GitHub - deksai/pam_abl: pam_abl auto blacklisting PAM module

This repository has been archived by the owner on Oct 28, 2020. It is now read-only.

deksai / pam_abl Public archive

Notifications You must be signed in to change notification settings
Fork 3
Star 7

pam_abl auto blacklisting PAM module

Notifications

Name		Name	Last commit message	Last commit date
Latest commit History 98 Commits
cmake/Modules		cmake/Modules
conf		conf
doc		doc
CMakeLists.txt		CMakeLists.txt
Changelog.txt		Changelog.txt
README		README
bdb.c		bdb.c
bdb.h		bdb.h
config.c		config.c
config.h		config.h
dbfun.h		dbfun.h
kc.c		kc.c
kc.h		kc.h
log.c		log.c
log.h		log.h
pam_abl.c		pam_abl.c
pam_abl.h		pam_abl.h
pam_abl.spec		pam_abl.spec
pam_functions.c		pam_functions.c
pam_functions.h		pam_functions.h
rule.c		rule.c
rule.h		rule.h
test.c		test.c
test.h		test.h
test_abl.c		test_abl.c
test_config.c		test_config.c
test_db.c		test_db.c
test_pam_functions.c		test_pam_functions.c
test_rule.c		test_rule.c
test_types.c		test_types.c
tools.c		tools.c
typefun.c		typefun.c
typefun.h		typefun.h

Repository files navigation

THIS PROJECT NEEDS A MAINTAINER!

This is hardly a surpise to anyone, I am sure. This project has not had much
(any) activity for years. I have kept it around because I enjoyed working on
it, I use it at work and thought I might get back to it again eventually. I
have recently tried to do just that, and have found that there are too many
other more necessary things in life which make it impossible for me to give
this any time. That isn't fair to people who want to use and package the
software. Short of being sponsored by my employer, I need to officially cut it
loose.

I still feel that pam_abl could be quite a bit more capable and helpful. Some
of the improvements would be quite simple. For example, writing a new database
module to centralise the database (redis?) between boxes would have been nice.
If you would be keen to properly maintain the project, please let me know.

Welcome to pam-abl.

1) Introduction
2) Building
3) Supported databases

1) Introduction
pam_abl is a pam module designed to automatically block hosts which are attempting a brute force attack. Brute force attacks are an unsophisticated way to find authentication credentials. Basically, a computer is setup to try all kinds of user names and password combinations until one works. It may sound fairly far fetched, but it does actually work. Many system accounts have common user names. Passwords are also easily guessable in many situations.

The latest version is 0.9.0

This version add support for different database modules. Berkeley DB has been moved into
a module, and Kyoto Cabinet has been added as an option. Kyoto Cabinet has significantly
better performance.

2) Building
Please skim through CMakeLists.txt to get an idea of which variables can be set for library paths etc.

If you are not familiar with cmake, the basic steps are:
a. Create a build directory. It can be within the sources.
mkdir cmake_build
b. cd to that directory
cd cmake_build
c. call cmake with as argument the top level project directory. This will generate a makefile.
cmake ../
d. call make
make

The build process will make 3 targets:
a. The library "pam-abl.so"
b. The commandline tool "pam-abl"
c. A test executable "pam-abl_test". Really handy for testing it with different db versions

!!!!!!!!!!
!!! Building using different version of Berkeley db.
!!! See the build file "CMakeLists.txt" for more details.
!!!!!!!!!!

3) Supported databases
The latest version of Kyoto Cabinet (1.2.76)

Currently pam-abl is tested with the following versions of Berkeley db:
- db-5.3.15
- db-5.2.42
- db-5.1.25
- db-4.8.30
- db-4.7.25
- db-4.6.21
- db-4.5.20
- db-4.4.20

Versions <= 4.3 are currently no longer supported.