DenyHosts
Matthew J. Roth
mroth at imminc.com
Thu Mar 14 14:28:31 UTC 2013
Marvin Kosmal wrote:
>
> This is from my log file
> ...
> Mar 13 21:05:01 - denyhosts : INFO monitoring log: /var/log/messages
> ...
>
> What do you have in /etc/log/auth.log
>
> I have this kind of stuff in mine
>
> Mar 13 09:27:58 kosmal sshd[31232]: Failed password for root from
> 88.191.154.90 port 51934 ssh2
> Mar 13 09:27:58 kosmal sshd[31232]: Received disconnect from
> 88.191.154.90: 11: Bye Bye [preauth]
> Mar 13 09:27:59 kosmal sshd[31234]: pam_unix(sshd:auth):
> authentication failure; logname= uid=0 euid=0 tty=ssh ruser=
> rhost=88-191-154-90.rev.dedibox.fr user=root
Marvin,
You have denyhosts configured to monitor '/var/log/messages' but failed login
attempts are being logged to '/etc/log/auth.log'.
In '/etc/denyhosts.conf' (or whatever file is used to configure denyhosts on
Ubuntu) set:
# Ubuntu
SECURE_LOG = /etc/log/auth.log
# Redhat or Fedora Core:
#SECURE_LOG = /var/log/secure
and restart denyhosts.
Regards,
Matthew Roth
InterMedia Marketing Solutions
Software Engineer and Systems Developer
More information about the users
mailing list