-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Hello!
I just (err, over the last 4 or 5 days) created a (hopefully standards-compliant) package for the pam_abl PAM module. The pam_abl module provides a fully configurable way to automatically blacklist users and/or hosts with many login failures within specified intervals of time to be temporarily blacklisted, so that any subsequent authentication attempt fails (without disclosing the attacker beeing blacklisted). As the number of password guessing attacks on ssh servers on the net has strongly grown in the past time, i think this is a useful addition to security on hosts exposed to the net. The package I built is lintian and linda clean, closes the ITP bug #333081 filed by me and is available via deb-src http://mentors.debian.net/debian unstable main or http://mentors.debian.net/debian/pool/main/l/libpam-abl/ It is also listed at http://sponsors.debian.net/viewpkg.php?id=95 The original package is available from http://www.hexten.net/pam_abl/. It is licensed with either a BSD-style license or GPL, at users option. I already contacted the upstream author and got his approval to package the pam_abl module for debian. In an effort to make sure the package does what is intended and only what is intended, I already inspected the source code and found it to be clean, readable and unsuspicious. Of course, I also use the module on different machines, and have encountered no problems so far. I know the package is very security relevant, and as such, imposes some more work from a potential sponsor, but I hope that someone is willing to pick it up, as it might really be interesting for a relatively wide-spread audience. Thank you in advance Nico -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (MingW32) iD8DBQFDSn49Ym+MkvsfJ58RAq0fAJ9LCI0Z9biVk6w1/3VVzh9dGyKGzgCcCYp/ oDi8E582M+5OpZmVXMlJcXE= =2l2g -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
