Denyhosts Infrastructure SOP

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
m (SOP Formatting)
m (Infrastructure/SOP/denyhosts moved to Denyhosts Infrastructure SOP: Natural language title)

Revision as of 03:19, 18 February 2009

Infrastructure InfrastructureTeamN1.png
Shortcut:
ISOP:DENYHOSTS

Denyhosts provides a protection against brute force attacks.

Contents

Contact Information

Owner: Fedora Infrastructure Team

Contact: #fedora-admin, sysadmin-main group

Location: Anywhere

Servers: All

Purpose: Denyhosts provides a protection against brute force attacks.

Description

All of our servers now implement denyhosts to protect against brute force attacks. Very few boxes should be in the 'allowed' list. Especially internally. Right now lockbox and noc1 are the only two that are explicitly allowed.

Troubleshooting and Resolution

Connection issues

The most common issue will be legitimate logins failing. First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates). Next do the following directions. The below example is for a host (10.0.0.1) being banned. Login to the box from a different host and as root do the following.

cd /var/lib/denyhosts
sed -si '/10.0.0.1/d' * /etc/hosts.deny
/etc/init.d/denyhosts restart

That should correct the problem.