[FreeNX-kNX] fail2ban and freenx

jhonyl at netscape.net jhonyl at netscape.net
Sat Mar 15 23:08:33 UTC 2008 

Hi Fabian,

  Thanks for the answer, I wanted to write it in the wiki (as is 
suggested in the freenx mailing list signature), but I couldn't 
register. There is some problem with registeration there:

"Forbidden

You don't have permission to access /index-en.phtml on this server."



Anyway I added :

logger -t nxserver -i -p auth.info "(`whoami`) Failed login for 
user=$USER from IP=`echo $SSH_CLIENT| awk '{print $1}'`"

Where you have indicated, and it works fine.

Thanks again.





-----Original Message-----

From: Fabian Franz <FabianFranz at gmx.de>

To: User Support for FreeNX Server and kNX Client <freenx-knx at kde.org>

Sent: Fri, 14 Mar 2008 11:35 am

Subject: Re: [FreeNX-kNX] fail2ban and freenx





















> Hi,

>

>

>

>   I started to use fail2ban, an application that read log files and 
when

> it finds an IP that is trying to login too many times and failing it

> blocks it in the firewall for ten minutes. This is to prevent

> dictionary attacks. I wanted to see if it finds my nx login failures

> but unfortunately when nx client is login in it first login from its 
IP

> using the key, and then using a password from 127.0.0.1. So the

> failures are registering on 127.0.0.1 and not on the real IP.

>

>   Please tell me if there is some log file where login failures would 
be

> registered with the real IP and the time of failure.  Or if I can

> modify something to get that.



You can modify nxserver.



Search for 404 and add a syslog command or whatever. The IP can be 
gotten from

SSH_CLIENT.



So:



echo "NX> 404 [...]"

syslog [... params ...] "Failed login for USER $USER. IP=$SSH_CLIENT".



Or whatever.



As I pointed out in IRC you can also use another public/private key 
pair, which

you deploy to clients to reach your goal of preventing attackers.



Best Regards,



Fabian

________________________________________________________________

     Were you helped on this list with your FreeNX problem?

    Then please write up the solution in the FreeNX Wiki/FAQ:

  http://openfacts.berlios.de/index-en.phtml?title=FreeNX_FAQ

         Don't forget to check the NX Knowledge Base:

                 http://www.nomachine.com/kb/



________________________________________________________________

       FreeNX-kNX mailing list --- FreeNX-kNX at kde.org

      https://mail.kde.org/mailman/listinfo/freenx-knx

________________________________________________________________

More information about the FreeNX-kNX mailing list