On 10/6/06, stuartv <[EMAIL PROTECTED]> wrote:
Hello list,
Hi! <snip>
However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. I haven't been able to find any ftp software that does that. The FTP server that ships with OpenBSD uses system accounts, and I haven't figured out how to do that there either.
I haven't thought about this too much, but initial testing looks promising. OpenBSD's ftpd run with the -l switch logs failed login attempts to /var/log/xferlog. If you wrote a small daemon that used kqueue(2) to monitor this log file you could parse the xferlog to look for repeated failed attempts at logging in and add that user to /etc/ftpusers and then remove him 30 minutes later. It of course would be better, than this hack, to modify ftpd to keep track of failed logins and internally manage the locking out of accounts themselves, but that might be beyond what you are willing to do. If you are interested mail me off-list and I might be able to help you hack something together. Good luck, Sam