On Tue, Jul 7, 2015, at 06:42, Mart van de Wege wrote: > I have set up pam_shield to allow my IP; when I test it by generating > 5 bad logins (threshold is 5 per 10m), I see pam_shield print > 'allowing from <my ip>/255.255.255.255' in the logs; and yet after 5 > login attempts it blocks my ip.
This is due to a bug in the code which matches IP addresses. I investigated the cause and will file a bug report. In the meantime, try using a hostname instead of an IP address. If the system you want to allow does not have a hostname, make one up and add it to /etc/hosts. If you add a line like this to /etc/security/shield.conf: allow machine.on.my.domain and a line like this to /etc/hosts (only necessary if the machine doesn't have a proper DNS hostname): 192.168.2.1 machine.on.my.domain then you will get the following feedback from libpam-shield in /var/log/auth.log when you make a bad attempt to connect from that machine: PAM-shield[]: allowing from machine.on.my.domain PAM-shield[]: whitelist match: host machine.on.my.domain Note the additional second line, which indicates that the bad attempt was ignored because the machine was whitelisted. -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/1436360802.1396275.318290161.68756...@webmail.messagingengine.com
