pam-abl for Debian =============================== By default the pam-abl PAM module is enabled for sshd service only. A user who mistyped a password 3 times will be blocked for 1 hour. A host with 30 failed attempts will be blocked for 1 hour. Default config file: /etc/security/pam_abl.conf See the pam_abl.conf(5) man page for the syntax and pam_abl(1) for information about the management tool. Starting from version 0.6.0-1, libapm-abl configured automatically with pam-auth-update. This may have a negative impact to other authentication services such as sudo, login, su and others. For example a bruteforce attack over ssh can blacklist and block a user and thus even su and sudo on localhost will not work for this user. To avoid such a situation, the default configuration for the debian package of pam-abl works only with "sshd" service. Note "sshd" in the user_rule=*/sshd:3/1h option in the configuration file. Please also note that pam_abl will list all users exceeding the number of allowed attepmts, even for the services not defined in the user_rule, but will block users only for services listed in the user_rule. Use pam_abl -v to see more information. One also can set up pam-abl manually, for this run pam-auth-update and unselect the pam-abl. After that add the following line for every PAM module you want to setup before all other authentication modules: auth required pam_abl.so config=/etc/security/pam_abl.conf See man 8 pam_abl for more details. The pam-abl's libdb databases (/var/lib/abl) are not removed automatically when the package is removed. In order to remove it compeltely use purge: apt-get purge libpam-abl. If pam_abl tool is not able to read the backend database ( usually after Berkeley DB update on the host ) just delete the database: rm -f /var/lib/abl/* Alternatively one can try to fix the database by migrating to the newest version. For example when migrating from libdb5.1 to libdb5.3: db5.3_upgrade -v -h /var/lib/abl hosts.db db5.3_upgrade -v -h /var/lib/abl users.db -- Alex Mestiashvili