Hello, I don't recall if there was a SSHD_FORMAT_REGEX= directive or not. You do need it for VSFTP to be seen by denyhosts. Here is what I have added to denyhosts.cfg:
SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|vsftpd:) (?P<message>.*) USERDEF_FAILED_ENTRY_REGEX=\[(?P<user>\S+)\].*FAIL LOGIN.*"(?P<host>\S+)" The match is in two parts. The first line adds vsftpd: regex to match log entries. The second part matches VSFTP's 'FAIL LOGIN: Client "x.x.x.x"' message. For this all to work, vsftp must log to the same file as sshd uses. Use syslog to accomplish this. I configured sshd to use LOG_LOCAL1 and vsftp to use LOG_NEWS and syslog combines them into a single file. My /etc/syslog.conf file has: local1.info;news.warning /var/log/sshd This is done in sysutil.c before compiling VSFTP, and in /etc/ssh/sshd_config: sysutil.c: int facility = LOG_NEWS; sshd_config: SyslogFacility LOCAL1 -Ron > Greetings, > I found this message through google, > > http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00305.html > > but I notice that in the later packages of denyhosts that I am using > from rpmforge for RHEL5, there is not a user-configurable > SSHD_FORMAT_REGEX= directive in the .cfg file. > > The message is rather dated; would this regex > > authentication failure.* rhost=(?P<host>\S+) > \s+user=(?P<user>\S+).* > > still capture vsftpd login events? > would I add vsftpd to blocking list like so: > > BLOCK_SERVICE = sshd,vsftpd > > Thank you, > eugene > > ------------------------------------------------------------------------------ > Come build with us! The BlackBerry® Developer Conference in SF, CA > is the only developer event you need to attend this year. Jumpstart your > developing skills, take BlackBerry mobile applications to market and stay > ahead of the curve. Join us from November 9-12, 2009. Register > now! > http://p.sf.net/sfu/devconf > _______________________________________________ > Denyhosts-user mailing list > Denyhosts-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > > ------------------------------------------------------------------------------ Come build with us! The BlackBerry® Developer Conference in SF, CA is the only developer event you need to attend this year. Jumpstart your developing skills, take BlackBerry mobile applications to market and stay ahead of the curve. Join us from November 9-12, 2009. Register now! http://p.sf.net/sfu/devconf _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
