Policy for denyhosts
Jeff Carlson
jeff at ultimateevil.org
Wed Nov 29 05:08:41 UTC 2006
Jason L Tibbitts III wrote:
> And you have selinux enabled, and it already gets the proper context
> on /etc/hosts.deny.sshd? Because this doesn't seem to be working for
> others.
Well, my SSH gateway is still running FC-4, targeted policy.
$ ls -Z hosts.deny{,.sshd}
-rw-r--r-- root root root:object_r:etc_t hosts.deny
-rw-r--r-- root root root:object_r:etc_t hosts.deny.sshd
I'm not sure if that was just blind luck or what, but it's working fine
for me.
> There are myriad configuration options in Denyhosts. We have to start
> somewhere, but I welcome you to test any policy that ends up being
> written and provide fixes for your particular setup.
I'm sure that whatever is done, all that I will have to do is copy the
context from hosts.deny to hosts.deny.sshd. I'd just hate to be
surprised if it stopped working without notice. I'll keep an eye on
this list as usual and if a change is made, I'll see if I can implement
it on my legacy system (or motivate my lazy self to upgrade).
More information about the fedora-selinux-list
mailing list