diff options
| author | Brian Feldman <green@FreeBSD.org> | 1999-12-06 06:32:22 +0000 |
|---|---|---|
| committer | Brian Feldman <green@FreeBSD.org> | 1999-12-06 06:32:22 +0000 |
| commit | 7db4f457f6a6ea6b626f279559bb1f64eb99340f (patch) | |
| tree | 59214fa124baf135ea161ba06a2e04db29138b42 /security/openssh/Makefile | |
| parent | c249079362a42d18dc9e0ffb834ebabf0cbd408e (diff) | |
| download | ports-7db4f457f6a6ea6b626f279559bb1f64eb99340f.tar.gz ports-7db4f457f6a6ea6b626f279559bb1f64eb99340f.zip | |
In the meantime (while things are being worked and decided on on the
OpenBSD OpenSSH front), add ConnectionsPerPeriod to prevent DoS via
running the system out of resources. In reality, this wouldn't
be a full DoS, but would make a system slower, but this is a better
thing to do than let the system get loaded down.
So here we are, rate-limiting. The default settings are now:
Five connections are allowed to authenticate (and not be rejected) in
a period of ten seconds.
One minute is given for login grace time.
More work in this area is being done by alfred@FreeBSD.org and
markus@OpenBSD.org, at the very least. This is, essentially, a
stopgap solution; however, it is a properly implemented and documented
one, and has an easily modifiable framework.
Notes
Notes:
svn path=/head/; revision=23622
Diffstat (limited to 'security/openssh/Makefile')
| -rw-r--r-- | security/openssh/Makefile | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/security/openssh/Makefile b/security/openssh/Makefile index 9459fcb1cf1e..a30fbd5d07f2 100644 --- a/security/openssh/Makefile +++ b/security/openssh/Makefile @@ -118,9 +118,9 @@ do-extract: @${CP} ${FILESDIR}/pam_ssh.c ${WRKSRC}/pam_ssh/ post-patch: - @${PERL} -pi.orig -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ + @${PERL} -pi -e 's:__PREFIX__:${PREFIX}:g' ${WRKSRC}/ssh.h \ ${WRKSRC}/sshd_config ${WRKSRC}/pam_ssh/pam_ssh.c - @${PERL} -pi.openssl -e \ + @${PERL} -pi -e \ 's:^(\s*#\s*include\s+<)ssl(/\w+\.h>\s*)$$:$$1openssl$$2:g' \ ${WRKSRC}/*.[ch] |