Hello,

in a situation when freeipa is exposed interface to the internet, there would be bolts trying to bruteforce admin account that made it locked. I come with modsecurity setting for the nss.conf:

SecRule ARGS:user "@contains admin" "id:1234,deny,status:403"'

Admin user is no longer avaliable from UI, Kerberos
login is not affected, cli and WebUI login for otherĀ users are not affected. Can it brake something?


-- 

With best regards,
Andrey Bondarenko
mail:me@andreybondarenko.com
https://andreybondarenko.com
skype:andrey.bondarenko
phone, Telegram, WhatsApp, etc:+420-773-591-443

7758 40AC 88CC 96C9 0C9A 9EE4 3B72 547B 7538 D41B