Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
Am 13.03.2013 10:33, schrieb Georgios Petasis:
Στις 13/3/2013 5:29 πμ, ο/η Marvin Kosmal έγραψε:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
what exactly do you want to happen?
Yes, I am running it, and it works
since we only allow Key-Auth and SSHD is no longer on the default port denyhosts is useless because the handful connections per month is not woth have a service running to monitor it
Yeah, I run it. It works.
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it. So, after every remote backup, I have to delete the remote machine from the file. It's not that big a deal, and it's easier to manually modify hosts.deny than it is to find where the problem is...
I have to say, though, that simply moving the ssh port away from 22 took care of 99.99% of the scripted attacks that I was getting. I've had one or two since then, but they followed an honest-to-god port scan. I'd disable password authentication if it were practical for my user's habits, but I tried it with a couple of road warriors and it just didn't fly.
Have you tried to invoke it by failing your login multiple times?
billo
On Tue, 12 Mar 2013, Marvin Kosmal wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Wed, Mar 13, 2013 at 6:13 AM, Bill Oliver vendor@billoblog.com wrote:
Yeah, I run it. It works.
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it. So, after every remote backup, I have to delete the remote machine from the file. It's not that big a deal, and it's easier to manually modify hosts.deny than it is to find where the problem is...
I have to say, though, that simply moving the ssh port away from 22 took care of 99.99% of the scripted attacks that I was getting. I've had one or two since then, but they followed an honest-to-god port scan. I'd disable password authentication if it were practical for my user's habits, but I tried it with a couple of road warriors and it just didn't fly.
Have you tried to invoke it by failing your login multiple times?
billo
On Tue, 12 Mar 2013, Marvin Kosmal wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
Hi
Thanks to everyone who replied..
I am running denyhosts on a machine that is remote and I do all my work over ssh. The owner of the remote machine just upgrade the machine I needed to reinstall everything.
When I say denyhosts is not working that means that people are trying to ssh into that machine as root hunderds of times. Or trying to log in with any name.
On the old machine. If you tried to log in as root one time, you were denied access. If you tried to log in with bin you get 10 tries and then were denied.
Now that is not happening.
As I was remote the first thing I always did was to put my ip address in hosts allow. In the event I fell asleep and used the wrong password several times in a row. I have several passwords I use at different places.
So I launch denyhosts from the command line and it gets a pid and is running. But, nothing happens. People try to ssh in and denyhosts never comes up and denies access...
I didn't make a copy of my old config file... So I can't fall back on that.
I don't want to change the ssh port. Not my machine. ...
TIA
Marvin
On Wed, 13 Mar 2013, Marvin Kosmal wrote:
Hi
Thanks to everyone who replied..
I am running denyhosts on a machine that is remote and I do all my work over ssh. The owner of the remote machine just upgrade the machine I needed to reinstall everything.
When I say denyhosts is not working that means that people are trying to ssh into that machine as root hunderds of times. Or trying to log in with any name.
On the old machine. If you tried to log in as root one time, you were denied access. If you tried to log in with bin you get 10 tries and then were denied.
Now that is not happening.
As I was remote the first thing I always did was to put my ip address in hosts allow. In the event I fell asleep and used the wrong password several times in a row. I have several passwords I use at different places.
So I launch denyhosts from the command line and it gets a pid and is running. But, nothing happens. People try to ssh in and denyhosts never comes up and denies access...
I didn't make a copy of my old config file... So I can't fall back on that.
I don't want to change the ssh port. Not my machine. ...
TIA
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
As others have noted, make sure that you are using the /var/lib/denyhosts/allowed-hosts and not /etc/hosts.allowed.
You say you are running it from the command line. I know this is obvious, but I have to ask. Are you running it as root? If you're not, it may not be able to get access to the log files it parses.
Here are the things that I had to check in the default /etc/denyhosts.conf to make it work for me:
1) Make sure that you have the right hosts.deny file chosen -- on some machines it's hosts.allow, hosts.evil, etc. For me, it's /etc/hosts.deny.
