DenyHosts

Ed Greshko Ed.Greshko at greshko.com
Thu Mar 14 05:33:55 UTC 2013


On 03/14/13 13:03, Marvin Kosmal wrote:
> On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko <Ed.Greshko at greshko.com> wrote:
>> On 03/14/13 12:33, Marvin Kosmal wrote:
>>> On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal <mkosmal at gmail.com> wrote:
>>>> Hi
>>>>
>>>> Is anyone running Denyhosts?
>>>>
>>>> I have it installed.. It says it is running but, nothing is happening..
>>>>
>>>> TIA
>>>>
>>>> Marvin
>>>
>>>
>>> This is from my log file
>>>
>>>
>>> Mar 13 21:05:01 - denyhosts   : INFO     restricted: set([])
>>> Mar 13 21:05:01 - denyhosts   : INFO     Processing log file
>>> (/var/log/messages) from offset (0)
>>> Mar 13 21:05:01 - denyhosts   : INFO     launching DenyHosts daemon
>>> (version 2.6)...
>>> Mar 13 21:05:01 - denyhosts   : INFO     DenyHosts daemon is now
>>> running, pid: 31528
>>> Mar 13 21:05:01 - denyhosts   : INFO     send daemon process a TERM
>>> signal to terminate cleanly
>>> Mar 13 21:05:01 - denyhosts   : INFO       eg.  kill -TERM 31528
>>> Mar 13 21:05:01 - denyhosts   : INFO     monitoring log: /var/log/messages
>>> Mar 13 21:05:01 - denyhosts   : INFO     sync_time: 3600
>>> Mar 13 21:05:01 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
>>> Mar 13 21:05:01 - denyhosts   : INFO     denyhosts synchronization disabled
>>>
>>> Does this really mean it starts and shuts down immediately.??
>>>
>>> Or don't I  understand the log?
>>>
>> I just installed it for testing purposes...no real intention to use it.  However, I don't see what you see.
>>
>> [egreshko at f18x ~]$ systemctl status denyhosts.service
>> denyhosts.service - SSH log watcher
>>           Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled)
>>           Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago
>>          Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS)
>>          Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS)
>>         Main PID: 7906 (denyhosts.py)
>>           CGroup: name=systemd:/system/denyhosts.service
>>                   └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
>>
>> [root at f18x ~]# ps -eaf | grep deny
>> root      7906     1  0 Mar13 ?        00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
>>
>> So, it has been running since yesterday.
>>
>>
>
> What do you have in /etc/log/auth.log
>
> I have this kind of stuff in mine
>
>
> Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from
> 88.191.154.90 port 51934 ssh2
> Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from
> 88.191.154.90: 11: Bye Bye [preauth]

First, does this mean you've found out that all is now running fine on your system?

Second, I have no /etc/log/auth.log but do have /var/log/secure log and that is what is defined as the log to be scanned in /etc/denyhosts.conf.

# Redhat or Fedora Core:
SECURE_LOG = /var/log/secure
#
# Mandrake, FreeBSD or OpenBSD:
#SECURE_LOG = /var/log/auth.log
#
# SuSE:
#SECURE_LOG = /var/log/messages

Is your configuration correct?


>
> On the old box denyhost would kill that on the second try..  Not now..
>
> Plus my config file is somewhere else..
>
> What version are you running?

denyhosts-2.6-27.fc18.noarch

And, after causing login failures....   The line

sshd: 192.168.0.194

is added to /etc/hosts.deny


-- 
>From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....


More information about the users mailing list