Good morning Jon.
> >>> Jonathan C. Detert <[EMAIL PROTECTED]> 04/11 8:43 AM >>>
> I haven't used or installed denyhosts yet. I'd like to, but I need to
> know how the software determines that a given failed login attempt
> failed due to being for an 'invalid user'. Somewhere on the website,
> either the faq or the home page, mention is made
> that the determination is made based on a lookup in /etc/passwd. I hope
> that's only part of the story. I have boxen using nss_ldap and pam_ldap,
> so the end users who are logging in are not actually in /etc/passwd. I
> need to be sure that denyHosts isn't going to consider all failed login
> attempt to be made by invalid-users.
>
> So, does denyHosts honor nsswitch.conf?
Denyhosts looks at the log files for failed login attempts, either
/var/log/messages or /var/log/secure, depending on your system.
It doesn't grab the login stream and compare it against /etc/passwd, or
anything else.
That being the case, as long as the error strings show up in a log file
somewhere, Denyhosts can see it and act upon it.
I'm dinging 1-2 attacks an hour right now, and I'm pretty happy with it.
-Michael
E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary
information or be protected from disclosure under law ("Confidential
Information"). Any use or disclosure of this Confidential Information,
or taking any action in reliance thereon, by any individual/entity
other than the intended recipient(s) is strictly prohibited. This
Confidential Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you
have received this Confidential Information in error and have an
obligation to promptly inform the sender and permanently destroy,
in its entirety, this Confidential Information (and all copies
thereof). E-mail is handled in the strictest of confidence by
Allied National, however, unless sent encrypted, it is not a secure
communication method and may have been intercepted, edited or
altered during transmission and therefore is not guaranteed.
-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid�0944&bid$1720&dat�1642
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
