Protecting against ssh brute-force attacks
Jason L Tibbitts III
tibbs at math.uh.edu
Wed Nov 2 20:20:00 UTC 2005
>>>>> "NB" == Neal Becker <ndbecker2 at gmail.com> writes:
NB> Unfortunately (IMO) the expiration is set to 1year by default.
I set it that high because I wanted to leave expiration enabled but
felt that it was better to let things live there too long rather than
violate someones security assumptions by expiring too soon. Heck, I
even explained that in the configuration file _and_ put this text into
README.fedora:
By default, DenyHosts is set up to purge old block entries, but only
after one year. If you wish to adjust this, edit /etc/denyhosts.conf
and look for "PURGE_DENY".
I sure wish the DenyHosts author would cook up a version that doesn't
require the admin to edit the config file for every new feature that's
added. Currently if you update and don't put the new settings in your
config file, the program won't start. (So an automatic update would
leave you without a running denyhosts daemon.) This prevents me from
pushing updated FC3 and FC4 packages.
- J<
More information about the fedora-extras-list
mailing list