2) Make sure you have BLOCK_SERVICE set to what you want. I have it set to ALL.
3) Check DENY_HOSTS_INVALID (number of times a nonuser name can be tried) and DENY_HOSTS_VALID (number of times a real user name can be tried) and make sure they are reasonable numbers. There are other user categories, but those are the two that your test runs should hit on.
4) Make sure that WORK_DIR is correct. For me it is /var/lib/denyhosts.
5) Make sure you have logging turned on (SECURE_LOG). See point 8.
6) Since you say that you have it running in the foreground and is really running, this is probably not the issue, but it might not hurt to make sure that when it *isn't* running that there's no /var/lock/subsys/denyhosts file.
7) Make sure that denyhosts is looking at the right file for problems and that the failures are written in some standard way to the log file it looks at. Do you have ssh set up to log failures to a file other than /var/log/messages? Make sure that denyhosts knows where to look.
8) Finally, you can increase the log level of denyhosts, either by running it with --verbose or --debug options. That might tell you what is going wrong.
HTH
billo
Am 13.03.2013 14:13, schrieb Bill Oliver:
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it.
is it really so difficult to read manuals or type two words in google as ADMIN?
https://www.google.at/search?q=denyhosts+whitelist http://www.sgvulcan.com/whitelist-a-host-when-using-denyhosts/
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
billo
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 14:13, schrieb Bill Oliver:
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it.
is it really so difficult to read manuals or type two words in google as ADMIN?
https://www.google.at/search?q=denyhosts+whitelist http://www.sgvulcan.com/whitelist-a-host-when-using-denyhosts/
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
billo
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 14:13, schrieb Bill Oliver:
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it.
is it really so difficult to read manuals or type two words in google as ADMIN?
https://www.google.at/search?q=denyhosts+whitelist http://www.sgvulcan.com/whitelist-a-host-when-using-denyhosts/
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
billo
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 14:13, schrieb Bill Oliver:
The only problem I have with it is that I have a script to use rsync to backup some directories on a virtual machine to a local machine. Every time that happens, denyhosts adds the virtual machine to the hosts.deny list on the local machine. I don't get it.
is it really so difficult to read manuals or type two words in google as ADMIN?
https://www.google.at/search?q=denyhosts+whitelist http://www.sgvulcan.com/whitelist-a-host-when-using-denyhosts/
--
Reindl Harald the lounge interactive design GmbH A-1060 Vienna, Hofmühlgasse 17 CTO / CISO / Software-Development p: +43 (1) 595 3999 33, m: +43 (676) 40 221 40 icq: 154546673, http://www.thelounge.net/
since you do not understand "cat" and post i am done in this thread - if you have problems post your config, but now post it to whomever, my denyhosts whitelists as long it was useful for me worked in /var/lib/denyhosts/allowed-hosts
Am 13.03.2013 16:28, schrieb Bill Oliver:
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
On 13 Mar 2013, at 15:52, Reindl Harald h.reindl@thelounge.net wrote:
since you do not understand "cat" and post i am done in this thread - if you have problems post your config, but now post it to whomever, my denyhosts whitelists as long it was useful for me worked in /var/lib/denyhosts/allowed-hosts
Am 13.03.2013 16:28, schrieb Bill Oliver:
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
--
Oi, no top posting.
Junk.
I understand cat. I just can't read your mind. Your taunt that I did not know the file location implied that you were trying to show that I didn't know the file name of the config file. I do. So I provided that file name.
And I also know how to add ip addresses to a config file, so you don't have to be a condescending prick about that, either.
But, as to providing the contents of that file to you, forget it. I'll be damned if I'm going to provide ip addresses for a sensitive machine to a forum where there are clearly people more interested in putting down others than helping. It's exactly those kind of people who use that data for exploits. After all, that the best way to show how smart you are, eh?
