[solved] Website lock-out information

Started by errored out, May 26, 2021, 07:45:02 PM

Previous topic - Next topic
Print
Go Down Pages1
User actions
May 26, 2021, 07:45:02 PM Last Edit: August 08, 2021, 01:52:56 AM by errored out
Does anyone know where the information for firewall access regarding locking-out time-frames and attempts is located (using local authentication)?

Looking for information how to change the attempts count before lock-out and the duration. 
May 26, 2021, 07:53:36 PM #1
View contents of lockout table via

# pfctl -t sshlockout -T show

The script taking care of accounting for lockouts is /usr/local/opnsense/scripts/syslog/lockout_handler but it doesn't support dumping runtime information on partial/future lockouts.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
May 27, 2021, 12:01:47 AM #2
How can the script be modified as to not be overwritten during an update/upgrade? 

Would it be possible to add these options into the system settings tab?

Thank you Franco
May 27, 2021, 08:29:42 AM #3
Hi,

I don't think these are mission critical tasks by any means, but that does not mean contribution are not welcome.

One would have to modify the script to dump this information into a text file and then read it from the widget or a status page. It's quite some work all things considered.

Suffice to say you can't overwrite a script permanently while simultaneously retaining it on updates.

Practically you could use an override to the syslog-ng configuration that invokes the script via template and use a different script but there are no guarantees that this override will not cause out of sync issues with future updates.


Cheers,
Franco
"AI has absolutely reduced the cost of creating technical debt." -- ChatGPT
Print
Go Up Pages1
User actions