Nicolas Mailhot wrote:
Le Mar 20 mars 2007 10:42, Thomas M Steenholdt a écrit :
Nicolas Mailhot wrote:
Disabling ssh is not a good solution, many people need it. However the
default fedora ssh setup is woefully insecure
At least ssh rate-limiting should be in the default firewall install.
Pam_abl would be even better (for other network services)
Blacklisting opens the potential for denial-of-service attacks. I'm not
too familiar with the pam_abl implementation,
You have per-source-host and per-target-user tuneables
Potential problems with user=root and/or IP spoofing?
but we should at least be
very cautious if we choose to include and enable such features by default.
Sure. But sitting on the problem won't solve it.
Agreed!
/Thomas
--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
https://www.redhat.com/mailman/listinfo/fedora-devel-list
