Hello, I have two questions about server configuration. Is there a way to make pure-ftpd wait for several seconds before telling the client that it failed to login (to simply prevent brute force attacks)? And to increase this time in sshd? Is there any reason to NOT use (open)ldap for web based applications login (trac, phpbb, etc) - and should I use something else instead of it to have a single database of all users and their logins? Thank you for any answers and suggestions.
I'm not sure how you can make Pureftpd wait for a few seconds, but to prevent brute-force attacks, you can use fail2ban: http://www.howtoforge.com/fail2ban_debian_etch
I too, am using pureftpd. I have some other daemons I would like to monitor. Does anyone have a How To for monitoring services that are not listed in the tutorial (MySQL, Pure-FTPD, etc..)?
You have to find out to which log files the services log failed authentication tries. Then adjust /etc/fail2ban/jail.local and restart fail2ban.
