Denyhosts Infrastructure SOP

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(Imported from MoinMoin)
 
(redirect page to new infra-docs)
 
(8 intermediate revisions by 5 users not shown)
Line 1: Line 1:
= Database - SOP =
+
{{header|infra}}
 +
{{shortcut|ISOP:DENYHOSTS}}
  
== Contact Information ==
 
Owner: Fedora Infrastructure Team
 
  
Contact: #fedora-admin, sysadmin-main group
+
This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
  
Location: Anywhere
+
For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.
  
Servers: All
 
  
Purpose: Denyhosts provides a protection against brute force attacks.
+
[[Category:Infrastructure SOPs]]
 
+
== Description ==
+
 
+
All of our servers now implement denyhosts to protect against brute force attacks.  Very few boxes should be in the 'allowed' list.  Especially internally.  Right now lockbox and noc1 are the only two that are explicitly allowed.
+
 
+
== Troubleshooting and Resolution ==
+
 
+
=== Connection issues ===
+
The most common issue will be legitimate logins failing.  First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates).  Next do the following directions.  The below example is for a host (10.0.0.1) being banned.  Login to the box from a different host and as root do the following.
+
 
+
<pre>
+
cd /var/lib/denyhosts
+
sed -si '/10.0.0.1/d' * /etc/hosts.deny
+
/etc/init.d/denyhosts restart
+
</pre>
+
 
+
That should correct the problem.
+

Latest revision as of 03:35, 19 December 2011

Infrastructure InfrastructureTeamN1.png
Shortcut:
ISOP:DENYHOSTS


This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt

For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.