How to uninstall this?

[geoidesic]

Sentry version

1.05 (CentOS 8)

Expected behavior

I'd like to remove it since it doesn't seem to work.

Observed behavior

I am now locked out of my server and can't remove the lock

Steps to reproduce

Just ran the installation instructions as per the README

[msimerson]

Well, that's a new one. "it doesn't seem to work...I am now locked out."

As referenced in the README, sentry works in conjunction with tcpwrappers. When you installed sentry, it would have prompted you to add a section to /etc/hosts.allow. To disable sentry, you need to remove that entry in /etc/hosts.allow.

Then, to uninstall it, rm -rf /var/db/sentry

[geoidesic]

Ok. It also however says that "any IP address that has logged in successfully three times will be automatically whitelisted". I took that to mean that it would only start blocking a given IP address after it fails to login successfully and after 3 successful attempts it would be white-listed... but apparently not. I guess it only applies to logins that were successful before the installation of Sentry.

[msimerson]

The precise logic is spelled out in the connect section of the README. Upon a new install, you can --whitelist (as you tried), or just connect three times in a row.

I always (because I've used a dozen bruteforce blockers over the years) keep an open SSH terminal open while testing in another, until I'm sure I've got a whitelisted IP. But even that doesn't always work if you've enabled firewall blocking, because that can nuke the existing connection.