From Fedora Project Wiki

m (Add Category)
No edit summary
 
(8 intermediate revisions by 6 users not shown)
Line 1: Line 1:
= denyhosts - SOP =
{{header|infra}}


== Contact Information ==
{{admon/important|All SOPs have been moved to the Fedora Infrastructure [https://pagure.io/infra-docs/ SOP git repository]. Please consult the [https://fedora-infra-docs.readthedocs.io/en/latest/sysadmin-guide/sops/index.html online documentation] for the current version of this document.}}
Owner: Fedora Infrastructure Team
 
Contact: #fedora-admin, sysadmin-main group
 
Location: Anywhere
 
Servers: All
 
Purpose: Denyhosts provides a protection against brute force attacks.
 
== Description ==
 
All of our servers now implement denyhosts to protect against brute force attacks.  Very few boxes should be in the 'allowed' list.  Especially internally.  Right now lockbox and noc1 are the only two that are explicitly allowed.
 
== Troubleshooting and Resolution ==
 
=== Connection issues ===
The most common issue will be legitimate logins failing.  First, try to figure out why a host ended up on the deny list (tcptraceroute, failed login attempts, etc are all good candidates).  Next do the following directions.  The below example is for a host (10.0.0.1) being banned.  Login to the box from a different host and as root do the following.
 
<pre>
cd /var/lib/denyhosts
sed -si '/10.0.0.1/d' * /etc/hosts.deny
/etc/init.d/denyhosts restart
</pre>
 
That should correct the problem.


[[Category:Infrastructure SOPs]]
[[Category:Infrastructure SOPs]]

Latest revision as of 12:00, 16 February 2017

All SOPs have been moved to the Fedora Infrastructure SOP git repository. Please consult the online documentation for the current version of this document.