From Fedora Project Wiki

(remove reference to lockbox. Nothing is allowed that I can see.)
No edit summary
 
(3 intermediate revisions by 3 users not shown)
Line 1: Line 1:
{{header|infra}}
{{header|infra}}
{{shortcut|ISOP:DENYHOSTS}}


Denyhosts provides a protection against brute force attacks.
{{admon/important|All SOPs have been moved to the Fedora Infrastructure [https://pagure.io/infra-docs/ SOP git repository]. Please consult the [https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/index.html online documentation] for the current version of this document.}}
 
== Contact Information ==
Owner: Fedora Infrastructure Team
 
Contact: #fedora-admin, sysadmin-main group
 
Location: Anywhere
 
Servers: All
 
Purpose: Denyhosts provides a protection against brute force attacks.
 
== Description ==
 
All of our servers now implement denyhosts to protect against brute force attacks.  Very few boxes should be in the 'allowed' list.  Especially internally. 
 
== Troubleshooting and Resolution ==
 
=== Connection issues ===
The most common issue will be legitimate logins failing.  First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates).  Next do the following directions.  The below example is for a host (10.0.0.1) being banned.  Login to the box from a different host and as root do the following.
 
<pre>
cd /var/lib/denyhosts
sed -si '/10.0.0.1/d' * /etc/hosts.deny
/etc/init.d/denyhosts restart
</pre>
 
That should correct the problem.


[[Category:Infrastructure SOPs]]
[[Category:Infrastructure SOPs]]

Latest revision as of 12:00, 16 February 2017


Important.png
All SOPs have been moved to the Fedora Infrastructure SOP git repository. Please consult the online documentation for the current version of this document.
Retrieved from "https://fedoraproject.org/w/index.php?title=Denyhosts_Infrastructure_SOP&oldid=486347"