pam-abl for Debian =============================== By default pam-abl is setup to protect ssh service only. A user who mistyped a password 3 times will be blocked for 1 hour. A host with 30 failed attempts will be blocked for 1 hour. Default config file: /etc/security/pam_abl.conf See the pam_abl.conf(5) man page for the syntax and pam_abl(1) for information about the management tool. Starting from version 0.6.0-1, libapm-abl is setup and enabled automatically using pam-auth-update. This may have a negative impact to other authentication services such as sudo, login, su and others. For example a remote user using a bruteforce attack over ssh can block root user and thus even su and sudo on localhost will not work for the root. To avoid such a situation, the default configuration for the debian package of pam-abl works only with "sshd" service. Note "sshd" in user_rule=*/sshd:3/1h in the configuration file. Please also note that pam_abl will list all users exceeding the number of allowed attepmts, even for the services not defined in the user_rule, but will block users only for services listed in user_rule. Use pam_abl -v to see more information. One also can set up pam-abl manually, for this run pam-auth-update and unselect the pam-abl. After that, add to every PAM module you want to setup: auth required pam_abl.so config=/etc/security/pam_abl.conf line before all other authentication modules, see man 8 pam_abl for more information. The pam-abl's libdb databases (/var/lib/abl) are not removed automatically when the package is removed. In order to remove it compeltely use purge: apt-get purge libpam-abl. In some cases when the Berkeley DB database is updated on the host system the pam_abl tool can not read the backend database any more. The easiest solution tho this is to delete the database: rm -f /var/lib/abl/* however in this case you will lose all blocked users and hosts. If you need to keep this info, try to upgrade the database using db-util tools, For example when migrating from libdb5.1 to libdb5.3: db5.3_upgrade -v -h /var/lib/abl hosts.db db5.3_upgrade -v -h /var/lib/abl users.db Refer to the Berkeley DB docs for more information.