[FreeNX-kNX] fail2ban and freenx
vk at os-academy.dk
Fri Mar 14 09:46:46 UTC 2008
Fabian Franz skrev:
>> I started to use fail2ban, an application that read log files and when
>> it finds an IP that is trying to login too many times and failing it
>> blocks it in the firewall for ten minutes. This is to prevent
>> dictionary attacks. I wanted to see if it finds my nx login failures
>> but unfortunately when nx client is login in it first login from its IP
>> using the key, and then using a password from 127.0.0.1. So the
>> failures are registering on 127.0.0.1 and not on the real IP.
>> Please tell me if there is some log file where login failures would be
>> registered with the real IP and the time of failure. Or if I can
>> modify something to get that.
> You can modify nxserver.
> Search for 404 and add a syslog command or whatever. The IP can be gotten from SSH_CLIENT.
> echo "NX> 404 [...]"
> syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".
> Or whatever.
> As I pointed out in IRC you can also use another public/private key pair, which you deploy to clients to reach your goal of preventing attackers.
> Best Regards,
> Were you helped on this list with your FreeNX problem?
> Then please write up the solution in the FreeNX Wiki/FAQ:
> Don't forget to check the NX Knowledge Base:
> FreeNX-kNX mailing list --- FreeNX-kNX at kde.org
If it's of any help...
I use Denyhosts (see http://denyhosts.sourceforge.net/)
Then in /etc/hosts.allow I put 127.0.0.1 to make sure that localhost
doesn't get shut out.
I think (??) this works as I indtend it to. Otherwise, please enlighten
Med venlig hilsen/best regards
More information about the FreeNX-kNX