> >> > >> Denyhosts is available from extras all nicely configured > to run as a > >> daemon... > >> > > > >Eventually hosts.deny is getting too big. If this is really fedora's > >answer, then I think we'll need a version of tcpwrappers > that has some kind > >of database, rather than a flat file. > > Denyhosts has a --purge option to keep host.deny from getting > too large. > At some point we should make sure we are not trying to kill a mouse with a sledge hammer (tried that once, just broke stuff and the mouse got away). The options in this thread are all very useful if you are running a service which will be accessed from a lot of random places. Many Fedora users are just trying to get in to their home machine from work or school or some limited number of places. In this case, setting the /etc/hosts.deny to "ALL: ALL" and listing the sites you want to allow in in the /etc/hosts.allow simplifies things greatly. /var/log/secure will list attempts to get in, but if the guy cannot get a login prompt, his chances of getting in are minimal. Bob Styma
