Previous Topic: strong_authNext Topic: sesu


serevu

In the [serevu] section, the tokens determine the attributes of the serevu utility.

config_file

Specifies the location of the serevu configuration file.

Default: ACInstallDir/etc/serevu.cfg

def_diff_time

Specifies the time interval during which serevu scans the relevant system log for failed logins.

The value can be specified in seconds (that is, 300) or minutes (that is, 5m).

For example, if the token is set to 300, serevu searches for failed logins that occurred during the previous 300 seconds.

We recommend that this value be an even multiple of the value in the def_sleep_time token.

Default: 5m (5 minutes)

def_disable_time

Specifies the time that a user account is disabled because of too many failed login attempts.

The value can be specified in seconds (that is, 300) or minutes (that is, 5m). You can also use the FOREVER value to disable user logins forever.

Important: Use the FOREVER value to disable user logins permanently.

Default: 6m (6 minutes)

def_fail_count

Specifies the number of failed logins each user is entitled to, per period, in the token def_diff_time.

Users with at least this number of failed logins over the specified time period are disabled.

Note: We recommend that the number of failed logins always be the same as the value of allowed unsuccessful login attempts set on your system. For example, on Sun Solaris use the RETRIES token in the /etc/default/login file to set the system value.

Default values are five for Solaris and three for HP-UX and AIX. See your operating system documentation for more details.

Default: 5

def_sleep_time

Specifies the time between successive serevu checks.

The value can be specified in seconds (that is, 120) or minutes (that is, 2m).

Default: 2m (2 minutes)

save_disable_path

Specifies the location of the disabled user accounts list so serevu can handle disabled users when it goes down.

Default: ACInstallDir/log/serevu_disable.users

More information:

serevu Utility—Handle Unsuccessful Login Attempts