DenyHosts
Marvin Kosmal
mkosmal at gmail.com
Thu Mar 14 05:03:35 UTC 2013
On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko <Ed.Greshko at greshko.com> wrote:
> On 03/14/13 12:33, Marvin Kosmal wrote:
>> On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal <mkosmal at gmail.com> wrote:
>>> Hi
>>>
>>> Is anyone running Denyhosts?
>>>
>>> I have it installed.. It says it is running but, nothing is happening..
>>>
>>> TIA
>>>
>>> Marvin
>>
>>
>>
>> This is from my log file
>>
>>
>> Mar 13 21:05:01 - denyhosts : INFO restricted: set([])
>> Mar 13 21:05:01 - denyhosts : INFO Processing log file
>> (/var/log/messages) from offset (0)
>> Mar 13 21:05:01 - denyhosts : INFO launching DenyHosts daemon
>> (version 2.6)...
>> Mar 13 21:05:01 - denyhosts : INFO DenyHosts daemon is now
>> running, pid: 31528
>> Mar 13 21:05:01 - denyhosts : INFO send daemon process a TERM
>> signal to terminate cleanly
>> Mar 13 21:05:01 - denyhosts : INFO eg. kill -TERM 31528
>> Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages
>> Mar 13 21:05:01 - denyhosts : INFO sync_time: 3600
>> Mar 13 21:05:01 - denyhosts : INFO purging of /etc/hosts.deny is disabled
>> Mar 13 21:05:01 - denyhosts : INFO denyhosts synchronization disabled
>>
>> Does this really mean it starts and shuts down immediately.??
>>
>> Or don't I understand the log?
>>
>
> I just installed it for testing purposes...no real intention to use it. However, I don't see what you see.
>
> [egreshko at f18x ~]$ systemctl status denyhosts.service
> denyhosts.service - SSH log watcher
> Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled)
> Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago
> Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS)
> Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS)
> Main PID: 7906 (denyhosts.py)
> CGroup: name=systemd:/system/denyhosts.service
> └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
>
> [root at f18x ~]# ps -eaf | grep deny
> root 7906 1 0 Mar13 ? 00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
>
> So, it has been running since yesterday.
>
>
What do you have in /etc/log/auth.log
I have this kind of stuff in mine
Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from
88.191.154.90 port 51934 ssh2
Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from
88.191.154.90: 11: Bye Bye [preauth]
Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=88-191-154-90.rev.dedibox.fr user=root
Mar 13 09:28:01 kosmal sshd[31234]: Failed password for root from
88.191.154.90 port 52443 ssh2
Mar 13 09:28:01 kosmal sshd[31234]: Received disconnect from
88.191.154.90: 11: Bye Bye [preauth]
Mar 13 09:53:10 kosmal sshd[31253]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:12 kosmal sshd[31253]: Failed password for root from
180.186.74.94 port 45353 ssh2
Mar 13 09:53:12 kosmal sshd[31253]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:14 kosmal sshd[31255]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:17 kosmal sshd[31255]: Failed password for root from
180.186.74.94 port 45738 ssh2
Mar 13 09:53:17 kosmal sshd[31255]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:19 kosmal sshd[31257]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:20 kosmal sshd[31257]: Failed password for root from
180.186.74.94 port 46139 ssh2
Mar 13 09:53:21 kosmal sshd[31257]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:23 kosmal sshd[31259]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:25 kosmal sshd[31259]: Failed password for root from
180.186.74.94 port 46453 ssh2
Mar 13 09:53:25 kosmal sshd[31259]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:28 kosmal sshd[31261]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:30 kosmal sshd[31261]: Failed password for root from
180.186.74.94 port 46852 ssh2
Mar 13 09:53:30 kosmal sshd[31261]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:32 kosmal sshd[31263]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94 user=root
Mar 13 09:53:34 kosmal sshd[31263]: Failed password for root from
180.186.74.94 port 47256 ssh2
Mar 13 09:53:35 kosmal sshd[31263]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
On the old box denyhost would kill that on the second try.. Not now..
Plus my config file is somewhere else..
What version are you running?
Thanks for the come back..
Marvin
> --
> From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org
More information about the users
mailing list