Hello list, The company I work for is required to get PCI (Payment Card something-or-other) certified in order to keep doing some of the things that we are doing with credit card payments. When I started working here it was an all MS shop, including the FTP server. In order to help secure things (at all), I talked the boss into letting me setup an OpenBSD server as the FTP server instead of windows2003. Since then, I have also setup firewalls, mail server, IDS etc. all based upon OpenBSD (and loving every minute of it). However, now that we need this cert, one of the few things still standing in the way is the requirement that we set up the FTP server to lockout (for 30min.) any account that fails to login 3 times in a row. I haven't been able to find any ftp software that does that. The FTP server that ships with OpenBSD uses system accounts, and I haven't figured out how to do that there either.
If I don't get this figured out soon, The boss will loose patience and I will be right back to MS hell trying to secure a win2003 ftp server just because it will lockout an account that fails login 3 times in a row. (and then probably figure out how to setup a win2003 firewall, IDS, exchange server, etc etc etc... you get the pic) If anyone has any suggestions, please let me know. thanks. Stuart van Zee [EMAIL PROTECTED]
