DenyHosts

Marvin Kosmal mkosmal at gmail.com
Thu Mar 14 06:03:29 UTC 2013


On Wed, Mar 13, 2013 at 10:33 PM, Ed Greshko <Ed.Greshko at greshko.com> wrote:
> On 03/14/13 13:03, Marvin Kosmal wrote:
>> On Wed, Mar 13, 2013 at 9:46 PM, Ed Greshko <Ed.Greshko at greshko.com> wrote:
>>> On 03/14/13 12:33, Marvin Kosmal wrote:
>>>> On Tue, Mar 12, 2013 at 8:29 PM, Marvin Kosmal <mkosmal at gmail.com> wrote:
>>>>> Hi
>>>>>
>>>>> Is anyone running Denyhosts?
>>>>>
>>>>> I have it installed.. It says it is running but, nothing is happening..
>>>>>
>>>>> TIA
>>>>>
>>>>> Marvin
>>>>
>>>>
>>>> This is from my log file
>>>>
>>>>
>>>> Mar 13 21:05:01 - denyhosts   : INFO     restricted: set([])
>>>> Mar 13 21:05:01 - denyhosts   : INFO     Processing log file
>>>> (/var/log/messages) from offset (0)
>>>> Mar 13 21:05:01 - denyhosts   : INFO     launching DenyHosts daemon
>>>> (version 2.6)...
>>>> Mar 13 21:05:01 - denyhosts   : INFO     DenyHosts daemon is now
>>>> running, pid: 31528
>>>> Mar 13 21:05:01 - denyhosts   : INFO     send daemon process a TERM
>>>> signal to terminate cleanly
>>>> Mar 13 21:05:01 - denyhosts   : INFO       eg.  kill -TERM 31528
>>>> Mar 13 21:05:01 - denyhosts   : INFO     monitoring log: /var/log/messages
>>>> Mar 13 21:05:01 - denyhosts   : INFO     sync_time: 3600
>>>> Mar 13 21:05:01 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
>>>> Mar 13 21:05:01 - denyhosts   : INFO     denyhosts synchronization disabled
>>>>
>>>> Does this really mean it starts and shuts down immediately.??
>>>>
>>>> Or don't I  understand the log?
>>>>
>>> I just installed it for testing purposes...no real intention to use it.  However, I don't see what you see.
>>>
>>> [egreshko at f18x ~]$ systemctl status denyhosts.service
>>> denyhosts.service - SSH log watcher
>>>           Loaded: loaded (/usr/lib/systemd/system/denyhosts.service; enabled)
>>>           Active: active (running) since Wed 2013-03-13 23:57:37 CST; 12h ago
>>>          Process: 7901 ExecStart=/usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf (code=exited, status=0/SUCCESS)
>>>          Process: 7899 ExecStartPre=/bin/rm -f /run/lock/subsys/denyhosts (code=exited, status=0/SUCCESS)
>>>         Main PID: 7906 (denyhosts.py)
>>>           CGroup: name=systemd:/system/denyhosts.service
>>>                   └─7906 /usr/bin/python /usr/bin/denyhosts.py --daemon --confi...
>>>
>>> [root at f18x ~]# ps -eaf | grep deny
>>> root      7906     1  0 Mar13 ?        00:00:00 /usr/bin/python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
>>>
>>> So, it has been running since yesterday.
>>>
>>>
>>
>> What do you have in /etc/log/auth.log
>>
>> I have this kind of stuff in mine
>>
>>
>> Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from
>> 88.191.154.90 port 51934 ssh2
>> Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from
>> 88.191.154.90: 11: Bye Bye [preauth]
>
> First, does this mean you've found out that all is now running fine on your system?
>
> Second, I have no /etc/log/auth.log but do have /var/log/secure log and that is what is defined as the log to be scanned in /etc/denyhosts.conf.
>
> # Redhat or Fedora Core:
> SECURE_LOG = /var/log/secure
> #
> # Mandrake, FreeBSD or OpenBSD:
> #SECURE_LOG = /var/log/auth.log
> #
> # SuSE:
> #SECURE_LOG = /var/log/messages
>
> Is your configuration correct?
>
>


Yes,  I am running Ubuntu 12.04



I am running 2.6


>>
>> On the old box denyhost would kill that on the second try..  Not now..
>>
>> Plus my config file is somewhere else..
>>
>> What version are you running?
>
> denyhosts-2.6-27.fc18.noarch
>
> And, after causing login failures....   The line
>
> sshd: 192.168.0.194
>
> is added to /etc/hosts.deny
>
>
> --
> From now on, at least during winter time, Im going to blame all spelling an grammar erros on the cat sitting on my chest every time I sit down at the computer....
> --
> users mailing list
> users at lists.fedoraproject.org
> To unsubscribe or change subscription options:
> https://admin.fedoraproject.org/mailman/listinfo/users
> Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines
> Have a question? Ask away: http://ask.fedoraproject.org


More information about the users mailing list