SSHd
Lars E. Pettersson
lars at homer.se
Sun Aug 27 20:10:55 UTC 2006
On 08/23/2006 03:35 PM, Matthew Miller wrote:
> I don't think so. Denyhosts works by manipulating /etc/hosts.deny, which is
> a security-sensitive config file which shouldn't be edited willy-nilly by
> scripts.
>
> And, this won't even work in the configuration we use here (which while not
> the fedora default is widespread good practice) -- put "ALL:ALL" in
> /etc/hosts.deny and then explicitly enable the services and hosts you want
> to let in in /etc/hosts.allow.
You could use ALL:ALL in hosts.deny and put the following line into
hosts.allow
sshd: ALL EXCEPT /etc/hosts.denyhosts
In /etc/denyhost change to the following lines
HOSTS_DENY = /etc/hosts.denyhosts
BLOCK_SERVICE =
This is perhaps a better default for denyhosts?
Lars
--
Lars E. Pettersson <lars at homer.se>
http://www.sm6rpz.se/
More information about the fedora-devel-list
mailing list