[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: SSHd



On 08/23/2006 03:35 PM, Matthew Miller wrote:
> I don't think so. Denyhosts works by manipulating /etc/hosts.deny, which is
> a security-sensitive config file which shouldn't be edited willy-nilly by
> scripts.
> 
> And, this won't even work in the configuration we use here (which while not
> the fedora default is widespread good practice) -- put "ALL:ALL" in
> /etc/hosts.deny and then explicitly enable the services and hosts you want
> to let in in /etc/hosts.allow.

You could use ALL:ALL in hosts.deny and put the following line into
hosts.allow

sshd:   ALL EXCEPT /etc/hosts.denyhosts

In /etc/denyhost change to the following lines

HOSTS_DENY = /etc/hosts.denyhosts
BLOCK_SERVICE =

This is perhaps a better default for denyhosts?

Lars
-- 
Lars E. Pettersson <lars homer se>
http://www.sm6rpz.se/


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]