The serevu daemon locks the accounts of users who performed more than a specified number of login attempts. This prevents potential password attacks by rejecting further attempts to enter the account; it also prevents “dictionary attacks”.
Normally, the danger in using the user lockout utility is that it opens the system to denial of service denial attacks. One common type of denial of service attack is an attempt to break into the system administrator's account. After a few attempts, the system administrator account is revoked and the system administrator can no longer log in. If similar attacks are performed on all critical user accounts, the system may be rendered unusable, with no way of recovering. To prevent this, the serevu daemon provides the following two modes of operation:
serevu never revokes root, so the system is never locked out.
Note: For more information about the serevu daemon, see the Reference Guide.
Note: Take special care regarding the root user's password to prevent successful dictionary attacks on root.
Copyright © 2013 CA Technologies.
All rights reserved.
|
|