DenyHosts

Marvin Kosmal mkosmal at gmail.com
Thu Mar 14 05:03:35 UTC 2013 

On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko <Ed.Greshko at greshko.com> wrote:
> On 03/14/13 12:33, Marvin Kosmal wrote:
>> On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal <mkosmal at gmail.com> wrote:
>>> Hi
>>>
>>> Is anyone running Denyhosts?
>>>
>>> I have it installed.. It says it is running but, nothing is happening..
>>>
>>> TIA
>>>
>>> Marvin
>>
>>
>>
>> This is from my log file
>>
>>
>> Mar 13 21:05:01 - denyhosts   : INFO     restricted: set([])
>> Mar 13 21:05:01 - denyhosts   : INFO     Processing log file
>> (/var/log/messages) from offset (0)
>> Mar 13 21:05:01 - denyhosts   : INFO     launching DenyHosts daemon
>> (version 2.6)...
>> Mar 13 21:05:01 - denyhosts   : INFO     DenyHosts daemon is now
>> running, pid: 31528
>> Mar 13 21:05:01 - denyhosts   : INFO     send daemon process a TERM
>> signal to terminate cleanly
>> Mar 13 21:05:01 - denyhosts   : INFO       eg.  kill -TERM 31528
>> Mar 13 21:05:01 - denyhosts   : INFO     monitoring log: /var/log/messages
>> Mar 13 21:05:01 - denyhosts   : INFO     sync_time: 3600
>> Mar 13 21:05:01 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
>> Mar 13 21:05:01 - denyhosts   : INFO     denyhosts synchronization disabled
>>
>> Does this really mean it starts and shuts down immediately.??
>>
>> Or don't I  understand the log?
>>
>
> I just installed it for testing purposes...no real intention to use it.  However, I don't see what you see.
>
> [egreshko at f18x ~]$ systemctl status denyhosts.service
> denyhosts.service - SSH log watcher
>           Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled)
>           Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago
>          Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS)
>          Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS)
>         Main PID: 7906 (denyhosts.py)
>           CGroup: name=systemd:/system/denyhosts.service
>                   └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
>
> [root at f18x ~]# ps -eaf | grep deny
> root      7906     1  0 Mar13 ?        00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
>
> So, it has been running since yesterday.
>
>




What do you have in /etc/log/auth.log

I have this kind of stuff in mine


Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from
88.191.154.90 port 51934 ssh2
Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from
88.191.154.90: 11: Bye Bye [preauth]
Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=88-191-154-90.rev.dedibox.fr  user=root
Mar 13 09:28:01 kosmal sshd[31234]: Failed password for root from
88.191.154.90 port 52443 ssh2
Mar 13 09:28:01 kosmal sshd[31234]: Received disconnect from
88.191.154.90: 11: Bye Bye [preauth]
Mar 13 09:53:10 kosmal sshd[31253]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:12 kosmal sshd[31253]: Failed password for root from
180.186.74.94 port 45353 ssh2
Mar 13 09:53:12 kosmal sshd[31253]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:14 kosmal sshd[31255]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:17 kosmal sshd[31255]: Failed password for root from
180.186.74.94 port 45738 ssh2
Mar 13 09:53:17 kosmal sshd[31255]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:19 kosmal sshd[31257]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:20 kosmal sshd[31257]: Failed password for root from
180.186.74.94 port 46139 ssh2
Mar 13 09:53:21 kosmal sshd[31257]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:23 kosmal sshd[31259]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:25 kosmal sshd[31259]: Failed password for root from
180.186.74.94 port 46453 ssh2
Mar 13 09:53:25 kosmal sshd[31259]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:28 kosmal sshd[31261]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:30 kosmal sshd[31261]: Failed password for root from
180.186.74.94 port 46852 ssh2
Mar 13 09:53:30 kosmal sshd[31261]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]
Mar 13 09:53:32 kosmal sshd[31263]: pam_unix(sshd:auth):
authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
rhost=180.186.74.94  user=root
Mar 13 09:53:34 kosmal sshd[31263]: Failed password for root from
180.186.74.94 port 47256 ssh2
Mar 13 09:53:35 kosmal sshd[31263]: Received disconnect from
180.186.74.94: 11: Bye Bye [preauth]


On the old box denyhost would kill that on the second try..  Not now..

Plus my config file is somewhere else..

What version are you running?



Thanks for the come back..

Marvin


> --
> From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org

More information about the users mailing list