Re: looking for package to enhance security on login and dtlogin

From: Jan-Philip Velders (jpv@jpv.xs4all.nl)
Date: 06/08/02 

Date: Sat, 8 Jun 2002 10:51:43 +0200 (CEST)
From: Jan-Philip Velders <jpv@jpv.xs4all.nl>
To: "Lee, Elizabeth" <elizabeth.lee.contractor@fnmoc.navy.mil>

> Date: Thu, 6 Jun 2002 11:16:25 -0700
> From: "Lee, Elizabeth" <elizabeth.lee.contractor@fnmoc.navy.mil>
> To: "'focus-sun@securityfocus.com'" <focus-sun@securityfocus.com>
> Subject: looking for package to enhance security on login and dtlogin

> I am looking for a 3rd party package that will allow us to LOCK an
> account after 3 unsuccessful login/dtlogin attempts on Solaris 6 and
> Solaris 8. I know Solaris itself does not offer that capability,
> and it is a hard requirement of an emerging environment at this
> site. Fortunately we are willing to pay for a package so cheap does
> not have to be keyword.

As others have indicated, you can port the Linux PAM-module. Which
imho is *the* way to do it. Since Solaris 8 (and 9 even more !) have
all the other system auditing stuff done via /bin/login and PAM, it
would be a shame to replace those by another utility.

An even simpler option could be to have faulty logons logged, and have
a little script monitor the logs, and decide upon certain criteria
whether it should lock an account. Also consider if you'd like to have
the IP address of the machine the user tried to login _from_ blocked
through the TCP-wrappers... (which would prevent someone from just
blocking everybody's account, but it wouldn't stop a distributed
attack...)

> Thanks for any assistance.
> E.A. Lee

Kind Regards,
JP Velders