On Wed, Mar 31, 2010 at 09:02:09AM -0600, Christer Edwards wrote: > So I'm hearing that bruteforce mitigation via denyhosts won't add any > additional security, and I agree (after understanding better how > accounts are managed). Does this mean let's just not bother? I don't > think it'll hurt, and if anything it'll simply clean up the logs and > cut down on the noise a bit.
denyhosts itself doesn't seem to have a good security track record TBH. http://denyhosts.sourceforge.net/changelog.html Depending on the PAM config it might parse stuff incorrectly on 2.6 (not sure if fixed in newer versions) http://bugs.gentoo.org/show_bug.cgi?id=157163#c18 http://bugs.gentoo.org/show_bug.cgi?id=157163#c34 Though, last release is Nov 2008 and no since security advisory since. -- Regards, Olav _______________________________________________ gnome-infrastructure mailing list [email protected] http://mail.gnome.org/mailman/listinfo/gnome-infrastructure
