eDirectory and related helpers (pam_nam.so for example) need the facility to report authentication events (individually, whether successful or failed) to an external log file. That would allow sites to take action upon events of a certain kind exceeding limits. A common tool for that is fail2ban log file reader, amongst others. Actions can then be adjusted/counted to allow for normal human foibles, deal with mobile devices which madly repeat failed logins, carefully block intruders and DoS attacks as the site management finds necessary. Such logs should contain normal information including the IP address of the remote site and the choosen username.
Adding the log facility implies a new section within iManager to define the log file.

Comments

  • Not sure if this would handle all of your specific login instances but you can enable XDAS auditing in eDirectory (not sure what version it was first available in) to audit login events (as well as other things). Using XDAS you can send the log events through syslog and/or send them to a file. If you want to do something local on the eDir server you could just configure the XDAS auditing to write to a local file and have something processing them there. Or you could use the syslog configuration in XDAS to send the logs to a central server that could do the processing and perform whatever actions you would like from there.

    Of course there is also the option of getting Sentinel and sending the auditing data there and having Sentinel process and execute actions based on the events is receives as well but depending on what you are trying to accomplish this may be a little bit of overkill.

  • I would also like to see a simple facility for this. I have looked at XDAS but it seems to be overkill for this. Something that can note failed logins and intruder lockouts should be available in OES.