Project

General

Profile

Actions

Bug #4122

closed

webConfiguratorlockout table is missing expiration

Added by Jim Pingle about 10 years ago. Updated about 10 years ago.

Status:
Resolved
Priority:
Normal
Assignee:
-
Category:
Rules / NAT
Target version:
Start date:
12/17/2014
Due date:
% Done:

100%

Estimated time:
Plus Target Version:
Release Notes:
Affected Version:
2.2
Affected Architecture:
All

Description

The sshlockout_pf process adds IP addresses that fail too many GUI login attempts to the webConfiguratorlockout table, but that table has no expiration process to clean it up.

The sshlockout table has a cron job to expire its entries:

/usr/bin/nice -n20 /usr/local/sbin/expiretable -v -t 3600 sshlockout

A similar entry to clean up webConfiguratorlockout should be added to the default config.xml and added by upgrade code.

Actions #1

Updated by Renato Botelho about 10 years ago

  • Status changed from New to Feedback
  • % Done changed from 0 to 100
Actions #3

Updated by Phillip Davis about 10 years ago

Works - I locked myself out from 1 IP address (after about 15 dodgy password entries). After the following hour boundary (12:00) the IP was still in the webConfiguratorlockout (not yet 3600 seconds old). After the following hour (13:00) the entry was cleared from webConfiguratorlockout table.

Actions #4

Updated by Renato Botelho about 10 years ago

  • Status changed from Feedback to Resolved
Actions

Also available in: Atom PDF