Your message dated Wed, 17 Aug 2011 08:48:55 +0000
with message-id <[email protected]>
and subject line Bug#462926: fixed in denyhosts 2.6-10
has caused the Debian Bug report #462926,
regarding denyhosts: fails to block invalid root login
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
462926: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=462926
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: denyhosts
Version: 2.6-2.1
Severity: normal
I have DENY_THRESHOLD_INVALID=3 and DENY_THRESHOLD_ROOT=1 in
denyhosts.conf. root is not allowed to log in directly to sshd. But
this morning denyhosts failed to block an attempt to log in as root by
dictionary attack:
Jan 28 01:57:17 helium sshd[18743]: Connection from 189.17.176.130 port 34930
Jan 28 01:57:17 helium sshd[18743]: Did not receive identification string from
189.17.176.130
Jan 28 02:02:11 helium sshd[18821]: Connection from 189.17.176.130 port 39212
Jan 28 02:02:13 helium sshd[18821]: Invalid user rhiroot from 189.17.176.130
Jan 28 02:02:14 helium sshd[18825]: Connection from 189.17.176.130 port 39738
Jan 28 02:02:15 helium sshd[18825]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:16 helium sshd[18829]: Connection from 189.17.176.130 port 39832
Jan 28 02:02:17 helium sshd[18829]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:18 helium sshd[18833]: Connection from 189.17.176.130 port 40348
Jan 28 02:02:19 helium sshd[18833]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:20 helium sshd[18837]: Connection from 189.17.176.130 port 40444
Jan 28 02:02:21 helium sshd[18837]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:22 helium sshd[18841]: Connection from 189.17.176.130 port 40954
Jan 28 02:02:23 helium sshd[18841]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:23 helium sshd[18845]: Connection from 189.17.176.130 port 41056
Jan 28 02:02:25 helium sshd[18845]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:25 helium sshd[18849]: Connection from 189.17.176.130 port 41220
Jan 28 02:02:27 helium sshd[18849]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:27 helium sshd[18854]: Connection from 189.17.176.130 port 41665
Jan 28 02:02:29 helium sshd[18854]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:29 helium sshd[18858]: Connection from 189.17.176.130 port 41760
Jan 28 02:02:31 helium sshd[18858]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:31 helium sshd[18862]: Connection from 189.17.176.130 port 41926
Jan 28 02:02:33 helium sshd[18862]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
Jan 28 02:02:33 helium sshd[18866]: Connection from 189.17.176.130 port 42470
Jan 28 02:02:35 helium sshd[18866]: User root from ns1.redewsnet.com.br not
allowed because not listed in AllowUsers
and so on. The above continued for several hundred attempts before I
noticed the disk activity and took down the network interface.
In the above case, denyhosts should have blocked the attack by either
DENY_THRESHOLD_INVALID=3 or DENY_THRESHOLD_ROOT=1, but it did neither.
/var/log/denyhosts doesn't show anything very illuminating:
2008-01-28 00:11:48,576 - denyfileutil: INFO purging entries older than:
Mon Dec 31 00:11:48 2007
2008-01-28 00:11:48,578 - denyfileutil: INFO num entries purged: 0
2008-01-28 01:04:19,998 - denyhosts : INFO new denied hosts:
['222.184.232.164']
2008-01-28 01:11:50,192 - denyfileutil: INFO purging entries older than:
Mon Dec 31 01:11:50 2007
2008-01-28 01:11:50,195 - denyfileutil: INFO num entries purged: 0
2008-01-28 01:11:50,594 - sync : INFO sent 1 new host
2008-01-28 02:11:52,725 - denyfileutil: INFO purging entries older than:
Mon Dec 31 02:11:52 2007
2008-01-28 02:11:52,729 - denyfileutil: INFO num entries purged: 0
2008-01-28 03:11:54,626 - denyfileutil: INFO purging entries older than:
Mon Dec 31 03:11:54 2007
2008-01-28 03:11:54,629 - denyfileutil: INFO num entries purged: 0
Note that denyhosts did correctly block an earlier attack, at 1:04 AM,
after three invalid login attempts.
