Re: tcp_wrappers deprecation

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Fri, 2017-08-18 at 13:15 -0500, Jason L Tibbitts III wrote:
> For the record, denyhosts currently relies upon the tcp_wrappers
> functionality in openssh to function.  While it's possible to make it
> manipulate the firewall as well, the whole situation is kind of a
> mess.
> (Does it talk to firewalld?  What if you're not running firewalld?)

Unfortunately this is not as straightforward as it could be.
Checking how Archlinux does it now, they probably go without denyhosts.
There is a also a tool sshguard [1], which does quite much the same as
fail2ban using configurable backend (firewalld, iptables, ...). 

The denyhosts got last update also 10 years ago [2] and we already have
quite much 2 alternatives that can do the same using firewalls, so it
might be also a time to go for denyhosts. Or not, but clearly document
that OpenSSH will not be using hosts.deny anymore.

> Sadly I know how terrible tcp_wrappers is and so I know it needs to
> go
> away.  It's just unfortunate that there's no replacement for it
> besides
> firewalling, and dealing with the firewall is unfortunately so
> complicated.
> 
> So that's three of my packages that use tcp_wrappers in some way
> (denyhosts, apcupsd and cyrus-imapd) though I suspect two of those
> just
> need the build dependencies dropped.

That would be great if you could review the dependencies if it is used
and drop the bogus dependencies.

[1] https://wiki.archlinux.org/index.php/sshguard
[2] https://sourceforge.net/projects/denyhosts/files/

Thanks,
-- 
Jakub Jelen
Software Engineer
Security Technologies
Red Hat, Inc.
_______________________________________________
users mailing list -- users@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to users-leave@xxxxxxxxxxxxxxxxxxxxxxx



[Index of Archives]     [Older Fedora Users]     [Fedora Announce]     [Fedora Package Announce]     [EPEL Announce]     [EPEL Devel]     [Fedora Magazine]     [Fedora Summer Coding]     [Fedora Laptop]     [Fedora Cloud]     [Fedora Advisory Board]     [Fedora Education]     [Fedora Security]     [Fedora Scitech]     [Fedora Robotics]     [Fedora Infrastructure]     [Fedora Websites]     [Anaconda Devel]     [Fedora Devel Java]     [Fedora Desktop]     [Fedora Fonts]     [Fedora Marketing]     [Fedora Management Tools]     [Fedora Mentors]     [Fedora Package Review]     [Fedora R Devel]     [Fedora PHP Devel]     [Kickstart]     [Fedora Music]     [Fedora Packaging]     [Fedora SELinux]     [Fedora Legal]     [Fedora Kernel]     [Fedora OCaml]     [Coolkey]     [Virtualization Tools]     [ET Management Tools]     [Yum Users]     [Yosemite News]     [Gnome Users]     [KDE Users]     [Fedora Art]     [Fedora Docs]     [Fedora Sparc]     [Libvirt Users]     [Fedora ARM]

  Powered by Linux