I would like to revisit the issue of denyhosts and selinux and address it properly. From what I gather from the earlier discussion, it would be best to write a proper policy for denyhosts. Unfortunately, I'm almost completely ignorant of what needs to happen here. Here's some essential info about denyhosts: Denyhosts is written in python. It runs as root either as a daemon or spawned from cron. It consists of an executable script (/usr/bin/denyhosts.py), some python modules in /usr/lib/python2.4/site-packages/DenyHosts, a config file (/etc/denyhosts.conf), and some databases under /var/lib/denyhosts. During its operation it reads /var/log/secure, maintains databases and such under /var/lib/denyhosts, and writes to /etc/hosts.deny. It may also make some xmlrpc calls out over the 'net if so configured (although by default this is not the case). One complication is that denyhosts can call out to user-supplied scripts which can do pretty much anything. I've no idea how to properly handle that kind of thing. Could someone perhaps help me to get started with a policy? - J< -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
