Package: libpam-abl Version: 0.4.3-1 Severity: normal While deliberately testing failed logins to test pam_abl
$ ssh falsch@somehost falsch@somehost's password: Permission denied, please try again. falsch@somehost's password: Permission denied, please try again. falsch@somehost's password: Permission denied (publickey,password). I find this in the auth.log: Aug 17 18:10:24 somehost sshd[11479]: Invalid user falsch from 10.11.12.13 Aug 17 18:10:24 somehost sshd[11479]: input_userauth_request: invalid user falsch [preauth] Aug 17 18:10:26 somehost pam_abl[11479]: Blocking access from bad.host.example.com to service sshd, user falsch Aug 17 18:10:26 somehost sshd[11479]: pam_unix(sshd:auth): check pass; user unknown Aug 17 18:10:26 somehost sshd[11479]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=bad.host.example.com Aug 17 18:10:28 somehost sshd[11479]: Failed password for invalid user falsch from 10.11.12.13 port 40706 ssh2 Aug 17 18:10:29 somehost pam_abl[11479]: Operation not permitted (1) while opening the database environment Aug 17 18:10:29 somehost sshd[11479]: pam_unix(sshd:auth): check pass; user unknown Aug 17 18:10:31 somehost sshd[11479]: Failed password for invalid user falsch from 10.11.12.13 port 40706 ssh2 Aug 17 18:10:32 somehost pam_abl[11479]: Operation not permitted (1) while opening the database environment Aug 17 18:10:32 somehost sshd[11479]: pam_unix(sshd:auth): check pass; user unknown Aug 17 18:10:35 somehost sshd[11479]: Failed password for invalid user falsch from 10.11.12.13 port 40706 ssh2 Aug 17 18:10:35 somehost sshd[11479]: Connection closed by 10.11.12.13 [preauth] Aug 17 18:10:35 somehost sshd[11479]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=bad.host.example.com The confusing "Operation not permitted (1) while opening the database environment" seems to happen only for the second and third attempt - is the database already opened/locked/... at that point? # /etc/security/pam_abl.conf # debug db_home=/var/lib/abl/ host_db=/var/lib/abl/hosts.db host_purge=2d host_rule=*:3/1h,30/1d #host_blk_cmd=iptables -I INPUT -s %h -j DROP user_db=/var/lib/abl/users.db user_purge=2d user_rule=!root:3/1h,30/1d #user_clr_cmd=echo This is a pointless command! user: %u host: %h service: %s >/dev/null Andreas PS: hosts and IPs have been changed :-) -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
