From Fedora Project Wiki

(remove reference to lockbox. Nothing is allowed that I can see.)
(redirect page to new infra-docs)
Line 2: Line 2:
{{shortcut|ISOP:DENYHOSTS}}
{{shortcut|ISOP:DENYHOSTS}}


Denyhosts provides a protection against brute force attacks.


== Contact Information ==
This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
Owner: Fedora Infrastructure Team


Contact: #fedora-admin, sysadmin-main group
For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.


Location: Anywhere
Servers: All
Purpose: Denyhosts provides a protection against brute force attacks.
== Description ==
All of our servers now implement denyhosts to protect against brute force attacks.  Very few boxes should be in the 'allowed' list.  Especially internally. 
== Troubleshooting and Resolution ==
=== Connection issues ===
The most common issue will be legitimate logins failing.  First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates).  Next do the following directions.  The below example is for a host (10.0.0.1) being banned.  Login to the box from a different host and as root do the following.
<pre>
cd /var/lib/denyhosts
sed -si '/10.0.0.1/d' * /etc/hosts.deny
/etc/init.d/denyhosts restart
</pre>
That should correct the problem.


[[Category:Infrastructure SOPs]]
[[Category:Infrastructure SOPs]]

Revision as of 03:35, 19 December 2011

Shortcut:
ISOP:DENYHOSTS


This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt

For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.

Retrieved from "https://fedoraproject.org/w/index.php?title=Denyhosts_Infrastructure_SOP&oldid=263739"