Denyhosts Infrastructure SOP

From FedoraProject

(Difference between revisions)
Jump to: navigation, search
(remove reference to lockbox. Nothing is allowed that I can see.)
(redirect page to new infra-docs)
 
Line 2: Line 2:
 
{{shortcut|ISOP:DENYHOSTS}}
 
{{shortcut|ISOP:DENYHOSTS}}
  
Denyhosts provides a protection against brute force attacks.
 
  
== Contact Information ==
+
This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt
Owner: Fedora Infrastructure Team
+
  
Contact: #fedora-admin, sysadmin-main group
+
For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.
  
Location: Anywhere
 
 
Servers: All
 
 
Purpose: Denyhosts provides a protection against brute force attacks.
 
 
== Description ==
 
 
All of our servers now implement denyhosts to protect against brute force attacks.  Very few boxes should be in the 'allowed' list.  Especially internally. 
 
 
== Troubleshooting and Resolution ==
 
 
=== Connection issues ===
 
The most common issue will be legitimate logins failing.  First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates).  Next do the following directions.  The below example is for a host (10.0.0.1) being banned.  Login to the box from a different host and as root do the following.
 
 
<pre>
 
cd /var/lib/denyhosts
 
sed -si '/10.0.0.1/d' * /etc/hosts.deny
 
/etc/init.d/denyhosts restart
 
</pre>
 
 
That should correct the problem.
 
  
 
[[Category:Infrastructure SOPs]]
 
[[Category:Infrastructure SOPs]]

Latest revision as of 03:35, 19 December 2011

Infrastructure InfrastructureTeamN1.png
Shortcut:
ISOP:DENYHOSTS


This SOP has moved to the fedora Infrastructure SOP git repo. Please see the current document at: http://infrastructure.fedoraproject.org/infra/docs/denyhosts.txt

For changes, questions or comments, please contact anyone in the Fedora Infrastructure team.