And hand-editing the file to replace the ip addresses with xxx's and yyy's will simply engender more insults. I don't need that kind of help -- and, as you may remember, I didn't ask for it. You just decided to jump in with the insults just to be an ass. And you continue.
billo
On Wed, 13 Mar 2013, Reindl Harald wrote:
since you do not understand "cat" and post i am done in this thread - if you have problems post your config, but now post it to whomever, my denyhosts whitelists as long it was useful for me worked in /var/lib/denyhosts/allowed-hosts
Am 13.03.2013 16:28, schrieb Bill Oliver:
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
On Wed, Mar 13, 2013 at 9:07 AM, Bill Oliver vendor@billoblog.com wrote:
I understand cat. I just can't read your mind. Your taunt that I did not know the file location implied that you were trying to show that I didn't know the file name of the config file. I do. So I provided that file name.
And I also know how to add ip addresses to a config file, so you don't have to be a condescending prick about that, either.
But, as to providing the contents of that file to you, forget it. I'll be damned if I'm going to provide ip addresses for a sensitive machine to a forum where there are clearly people more interested in putting down others than helping. It's exactly those kind of people who use that data for exploits. After all, that the best way to show how smart you are, eh?
And hand-editing the file to replace the ip addresses with xxx's and yyy's will simply engender more insults. I don't need that kind of help -- and, as you may remember, I didn't ask for it. You just decided to jump in with the insults just to be an ass. And you continue.
billo
On Wed, 13 Mar 2013, Reindl Harald wrote:
since you do not understand "cat" and post i am done in this thread - if you have problems post your config, but now post it to whomever, my denyhosts whitelists as long it was useful for me worked in /var/lib/denyhosts/allowed-hosts
Am 13.03.2013 16:28, schrieb Bill Oliver:
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
HI
I am the original poster and I am the one who had the allow in the wrong place.. I have it in /etc/hosts.allow..
So I apologize for putting it in the wrong place and appreciate everyone who pointed out where it should be....
And I think my original problem still is there.
I would be happy to post my config file...
It is in /usr/share/denyhosts/denyhost.cfg
On the other version is was in /etc...
I used the README.txt to configure... And read stuff from the website.
TIA.
Marvin
Am 13.03.2013 17:07, schrieb Bill Oliver:
I understand cat. I just can't read your mind. Your taunt that I did not know the file location implied that you were trying to show that I didn't know the file name of the config file. I do. So I provided that file name.
"cat /path/to/your/whitelist-file and post it" was pretty clear
And I also know how to add ip addresses to a config file, so you don't have to be a condescending prick about that, either.
if it would be so it would work
But, as to providing the contents of that file to you, forget it. I'll be damned if I'm going to provide ip addresses for a sensitive machine to a forum where there are clearly people more interested
if you are too stupid to replace 192.168.1.1 with xx.xx.xx.1 i can not help you
On Wed, 13 Mar 2013, Reindl Harald wrote:
since you do not understand "cat" and post i am done in this thread - if you have problems post your config, but now post it to whomever, my denyhosts whitelists as long it was useful for me worked in /var/lib/denyhosts/allowed-hosts
Am 13.03.2013 16:28, schrieb Bill Oliver:
/var/lib/denyhosts/allowed-hosts
On Wed, 13 Mar 2013, Reindl Harald wrote:
Am 13.03.2013 16:05, schrieb Bill Oliver:
Dude, can you try to be a little more condescending? I didn't catch it the first five times. Yeah, I read the manuals. Yeah, I have the machine in my white list. It didn't change anything. Thanks for your gracious reply.
cat /path/to/your/whitelist-file and post it hint: it is NOT /etc/hosts.allow
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
TIA
Marvin
On 03/14/13 12:33, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
I just installed it for testing purposes...no real intention to use it. However, I don't see what you see.