-- System Information:
Debian Release: lenny/sid
APT prefers testing
APT policy: (990, 'testing'), (300, 'unstable'), (200, 'stable'), (1,
'experimental')
Architecture: amd64 (x86_64)
Kernel: Linux 2.6.23 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US, LC_CTYPE=en_US (charmap=ISO-8859-1) (ignored: LC_ALL set to
en_US)
Shell: /bin/sh linked to /bin/bash
Versions of packages denyhosts depends on:
ii lsb-base 3.1-24 Linux Standard Base 3.1 init scrip
ii python 2.4.4-6 An interactive high-level object-o
ii python-central 0.5.15-0.1 register and build utility for Pyt
denyhosts recommends no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: denyhosts
Source-Version: 2.6-10
We believe that the bug you reported is fixed in the latest version of
denyhosts, which is due to be installed in the Debian FTP archive:
denyhosts_2.6-10.debian.tar.gz
to main/d/denyhosts/denyhosts_2.6-10.debian.tar.gz
denyhosts_2.6-10.dsc
to main/d/denyhosts/denyhosts_2.6-10.dsc
denyhosts_2.6-10_all.deb
to main/d/denyhosts/denyhosts_2.6-10_all.deb
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Marco Nenciarini <[email protected]> (supplier of updated denyhosts package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Format: 1.8
Date: Wed, 17 Aug 2011 10:20:29 +0200
Source: denyhosts
Binary: denyhosts
Architecture: source all
Version: 2.6-10
Distribution: unstable
Urgency: low
Maintainer: Kyle Willmon <[email protected]>
Changed-By: Marco Nenciarini <[email protected]>
Description:
denyhosts - Utility to help sys admins thwart SSH crackers
Closes: 462926 546772
Changes:
denyhosts (2.6-10) unstable; urgency=low
.
[ Marco Nenciarini ]
* [526c9cb] Switch vcs fields to git
* [ae3d952] Add debian/gbp.conf to make easy the usage of git-buildpackage
and gbp-pq
* [59c1cc1] Convert all patches to gbp-pq compatible format
* [7d0f0dd] Remove the dh_make standatd template from the watch file
.
[ Kyle Willmon ]
* [62965a5] Fixed 06_permit_rootlogin_no to match hostnames (Closes: #462926)
* [6d355a6] Fixed section for installed FAQ
* [d392fc9] Updated description removes lintian warning
* [5fd3570] Revert patch which did not actually fix #508504 (Closes: #546772)
* [b23dade] Bump standards version
* [88a069e] Remove Conflicts and Replaces from old transition
* [caa300f] Convert from cdbs with python-central to debhelper with
dh_python2 and bump compat
* [32c638a] Remove upgrade workaround for bug in < 2.5-3
* [b94d5d6] Add support for /run
* [a4d9eaa] Fix whitespace issue in 04_migrate_warning.patch
* [ae61317] Correct Vcs-* fields after Alioth transition
Checksums-Sha1:
99e508ea9d4f1176e5b49f5621621b8267ffe76c 1239 denyhosts_2.6-10.dsc
e739aeb1123e917b8cf5c6b4d73fdb7bc76074d4 40319 denyhosts_2.6-10.debian.tar.gz
ace13b115da13db0422673a785d0b731e65a507a 74192 denyhosts_2.6-10_all.deb
Checksums-Sha256:
445124ba7c7340699b96880c06528d60db39962b73dac2cd193533f1437111b8 1239
denyhosts_2.6-10.dsc
6a063a10267f847777d03df38380f55f21a3a43e1fa8bca33c80cd5a24459fe7 40319
denyhosts_2.6-10.debian.tar.gz
96d0f3d6e54543863111d6920c149334c3d2c38b8ae73ddd35e34877ceb4acec 74192
denyhosts_2.6-10_all.deb
Files:
806a86760235481995a3b36280d34667 1239 net optional denyhosts_2.6-10.dsc
2d8aae6ea1878af795b939f400d10e73 40319 net optional
denyhosts_2.6-10.debian.tar.gz
368948b9bfe362db8eff746b3d4e35b3 74192 net optional denyhosts_2.6-10_all.deb
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
iEYEARECAAYFAk5LetwACgkQaGRzDfCV5eRE7QCePPtlXmIcrX+fi+hYE96NO2WO
s0wAn1r+Qo7aNIrOMOXNf7TLRSBAcY4j
=umTz
-----END PGP SIGNATURE-----
--- End Message ---
