Re: Help -- can't SSH into my box

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

John Aldrich wrote:

On Tuesday 06 January 2009, Stuart Sears wrote:

Not wishing :) to open a massive can of worms (even though this probably
will) but why do you hate it so much?
I installed fail2ban and SELinux immediately threw up massive errors. I coudl understand that much better if it were some 3rd-party app, but something out of the default Fedora repos should be able to run w/o generating complaints from a security system. Fail2ban, especially, should be allowed to run w/o issue, due to the very nature of it.
You have something strange in your setup if it throws lot of errors with fail2ban as I just recently installed it in F10 when I needed alternative to whitelisting just some ip-addresses. And it haven't given any errors. Actually in F10 i haven't had any selinux alerts yet. Of course I don't use it as desktop and there isn't currently users home directories (or part of them) shared trough httpd or samba. But it has just plain worked this far. I was suprised that even cyrus imapd worked out of the box without any problems and it's maybe less used that dovecot. Maybe you tried it with some early policy version which has been updated and now just works.
Anyway what I have worked with selinux on some customer installations it's not very hard to get it configured to work just the way you want if you just take littlebit time to understand it and how the rule system works. Of course I was first littlebit hesitant with it and usually disabled it, but that usually comes with the mindset of being system administrator (All change is for bad :).
Also if there is plain errors with it on basic configurations I think it would be worthwhile to file bugs on them so that they will get fixed.
Of course I didn't try to fix fail2ban to work with anything else than ssh as it's enough for me for now. So it could have problems with httpd or mailclient filtering enabled. 

Veli-Pekka


--
fedora-list mailing list
fedora-list@xxxxxxxxxx
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
Guidelines: http://fedoraproject.org/wiki/Communicate/MailingListGuidelines
[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [Fedora Magazine]     [Fedora News]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Maintainers]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Legacy]     [Fedora Desktop]     [Fedora Fonts]     [ATA RAID]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [SSH]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Centos]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Tux]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Asterisk PBX]     [Fedora Sparc]     [Fedora Universal Network Connector]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux