pam_abl - Online in the Cloud

This is the command pam_abl that can be run in the OnWorks free hosting provider using one of our multiple free online workstations such as Ubuntu Online, Fedora Online, Windows online emulator or MAC OS online emulator

PROGRAM:

NAME


pam_abl - query or purge the databases used by the pam_abl module.

SYNOPSIS


pam_abl [OPTION] [CONFIG]

DESCRIPTION


Provides a non-pam interface to the infomration stored in the pam_abl module databases.
CONFIG is the name of the pam_abl config file (default: /etc/security/pam_abl.conf). The
config file is read to discover the names of the pam_abl databases, the rules that control
purging of old data from them and commands to run when a user or host switches state.

OPTIONS


MAINTENANCE
-h, --help
See this message.

-d, --debugcommand
Print the block/clear commands split in arguments.

-p, --purge
Purge databases according to purge rules in config.

-r, --relative
Display times relative to now.

-v, --verbose
Verbose output.

NON-PAM INTERACTION
-f, --fail
Fail user or host.

-w, --whitelist
Perform whitelisting (remove from blacklist, does not provide immunity).

-c, --check
Check status. Returns non-zero if currently blocked Prints name: status if verboseness
is specified. If more than one host or user is given, checks only the first host/user
pair.

-u, --update
Update the state of all users/hosts in the db. This will also cause the appropriate
scripts to be called.

-s, --service
Operate in context of specified service. Defaults to none.

-U, --user
Operate on user (wildcards are ok for whitelisting).

-H, --host
Operate on host (wildcards are ok for whitelisting).

-R, --reason
Only used when -f is provided (defaults to "AUTH"). Specifies why the authentication
failed. Possible values are USER, HOST, BOTH, AUTH

If you specified commands to run in your configuration, those commands will try to run if
the host or user switches state (blocked <→ clear) since the last time it was checked. The
command will only be able to run, however, if you supply enough information to fill in the
substitutions in the command. For instance, if your host_clr_command uses the %s
parameter, you will need to specify the service with -s in order for the command to
actually run.

EXAMPLES


Obtain a list of failed hosts and users:

$ pam_abl

Obtain a full list of failures listing times relative to now:

$ pam_abl -rv $ pam_abl --relative --verbose

Purge old data:

$ pam_abl -p $ pam_abl --purge

Unblock all example.com, somewhere.com hosts:

$ pam_abl -w -H *.example.com -H \*.somewhere.com

Fail the host badguy.com and the user joe because the authentication failed:

$ pam_abl -f -H badguy.com -U joe -R AUTH

Check whether joe is currently allowed to use your neato service from somehost, running
the necessary commands if he switches state:

$ pam_abl -c -U joe -H somehost -s neato

Because the user/host state is only updated when an attempt is made, you can manually
force pam-abl to update the states and call the correct scripts:

$ pam_abl -u

AUTHORS


Lode Mertens <pam-abl@danta.be>

Andy Armstrong <andy@hexten.net>

Chris Tasma <pam-abl@deksai.com>

REPORTING BUGS


Report bugs to <pam-abl@deksai.com> or using the bugtracker on sourceforge.

Use pam_abl online using onworks.net services



Latest Linux & Windows online programs