"We may be able to get you the behavior you desire by setting DenyRoot false and adding root to the Deny Users list. What would you like to have happen when someone attempts to log in as root. What action would you like to trigger? "
We would like to:
- Continue blocking 'root' logins, and will do so by changing the following vshelld_config settings:
AccessControl {Login {AllowUsers{*}
DenyUsers{ root }
}
...
}
DenyRoot false
- Continue having failed user login attempts, now including 'root', to generate FailedAuthCommand triggered event, by this trigger:
#FailedAuthCommand
FailedAuthCommand /bin/su app_user -c "/usr/local/bin/vshell-trigger FailedLogin $U $D $T $S $I"
- Failed login attempts to automatically block IP addresses, by adding the following:
DenyHostAfterFailure true
DenyHostsFile /our/path/to/denyhosts.txt
DenyHostAfterFailureCount 3
Will those changes work for what we need?
Thanks again!
Chuck