[CentOS] Another Fedora decision
Always Learning
centos at u64.u22.net
Tue Feb 3 20:44:33 UTC 2015
On Tue, 2015-02-03 at 14:10 -0600, Les Mikesell wrote:
> On Tue, Feb 3, 2015 at 2:03 PM, Always Learning <centos at u64.u22.net> wrote:
> >
> > Nothing wrong with letting "an expert" preconfigure the system and then,
> > after installation, the SysAdmin checking to ensure all the settings
> > satisfy the SysAdmin's requirements.
> I'd just rather see them applying their expertise to actually making
> the code resist brute-force password attacks instead of stopping the
> install until I pick a password that I'll have to write down because
> they think it will take longer for the brute-force attack to succeed
> against their weak code.
Very sensible comment. I absolutely agree. Why do the Fedora Bunch think
poncing-around with password lengths and composition is more important
than extremely strong external security ?
There should be a basic defence that when the password is wrong 'n'
occasions the IP address is blocked automatically and permanently unless
it is specifically allowed in IP Tables. If specifically allowed in IP
Tables, there should be a predetermined wait time before another attempt
can be made.
Simple ! So why does Fedora prefer allowing the hackers unlimited
opportunities to brute-force passwords ?
--
Regards,
Paul.
England, EU. Je suis Charlie.
More information about the CentOS
mailing list