New package: denyhosts
Alex Lancaster
alexl at users.sourceforge.net
Wed May 18 09:44:54 UTC 2005
>>>>> "JT" == Jason L Tibbitts writes:
[...]
JT> BTW, I've found that after making this package that unfortunately
JT> DenyHosts doesn't really fit my requirements because it doesn't
JT> age out entries. So a user unlucky enough to mistype his
JT> passwords five times in total from the same IP gets blocked,
JT> regardless of the frequency of the mistakes. Crap.
Yes, that's a drawback I agree, but I think this is true only if the
user makes the erroneous password within the lifetime of current log
file: /var/log/secure, i.e. before it is rolled over, right?
In other words if the logs are rolled over once a month, this means
that the IP will be blocked only if there is five erroneous logins
within that month. It doesn't scan back through all the old logs
/var/log/secure.1 etc..., does it?
I agree, however, that it should be "density-dependent", i.e. it
should block IPs that make many logins over a short (on order of
minutes) of activity, that's the usual pattern of ssh attacks, and it
should be more trigger-happy when blocking usernames that don't exist.
JT> So I have to decide whether to improve my Python by hacking on
JT> DenyHosts, to take the easy road and rewrite it in Perl. Or, hey,
JT> I've been meaning to learn Ruby.
Please stick with Python, if you can... ;-) I'll be happy to look over
any Python patches. What about the upstream author, is he actively
maintaining it? I see some activity on the SourceForge mailing list.
Cheers,
Alex
More information about the fedora-extras-list
mailing list