Actions
Feature #11633
openmon: automatically blacklist clients after failed auth attempts
Status:
New
Priority:
Normal
Assignee:
-
Category:
-
Target version:
-
% Done:
0%
Source:
other
Tags:
Backport:
Reviewed:
Affected Versions:
Pull request ID:
Description
If we get some number of failed auth attempts from a client within a period, blacklist them for some period of time.
Probably disabled by default.
The blacklist should be persistently stored by the mons.
Entries should time out.
Config options:
mon blacklist failed auth = true/false
mon blacklist failed auth min = 10 // 10 attempts
mon blacklist failed auth window = 600 // in one hour
mon blacklist failed auth duration = 24*60*60 // blacklist for a day
Then we need
ceph mon blacklist ls - list blacklist records
ceph mon blacklist rm <ip> - remove
ceph mon blacklist add <ip>
ceph mon blacklist clear - clear blacklist
No data to display
Actions