SSHd
Nicolas Mailhot
nicolas.mailhot at laposte.net
Thu Aug 31 21:08:28 UTC 2006
Le mercredi 23 août 2006 à 09:35 -0400, Matthew Miller a écrit :
> On Wed, Aug 23, 2006 at 01:27:48PM +0200, Arjan van de Ven wrote:
> > > account, would best be dealth with with a default configuration that
> > > blocks an IP for some time if enough unsuccessful attempts are made.
> > installing denyhosts by default sounds reasonable ;)
>
> I don't think so. Denyhosts works by manipulating /etc/hosts.deny, which is
> a security-sensitive config file which shouldn't be edited willy-nilly by
> scripts.
While denyhosts is a terrific script, I've always found the approach
taken by pam_abl more powerful and correct from a design POW.
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: Ceci est une partie de message
=?ISO-8859-1?Q?num=E9riquement?= =?ISO-8859-1?Q?_sign=E9e?=
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20060831/bcc02763/attachment-0002.bin
More information about the devel
mailing list