[egreshko@f18x ~]$ systemctl status denyhosts.service denyhosts.service - SSH log watcher Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled) Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS) Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS) Main PID: 7906 (denyhosts.py) CGroup: name=systemd:/system/denyhosts.service └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
[root@f18x ~]# ps -eaf | grep deny root 7906 1 0 Mar13 ? 00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
So, it has been running since yesterday.
On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 12:33, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
I just installed it for testing purposes...no real intention to use it. However, I don't see what you see.
[egreshko@f18x ~]$ systemctl status denyhosts.service denyhosts.service - SSH log watcher Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled) Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS) Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS) Main PID: 7906 (denyhosts.py) CGroup: name=systemd:/system/denyhosts.service └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
[root@f18x ~]# ps -eaf | grep deny root 7906 1 0 Mar13 ? 00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
So, it has been running since yesterday.
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from 88.191.154.90 port 51934 ssh2 Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth] Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88-191-154-90.rev.dedibox.fr user=root Mar 13 09:28:01 kosmal sshd[31234]: Failed password for root from 88.191.154.90 port 52443 ssh2 Mar 13 09:28:01 kosmal sshd[31234]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth] Mar 13 09:53:10 kosmal sshd[31253]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:12 kosmal sshd[31253]: Failed password for root from 180.186.74.94 port 45353 ssh2 Mar 13 09:53:12 kosmal sshd[31253]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth] Mar 13 09:53:14 kosmal sshd[31255]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:17 kosmal sshd[31255]: Failed password for root from 180.186.74.94 port 45738 ssh2 Mar 13 09:53:17 kosmal sshd[31255]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth] Mar 13 09:53:19 kosmal sshd[31257]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:20 kosmal sshd[31257]: Failed password for root from 180.186.74.94 port 46139 ssh2 Mar 13 09:53:21 kosmal sshd[31257]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth] Mar 13 09:53:23 kosmal sshd[31259]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:25 kosmal sshd[31259]: Failed password for root from 180.186.74.94 port 46453 ssh2 Mar 13 09:53:25 kosmal sshd[31259]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth] Mar 13 09:53:28 kosmal sshd[31261]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:30 kosmal sshd[31261]: Failed password for root from 180.186.74.94 port 46852 ssh2 Mar 13 09:53:30 kosmal sshd[31261]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth] Mar 13 09:53:32 kosmal sshd[31263]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=180.186.74.94 user=root Mar 13 09:53:34 kosmal sshd[31263]: Failed password for root from 180.186.74.94 port 47256 ssh2 Mar 13 09:53:35 kosmal sshd[31263]: Received disconnect from 180.186.74.94: 11: Bye Bye [preauth]
On the old box denyhost would kill that on the second try.. Not now..
Plus my config file is somewhere else..
What version are you running?
Thanks for the come back..
Marvin
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer.... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/14/13 13:03, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 12:33, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
I just installed it for testing purposes...no real intention to use it. However, I don't see what you see.
[egreshko@f18x ~]$ systemctl status denyhosts.service denyhosts.service - SSH log watcher Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled) Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS) Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS) Main PID: 7906 (denyhosts.py) CGroup: name=systemd:/system/denyhosts.service └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
[root@f18x ~]# ps -eaf | grep deny root 7906 1 0 Mar13 ? 00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
So, it has been running since yesterday.
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from 88.191.154.90 port 51934 ssh2 Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth]
First, does this mean you've found out that all is now running fine on your system?
Second, I have no /etc/log/auth.log but do have /var/log/secure log and that is what is defined as the log to be scanned in /etc/denyhosts.conf.
# Redhat or Fedora Core: SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: #SECURE_LOG = /var/log/auth.log # # SuSE: #SECURE_LOG = /var/log/messages
Is your configuration correct?
On the old box denyhost would kill that on the second try.. Not now..
Plus my config file is somewhere else..
