Forum OpenACS Development: Re: Ideas about: SIEM / IDS (Security Information and Event Management / Intrusion Detection System) for OpenACS / ]po[?
not sure, if you are aware of the login-attempts interface in OpenACS 5.10:
auth::login_attempts::get_all (public) auth::login_attempts::record (private) auth::login_attempts::reset (public) auth::login_attempts::reset_all (public)This interface is based on a in-memory representation based on ns_cache, and is used primarily as a configurable measure against brute-force password attacks. One can specify a wrong password limit (when should blocking start) and a timeout (when should the blocking end). It offers as well a GUI for admins (e.g. in the organizations help desk) to reset the password attempts, when a user has really forgotten his password, or had caps-lock on, etc.
The approach is subsite aware (since subsites might use different authorities).