pam_abl(1)

1PAM_ABL(1)                       User Commands                      PAM_ABL(1)
2
3
4

NAME

6       pam_abl - query or purge the databases used by the pam_abl module.
7

SYNOPSIS

9       pam_abl [OPTION] [CONFIG]
10

DESCRIPTION

12       Provides a non-pam interface to the infomration stored in the pam_abl
13       module databases. CONFIG is the name of the pam_abl config file
14       (default: /etc/security/pam_abl.conf). The config file is read to
15       discover the names of the pam_abl databases, the rules that control
16       purging of old data from them and commands to run when a user or host
17       switches state.
18

OPTIONS

20   MAINTENANCE
21       -h, --help
22           See this message.
23
24       -d, --debugcommand
25           Print the block/clear commands split in arguments.
26
27       -p, --purge
28           Purge databases according to purge rules in config.
29
30       -r, --relative
31           Display times relative to now.
32
33       -v, --verbose
34           Verbose output.
35
36   NON-PAM INTERACTION
37       -f, --fail
38           Fail user or host.
39
40       -w, --whitelist
41           Perform whitelisting (remove from blacklist, does not provide
42           immunity).
43
44       -c, --check
45           Check status. Returns non-zero if currently blocked Prints name:
46           status if verboseness is specified. If more than one host or user
47           is given, checks only the first host/user pair.
48
49       -u, --update
50           Update the state of all users/hosts in the db. This will also cause
51           the appropriate scripts to be called.
52
53       -s, --service
54           Operate in context of specified service. Defaults to none.
55
56       -U, --user
57           Operate on user (wildcards are ok for whitelisting).
58
59       -H, --host
60           Operate on host (wildcards are ok for whitelisting).
61
62       -R, --reason
63           Only used when -f is provided (defaults to "AUTH"). Specifies why
64           the authentication failed. Possible values are USER, HOST, BOTH,
65           AUTH
66
67       If you specified commands to run in your configuration, those commands
68       will try to run if the host or user switches state (blocked <→ clear)
69       since the last time it was checked. The command will only be able to
70       run, however, if you supply enough information to fill in the
71       substitutions in the command. For instance, if your host_clr_command
72       uses the %s parameter, you will need to specify the service with -s in
73       order for the command to actually run.
74

EXAMPLES

76       Obtain a list of failed hosts and users:
77
78       $ pam_abl
79
80       Obtain a full list of failures listing times relative to now:
81
82       $ pam_abl -rv $ pam_abl --relative --verbose
83
84       Purge old data:
85
86       $ pam_abl -p $ pam_abl --purge
87
88       Unblock all example.com, somewhere.com hosts:
89
90       $ pam_abl -w -H *.example.com -H \*.somewhere.com
91
92       Fail the host badguy.com and the user joe because the authentication
93       failed:
94
95       $ pam_abl -f -H badguy.com -U joe -R AUTH
96
97       Check whether joe is currently allowed to use your neato service from
98       somehost, running the necessary commands if he switches state:
99
100       $ pam_abl -c -U joe -H somehost -s neato
101
102       Because the user/host state is only updated when an attempt is made,
103       you can manually force pam-abl to update the states and call the
104       correct scripts:
105
106       $ pam_abl -u
107

AUTHORS

109       Lode Mertens <pam-abl@danta.be>
110
111       Andy Armstrong <andy@hexten.net>
112
113       Chris Tasma <pam-abl@deksai.com>
114

REPORTING BUGS

116       Report bugs to <pam-abl@deksai.com> or using the bugtracker on
117       sourceforge.
118

AUTHOR

123       Chris Tasma
124           Author.
125
126
127
128GNU                               02/02/2019                        PAM_ABL(1)