What version are you running?
denyhosts-2.6-27.fc18.noarch
And, after causing login failures.... The line
sshd: 192.168.0.194
is added to /etc/hosts.deny
On 03/14/13 13:33, Ed Greshko wrote:
And, after causing login failures.... The line
sshd: 192.168.0.194
is added to /etc/hosts.deny
In addition, after this line is added all attempts to ssh into that host from 192.168.0.194 were met with immediate:
[egreshko@f18kde ~]$ ssh f18x ssh_exchange_identification: Connection closed by remote host
On Wed, Mar 13, 2013 at 10:33 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 13:03, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 12:33, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
I just installed it for testing purposes...no real intention to use it. However, I don't see what you see.
[egreshko@f18x ~]$ systemctl status denyhosts.service denyhosts.service - SSH log watcher Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled) Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS) Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS) Main PID: 7906 (denyhosts.py) CGroup: name=systemd:/system/denyhosts.service └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
[root@f18x ~]# ps -eaf | grep deny root 7906 1 0 Mar13 ? 00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
So, it has been running since yesterday.
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from 88.191.154.90 port 51934 ssh2 Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth]
First, does this mean you've found out that all is now running fine on your system?
Second, I have no /etc/log/auth.log but do have /var/log/secure log and that is what is defined as the log to be scanned in /etc/denyhosts.conf.
# Redhat or Fedora Core: SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: #SECURE_LOG = /var/log/auth.log # # SuSE: #SECURE_LOG = /var/log/messages
Is your configuration correct?
Yes, I am running Ubuntu 12.04
I am running 2.6
On the old box denyhost would kill that on the second try.. Not now..
Plus my config file is somewhere else..
What version are you running?
denyhosts-2.6-27.fc18.noarch
And, after causing login failures.... The line
sshd: 192.168.0.194
is added to /etc/hosts.deny
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer.... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
On Wed, Mar 13, 2013 at 11:05 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
I am thinking this is a denyhosts problem..
I was viewing this as a Linux problem and was hoping to get hit with the clue stick..!! hehe
I used to run Fedora which is why I am still on this list..
Thanks
Marvin
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer.... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/14/13 14:11, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 11:05 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
I am thinking this is a denyhosts problem..
I was viewing this as a Linux problem and was hoping to get hit with the clue stick..!! hehe
I used to run Fedora which is why I am still on this list..
Well, working fine for me on Fedora. So, maybe it is something "strange" in Ubuntu. I'm not familiar with that distro's way of doing things.
On Wed, Mar 13, 2013 at 11:14 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:11, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 11:05 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
I am thinking this is a denyhosts problem..
I was viewing this as a Linux problem and was hoping to get hit with the clue stick..!! hehe
I used to run Fedora which is why I am still on this list..
Well, working fine for me on Fedora. So, maybe it is something "strange" in Ubuntu. I'm not familiar with that distro's way of doing things.
OK
Thanks
Marvin
-- From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer.... -- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/14/13 14:17, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 11:14 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:11, Marvin Kosmal wrote:
On Wed, Mar 13, 2013 at 11:05 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
I am thinking this is a denyhosts problem..
I was viewing this as a Linux problem and was hoping to get hit with the clue stick..!! hehe
I used to run Fedora which is why I am still on this list..
Well, working fine for me on Fedora. So, maybe it is something "strange" in Ubuntu. I'm not familiar with that distro's way of doing things.
OK
Thanks
FWIW, I just installed Ubuntu 12.04 LTS on a VM. I installed and tested denyhosts and it works just fine without any changes.
denyhosts.conf is in /etc and the log file it is scanning based on the config file is /var/log/auth.log
Am 14.03.2013 07:11, schrieb Marvin Kosmal:
On Wed, Mar 13, 2013 at 11:05 PM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 14:03, Marvin Kosmal wrote:
Yes, I am running Ubuntu 12.04
I am running 2.6
Ubuntu? Maybe their list will be more helpful?
I am thinking this is a denyhosts problem..
