Banning IPs & MACs after too many unsuccessful login attempts 1977

On 3 Aug 2006, in the Usenet newsgroup comp.os.linux.misc, in article

This sounds like the usual problem of port 22 open to the world, and if that's the case, fix the firewall so that port 22 is reachable ONLY from those address ranges you have a reasonable expectation that there will be legitimate need to connect. Using a "reactive" firewall concept (such as PortSentry) is begging to be shot in the foot. You can find a lot better advice in the Security-Quickstart HOWTOs even though they are a bit dated.

278012 Jul 23 2002 Security-Quickstart-HOWTO 287057 Jul 23 2002 Security-Quickstart-Redhat-HOWTO

Wouldn't know - I've got better things to be doing than "Mother, May I". That's usually illusionary security anyway. It's a common feature in windoze firewalls, and most users click "OK" without reading the box just to get rid of the annoying pop-up.

compton ~$ whatis chroot chroot (1) - run command or interactive shell with special root directory compton ~$

I haven't used anything that needed a licence file in years, but not only does it have to be readable, it has to be in the chroot'ed environment, along with the libraries, commands, and so on. The concept of a chroot is that you wack off an artificial directory tree that has everything they need, and they can't access the "real" root of the tree, or indeed anything above the chroot'ed "-". This means needing real copies (not links) of pbuttwd and group files, shell startup files, a populated version of "-bin-" and "-usr-bin-"

If you're referring to a license file, you'd have to contact the application author to see what access is required - or simple get busy with the chmod command and see what is the minimum permissions that work.

A better solution might be to replace the software that requires a stupid license file with something that doesn't.

Old guy