Hi Folks

I am looking for pointers on how to beef up security in D3 Linux. Is there
any way one can check for failed logon attempts & if detected lock out the
port in question. Password rollover would also be necessary. Any links &
could follow etc.

Many Thanks

Chris,

I don't think that D3 has the ability to lock ports after so many
failed attempts like we use in Windows.

I think your best bet is to set up the D3 users without passwords and
have the logon proc run your own security application asking for a
password (you can use the D3 user id as your application id). You can
then count failed attempts and lock out the user when you see fit.

Cliff

You can write phantom that will be check not logged ports, and reset
ports after timeout.

Regards,

logon-lock

turns on or off the logon lockout feature.

When the logon lockout is enabled, the logon system will lock up after
three failed logon attempts.

At this point, it is necessary to type "(space)(return)(return)" to
continue. This feature is useful for
synchronizing a port which is connected to a device which might
otherwise echo the logon
message.

With the logon lockout disabled, a 1/2 second delay occurs after 3
failed logon attempts for
security purposes, but logon may then proceed normally.

Syntax
logon-lock {({a}{f|n}{starting.port{-ending.port}}

Options

a Affect all lines.
f Turn logon lockout off.
n Turn logon lockout on. This option is assumed if the (f option is not
present.
starting.port{-ending.port} Affect a range of ports. If not specified,
then the "logon-lock"
command assumes the current port.



ChrisM wrote:

Hi
This works well. If you want to really annoy them as we are required to do
thanks to Sarbanes-Oxley then make them reset the password every 30 days.
We keep the passwords in a small file and check that the password has not
been used before as required by Exxon auditors. Of course the file is
scrambled.
Peter McMurray
"Cliff" <cponce (AT) easternmetal (DOT) com> wrote

Lockout which port? An IP address (from behind a NAT firewall?)

Would I be correct in assuming you are using nailed telnet sessions?
(Otherwise you could invoke the security facilities of Linux .... why
ARE you using nailed telnet?)

I'll
ChrisM wrote:

D3/Linux is a mvdatabase on Linux.

D3 is not the best environment for security issues like the ones you
want. But you are on Linux and you have plenty of Linux features on
this. I think that's the way to go. The login process is not a D3
process is a Linux process. Then you can use the .bash_profile to
redirect them where you want.


hope this help


joseba


ChrisM ha escrito: