Feature #11633: mon: automatically blacklist clients after failed auth attempts - Ceph - Ceph

Actions

Copy link

Feature #11633

open

mon: automatically blacklist clients after failed auth attempts

Added by Sage Weil almost 9 years ago.

Status:

New

Priority:

Normal

Assignee:

Category:

Target version:

% Done:

Source:

other

Tags:

Backport:

Reviewed:

Affected Versions:

Pull request ID:

Description

If we get some number of failed auth attempts from a client within a period, blacklist them for some period of time.

Probably disabled by default.

The blacklist should be persistently stored by the mons.

Entries should time out.

Config options:

mon blacklist failed auth = true/false
 mon blacklist failed auth min = 10             // 10 attempts
 mon blacklist failed auth window = 600         // in one hour
 mon blacklist failed auth duration =  24*60*60 // blacklist for a day

Then we need

ceph mon blacklist ls  - list blacklist records
 ceph mon blacklist rm &lt;ip&gt; - remove
 ceph mon blacklist add &lt;ip&gt;
 ceph mon blacklist clear - clear blacklist

No data to display

Actions

Copy link

Also available in: Atom PDF

Project

General

Profile

Ceph

Custom queries

Feature #11633

mon: automatically blacklist clients after failed auth attempts