I was viewing this as a Linux problem and was hoping to get hit with the clue stick..!! hehe
what the hell
every distribution has other major versions of different packages, often differnt paths and so on
so the next time before you waste time of others state in the opening post that you are running a different distribution and somebody which may have ubuntu expierience maybe could even help you but if we all look into glassballs *grrr*
On 03/14/2013 03:16 AM, Reindl Harald wrote:
so the next time before you waste time of others state in the opening post that you are running a different distribution and somebody which may have ubuntu expierience maybe could even help you but if we all look into glassballs*grrr*
In this I agree with you 100%, except for one, very minor nitpick: the term you're looking for (in English) is crystal ball.
On Thu, Mar 14, 2013 at 10:23 AM, Joe Zeff joe@zeff.us wrote:
On 03/14/2013 03:16 AM, Reindl Harald wrote:
so the next time before you waste time of others state in the opening post that you are running a different distribution and somebody which may have ubuntu expierience maybe could even help you but if we all look into glassballs*grrr*
In this I agree with you 100%, except for one, very minor nitpick: the term you're looking for (in English) is crystal ball.
--
HI
I am sorry about that..
I saw the problem as a Linux issue and not a Ubuntu/Red Hat/Debian issue.
Looks like the answer is user configuration error..
My feeling is that as a Linux user I should be able to follow instructions and install applications correctly. As it turned out... I misconfigured something.. And needed someone to hit me with the Clue Stick. Which, again, I didn't see as a problem associated with a particular distribution.
I apologize to everyone that I upset. That wasn't my goal..
Thanks for all the great help...
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Marvin Kosmal wrote:
Looks like the answer is user configuration error..
Thanks for all the great help...
Marvin,
Assuming that my post solved your problem, you should still be asking yourself why logging is being done to '/etc/log/auth.log'? It would typically be '/var/log/auth.log'.
Note that this is probably a question best addressed by the Ubuntu users list.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer
On Thu, Mar 14, 2013 at 11:27 AM, Matthew J. Roth mroth@imminc.com wrote:
Marvin Kosmal wrote:
Looks like the answer is user configuration error..
Thanks for all the great help...
Marvin,
Assuming that my post solved your problem, you should still be asking yourself why logging is being done to '/etc/log/auth.log'? It would typically be '/var/log/auth.log'.
Note that this is probably a question best addressed by the Ubuntu users list.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer --
Hi
Did I type that..????
It is /var/log/auth.log
Once you make an error... Go back and check.. And probably don't see it.. That is always the way it works for me..
Need to be checked ALL the time.
Thanks..
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Are you sure you don't have a lock file that's not getting deleted? I'd check that next.
billo
On Wed, 13 Mar 2013, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
TIA
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On Thu, Mar 14, 2013 at 5:37 AM, Bill Oliver vendor@billoblog.com wrote:
Are you sure you don't have a lock file that's not getting deleted? I'd check that next.
billo
Thanks for the comeback..
Will check all points.. And report back..
As you can see for the partial log file below.. I believe it is getting the lock file. I also think the daemon is starting and then exiting for some reason.
TIA
Marvin
On Wed, 13 Mar 2013, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
TIA
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
Marvin Kosmal wrote:
This is from my log file ... Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages ...
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from 88.191.154.90 port 51934 ssh2 Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth] Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88-191-154-90.rev.dedibox.fr user=root
Marvin,
You have denyhosts configured to monitor '/var/log/messages' but failed login attempts are being logged to '/etc/log/auth.log'.
In '/etc/denyhosts.conf' (or whatever file is used to configure denyhosts on Ubuntu) set:
# Ubuntu SECURE_LOG = /etc/log/auth.log # Redhat or Fedora Core: #SECURE_LOG = /var/log/secure
and restart denyhosts.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer
On Thu, Mar 14, 2013 at 7:28 AM, Matthew J. Roth mroth@imminc.com wrote:
Marvin Kosmal wrote:
This is from my log file ... Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages ...
