[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: New package: denyhosts



On Tue, 2005-05-17 at 13:32 -0500, Jason L Tibbitts III wrote:
> >>>>> "AK" == Aaron Kurtz <a kurtz hardsun net> writes:
> 
> AK> Dist Tag? http://fedoraproject.org/wiki/DistTag
> 
> I'm not sure what purpose it would serve.  The package is pretty much
> independent of the distro version.

I thought packages were required to have a higher version for later FC
 releases, and Dist Tag is the best way to do that if you have the same
 version for multiple releases.

> BTW, I've found that after making this package that unfortunately
> DenyHosts doesn't really fit my requirements because it doesn't age
> out entries.  So a user unlucky enough to mistype his passwords five
> times in total from the same IP gets blocked, regardless of the
> frequency of the mistakes.  Crap.  So I have to decide whether to
> improve my Python by hacking on DenyHosts, to take the easy road and
> rewrite it in Perl.  Or, hey, I've been meaning to learn Ruby.

There is whitelisting by ip. But not by domain name. Hmm. This is not as
fine-grained as I hoped. The default before blocking should probably be
turned up a bit. Oh, and the whitelisting creates allowed-warned-hosts,
which should be added to the spec.

Should this really be turned on in post? The way it is, this runs a high
risk of cutting off SSH users, and it's only turned on for the runlevel
running when it's installed. I'd rather see it turned on manually.

As for the various rpmlint errors, rpmlint -i gives more context about
them. 
>From the SRPM, W: denyhosts strange-permission denyhosts.init 0755
Just a warning, but if you really wanted it to be quiet, just change the
permission in the SRPM, since it gets installed with the proper bits set
anyways.
The other rpmlints errors are either not that important or dealt with in
the diff.

-- 
Aaron Kurtz <a kurtz hardsun net             GPG Key ID: ED588CF2

--- denyhosts.spec	2005-05-17 13:00:41.000000000 -0700
+++ denyhosts2.spec	2005-05-17 13:01:37.000000000 -0700
@@ -54,7 +54,6 @@
 
 %post
 /sbin/chkconfig --add denyhosts
-/sbin/chkconfig denyhosts on
 /sbin/service denyhosts condrestart >> /dev/null
 exit 0
 

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]