On Wed, Aug 23, 2006 at 01:27:48PM +0200, Arjan van de Ven wrote: > > account, would best be dealth with with a default configuration that > > blocks an IP for some time if enough unsuccessful attempts are made. > installing denyhosts by default sounds reasonable ;) I don't think so. Denyhosts works by manipulating /etc/hosts.deny, which is a security-sensitive config file which shouldn't be edited willy-nilly by scripts. And, this won't even work in the configuration we use here (which while not the fedora default is widespread good practice) -- put "ALL:ALL" in /etc/hosts.deny and then explicitly enable the services and hosts you want to let in in /etc/hosts.allow. It would be better to have a "denyhosts" iptables chain which the program could add to and remove from. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/> -- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
