Ubuntu Hotspot Password Validation

TL;DR

Yes, you can configure your Ubuntu hotspot to log failed password attempts and potentially block repeat offenders using the hostapd configuration file and a bit of scripting. This guide shows you how.

Setting up Password Validation

1. Edit the hostapd Configuration File: The main configuration for your hotspot is in /etc/hostapd/hostapd.conf. Open it with root privileges using a text editor like nano:

   sudo nano /etc/hostapd/hostapd.conf

2. Enable Logging: Add or modify these lines in the hostapd.conf file to enable logging of authentication failures. Adjust the log level as needed (1-4, with 4 being most verbose):

   log_failed_authentication=1

   logger_syslog=-1

   logger_stdout=-1

3. Restart hostapd: After making changes, restart the hostapd service to apply them:

   sudo systemctl restart hostapd

4. Check System Logs: Monitor the system logs for failed authentication attempts. The location varies depending on your Ubuntu version and configuration, but common places include:
   • /var/log/syslog
   • /var/log/daemon.log

   You can use tail -f /var/log/syslog to view the logs in real-time.

5. Create a Script for Blocking (Optional): To automatically block users after multiple failed attempts, you’ll need a script. This is more advanced and requires some scripting knowledge. Here’s an example using bash:

   #!/bin/bash
   # Configuration
   LOG_FILE=/var/log/syslog
   MAX_ATTEMPTS=3
   BLOCK_DURATION=60 #seconds
   
   # Get failed attempts from the log
   failed_attempts=$(grep 'Failed authentication' "$LOG_FILE" | awk '{print $11}' | sort | uniq -c | sort -nr)
   
   # Loop through each MAC address and check if it exceeds the maximum allowed attempts
   while read -r count mac;
   do
     if [[ $count -gt $MAX_ATTEMPTS ]]; then
       echo "Blocking MAC address: $mac"
       sudo ip link set dev wlan0 down # Replace wlan0 with your hotspot interface
       sleep 1
       sudo ip link set dev wlan0 up
       # Add a firewall rule to block the MAC address (example using iptables)
       sudo iptables -A INPUT -m mac --mac-source $mac -j DROP
       echo "Firewall rule added for $mac"
       sleep $BLOCK_DURATION
       sudo iptables -D INPUT -m mac --mac-source $mac -j DROP # Remove the firewall rule after block duration
     fi
   done <<< "$failed_attempts"
   

   Important: Replace wlan0 with your actual hotspot interface name (use iwconfig to find it). This script is a basic example and may need adjustments based on your network setup. It uses iptables, which requires root privileges.

6. Schedule the Script: Use cron to run the script periodically (e.g., every minute):

   sudo crontab -e

   Add a line like this:

   * * * * * /path/to/your/script.sh

Important Considerations

• Interface Name: Make sure you use the correct network interface name for your hotspot (usually wlan0 or similar).
• Firewall Rules: Be careful when using firewall rules. Incorrectly configured rules can block legitimate traffic. Test thoroughly before deploying in a production environment.
• Security: This method is not foolproof and can be bypassed by sophisticated users. It's best used as an additional layer of security, along with a strong password and other security measures.
• Log Rotation: Ensure your system logs are rotated regularly to prevent them from filling up the disk.