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from 88.191.154.90 port 51934 ssh2 Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from 88.191.154.90: 11: Bye Bye [preauth] Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=88-191-154-90.rev.dedibox.fr user=root
Marvin,
You have denyhosts configured to monitor '/var/log/messages' but failed login attempts are being logged to '/etc/log/auth.log'.
In '/etc/denyhosts.conf' (or whatever file is used to configure denyhosts on Ubuntu) set:
# Ubuntu SECURE_LOG = /etc/log/auth.log # Redhat or Fedora Core: #SECURE_LOG = /var/log/secure
and restart denyhosts.
Regards,
Matthew Roth InterMedia Marketing Solutions Software Engineer and Systems Developer
HI
Made the change..
Restarted denyhosts
Report back when I have results..
Thanks
Marvin
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
On 03/14/13 22:28, Matthew J. Roth wrote:
You have denyhosts configured to monitor '/var/log/messages' but failed login attempts are being logged to '/etc/log/auth.log'.
In '/etc/denyhosts.conf' (or whatever file is used to configure denyhosts on Ubuntu) set:
# Ubuntu SECURE_LOG = /etc/log/auth.log # Redhat or Fedora Core: #SECURE_LOG = /var/log/secure
Just a note of interest. It seems there is a bit of inconsistency between Ubuntu releases/versions. Today I installed 12.04 LTS + denyhosts. The default denyhosts.conf contains
# # Mac OS X (v10.3 or earlier): #SECURE_LOG=/private/var/log/system.log # # Debian: SECURE_LOG = /var/log/auth.log
On Thu, Mar 14, 2013 at 8:44 AM, Ed Greshko Ed.Greshko@greshko.com wrote:
On 03/14/13 22:28, Matthew J. Roth wrote:
You have denyhosts configured to monitor '/var/log/messages' but failed login attempts are being logged to '/etc/log/auth.log'.
In '/etc/denyhosts.conf' (or whatever file is used to configure denyhosts on Ubuntu) set:
# Ubuntu SECURE_LOG = /etc/log/auth.log # Redhat or Fedora Core: #SECURE_LOG = /var/log/secure
Just a note of interest. It seems there is a bit of inconsistency between Ubuntu releases/versions. Today I installed 12.04 LTS + denyhosts. The default denyhosts.conf contains
# # Mac OS X (v10.3 or earlier): #SECURE_LOG=/private/var/log/system.log # # Debian: SECURE_LOG = /var/log/auth.log
--
HI
I agree....
And I used the 2.6 tar ball and that is different then what is in the repositories
TIA
Marvin
From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
I noticed from your other emails that you are running Ubuntu. The little differences in file locations between distros can be a big hassle.
billo
On Thu, 14 Mar 2013, Marvin Kosmal wrote:
On Thu, Mar 14, 2013 at 5:37 AM, Bill Oliver vendor@billoblog.com wrote:
Are you sure you don't have a lock file that's not getting deleted? I'd check that next.
billo
Thanks for the comeback..
Will check all points.. And report back..
As you can see for the partial log file below.. I believe it is getting the lock file. I also think the daemon is starting and then exiting for some reason.
TIA
Marvin
On Wed, 13 Mar 2013, Marvin Kosmal wrote:
On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal mkosmal@gmail.com wrote:
Hi
Is anyone running Denyhosts?
I have it installed.. It says it is running but, nothing is happening..
TIA
Marvin
This is from my log file
Mar 13 21:05:01 - denyhosts : INFO restricted: set([]) Mar 13 21:05:01 - denyhosts : INFO Processing log file (/var/log/messages) from offset (0) Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now running, pid: 31528 Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528 Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600 Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
Does this really mean it starts and shuts down immediately.??
Or don't I understand the log?
TIA
Marvin
users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-- users mailing list users@lists.fedoraproject.org To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
-
Ed Greshko -
Georgios Petasis -
Joe Zeff -
Junk -
Marvin Kosmal -
Matthew J. Roth -
Reindl Harald -
William Oliver