On Tue 2004-12-21 at 13:11:12 -0500, [EMAIL PROTECTED] wrote:
> Bryan Phinney <[EMAIL PROTECTED]> writes:
[...]
> Hi Bryan, pretty cool, the only thing I would suggest is using Damian
> Conways's Regexp::Common module in a Perl script to parse the IP
> address out.
[...]
> #remove extra entries from hosts.deny
> cat /etc/hosts.deny | sort | uniq > /etc/hosts.new
> cp /etc/hosts.new /etc/hosts.deny
[...]
Another thing I would change is to avoid changing host.deny
directly. You can make hosts.deny look into other files like this:
sshd: /etc/host.deny.foo
This will look into /etc/hosts.deny.foo for further IPs to block. This
way you lower the risk of accidently damaging your hosts.deny (and
while it's not important for machine you administer alone, it's also
prevents surprises if ever somebody wants to edit /etc/hosts.deny by
hand).
And yet another thing: replace the cp by mv. mv will replace the file
atomically while with cp other processes could see a half-copied file.
Bye,
Benjamin.
____________________________________________________
Want to buy your Pack or Services from MandrakeSoft?
Go to http://www.mandrakestore.com
Join the Club : http://www.mandrakeclub.com
____________________________________________________
