> 
> Fabian
> ________________________________________________________________
>      Were you helped on this list with your FreeNX problem?
>     Then please write up the solution in the FreeNX Wiki/FAQ:
>   http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ
>          Don't forget to check the NX Knowledge Base:
>                  http://www.nomachine.com/kb/ 
> 
> ________________________________________________________________
>        FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
>       https://mail.kde.org/mailman/listinfo/freenx-knx
> ________________________________________________________________
> 

If it's of any help...

I use Denyhosts (see http://denyhosts.sourceforge.net/)
Then in /etc/hosts.allow I put 127.0.0.1 to make sure that localhost
doesn't get shut out.

I think (??) this works as I indtend it to. Otherwise, please enlighten
me :-)


-- 
--------------------------------------------
Med venlig hilsen/best regards
Verner Kjærsgaard

More information about the FreeNX-kNX mailing list