Manualshelf

Users Guide

ManualsBrandsDell ManualsActive System ManagerDRAC5 Version 1.30 with Dell OpenManage 5.3
81828384858687888990
Configuring and Using the DRAC 5 Command Line Console 81
As login failures accumulate from a specific IP address, they are "aged" by an
internal counter. When the user logs in successfully, the failure history is
cleared and the internal counter is reset.
NOTE: When login attempts are refused from the client IP address, some SSH
clients may display the following message: ssh exchange
identification: Connection closed by remote host.
See "DRAC 5 Property Database Group and Object Definitions" on page 293
for a complete list of cfgRacTune properties.
Table 3-8 lists the user-defined parameters.
Enabling IP Blocking
The following example prevents a client IP address from establishing a session
for five minutes if that client has failed its five login attempts in a one-minute
period of time.
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
Table 3-8. Login Retry Restriction Properties
Property Definition
cfgRacTuneIpBlkEnable Enables the IP blocking feature.
When consecutive failures
(cfgRacTuneIpBlkFailCount) from a single IP
address are encountered within a specific amount of
time (cfgRacTuneIpBlkFailWindow), all further
attempts to establish a session from that address are
rejected for a certain timespan
(cfgRacTuneIpBlkPenaltyTime).
cfgRacTuneIpBlkFailCount Sets the number of login failures from an IP address
before the login attempts are rejected.
cfgRacTuneIpBlkFailWindow The timeframe in seconds when the failure attempts
are counted. When the failures exceed this limit, they
are dropped from the counter.
crgRacTuneIpBlkPenaltyTime Defines the timespan in seconds when all login
attempts from an IP address with excessive failures are
rejected.