Policy for denyhosts

Jeff Carlson jeff at ultimateevil.org
Wed Nov 29 05:08:41 UTC 2006


Jason L Tibbitts III wrote:
> And you have selinux enabled, and it already gets the proper context
> on /etc/hosts.deny.sshd?  Because this doesn't seem to be working for
> others.

Well, my SSH gateway is still running FC-4, targeted policy.

$ ls -Z hosts.deny{,.sshd}
-rw-r--r--  root   root   root:object_r:etc_t      hosts.deny
-rw-r--r--  root   root   root:object_r:etc_t      hosts.deny.sshd

I'm not sure if that was just blind luck or what, but it's working fine
for me.

> There are myriad configuration options in Denyhosts.  We have to start
> somewhere, but I welcome you to test any policy that ends up being
> written and provide fixes for your particular setup.

I'm sure that whatever is done, all that I will have to do is copy the
context from hosts.deny to hosts.deny.sshd.  I'd just hate to be
surprised if it stopped working without notice.  I'll keep an eye on
this list as usual and if a change is made, I'll see if I can implement
it on my legacy system (or motivate my lazy self to upgrade).




More information about the fedora-selinux-list mailing list