Re: [Denyhosts-user] Allowed-hosts being ignored...

Timothy Meader Wed, 26 Apr 2006 12:16:12 -0700

Here's my output. Thanks in advance.

2006-04-26 15:13:03,798 - prefs       : INFO     DenyHosts configuration settings:
2006-04-26 15:13:03,799 - prefs       : INFO        ADMIN_EMAIL: [EMAIL PROTECTED]
2006-04-26 15:13:03,800 - prefs       : INFO        AGE_RESET_INVALID: [None]
2006-04-26 15:13:03,801 - prefs       : INFO        AGE_RESET_RESTRICTED: [2160000]
2006-04-26 15:13:03,802 - prefs       : INFO        AGE_RESET_ROOT: [2160000]
2006-04-26 15:13:03,803 - prefs       : INFO        AGE_RESET_VALID: [432000]
2006-04-26 15:13:03,804 - prefs       : INFO        ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
2006-04-26 15:13:03,805 - prefs       : INFO        BLOCK_SERVICE: [sshd]
2006-04-26 15:13:03,806 - prefs       : INFO        DAEMON_LOG: [/var/log/denyhosts]
2006-04-26 15:13:03,807 - prefs       : INFO        DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message
)s]
2006-04-26 15:13:03,808 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT: [None]
2006-04-26 15:13:03,809 - prefs       : INFO        DAEMON_PURGE: [3600]
2006-04-26 15:13:03,810 - prefs       : INFO        DAEMON_SLEEP: [30]
2006-04-26 15:13:03,811 - prefs       : INFO        DENY_THRESHOLD_INVALID: [5]
2006-04-26 15:13:03,813 - prefs       : INFO        DENY_THRESHOLD_RESTRICTED: [1]
2006-04-26 15:13:03,814 - prefs       : INFO        DENY_THRESHOLD_ROOT: [3]
2006-04-26 15:13:03,815 - prefs       : INFO        DENY_THRESHOLD_VALID: [7]
2006-04-26 15:13:03,816 - prefs       : INFO        FAILED_ENTRY_REGEX: [None]
2006-04-26 15:13:03,817 - prefs       : INFO        FAILED_ENTRY_REGEX2: [None]
2006-04-26 15:13:03,818 - prefs       : INFO        FAILED_ENTRY_REGEX3: [None]
2006-04-26 15:13:03,819 - prefs       : INFO        FAILED_ENTRY_REGEX4: [None]
2006-04-26 15:13:03,820 - prefs       : INFO        FAILED_ENTRY_REGEX5: [None]
2006-04-26 15:13:03,821 - prefs       : INFO        FAILED_ENTRY_REGEX6: [None]
2006-04-26 15:13:03,822 - prefs       : INFO        HOSTNAME_LOOKUP: [YES]
2006-04-26 15:13:03,823 - prefs       : INFO        HOSTS_DENY: [/etc/hosts.deny]
2006-04-26 15:13:03,824 - prefs       : INFO        LOCK_FILE: [/tmp/denyhosts.lock]
2006-04-26 15:13:03,825 - prefs       : INFO        PLUGIN_DENY: [None]
2006-04-26 15:13:03,826 - prefs       : INFO        PLUGIN_PURGE: [None]
2006-04-26 15:13:03,827 - prefs       : INFO        PURGE_DENY: [None]
2006-04-26 15:13:03,828 - prefs       : INFO        PURGE_THRESHOLD: [0]
2006-04-26 15:13:03,829 - prefs       : INFO        RESET_ON_SUCCESS: [no]
2006-04-26 15:13:03,830 - prefs       : INFO        SECURE_LOG: [/var/log/sshlog]
2006-04-26 15:13:03,831 - prefs       : INFO        SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S -0400]
2006-04-26 15:13:03,832 - prefs       : INFO        SMTP_FROM: [DenyHosts <[EMAIL PROTECTED]>]
2006-04-26 15:13:03,833 - prefs       : INFO        SMTP_HOST: [mailhost.gsfc.nasa.gov]
2006-04-26 15:13:03,834 - prefs       : INFO        SMTP_PASSWORD: [None]
2006-04-26 15:13:03,835 - prefs       : INFO        SMTP_PORT: [25]
2006-04-26 15:13:03,836 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts Report for popc]
2006-04-26 15:13:03,837 - prefs       : INFO        SMTP_USERNAME: [None]
2006-04-26 15:13:03,838 - prefs       : INFO        SSHD_FORMAT_REGEX: [.* (sshd\[.*\]: \[ID \d* auth.info\]) (?P<message>.*)]
2006-04-26 15:13:03,839 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX: [None]
2006-04-26 15:13:03,840 - prefs       : INFO        SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
2006-04-26 15:13:03,841 - prefs       : INFO        SYNC_DOWNLOAD: [yes]
2006-04-26 15:13:03,843 - prefs       : INFO        SYNC_DOWNLOAD_RESILIENCY: [18000]
2006-04-26 15:13:03,844 - prefs       : INFO        SYNC_DOWNLOAD_THRESHOLD: [3]
2006-04-26 15:13:03,845 - prefs       : INFO        SYNC_INTERVAL: [3600]
2006-04-26 15:13:03,846 - prefs       : INFO        SYNC_SERVER: [None]
2006-04-26 15:13:03,847 - prefs       : INFO        SYNC_UPLOAD: [yes]
2006-04-26 15:13:03,848 - prefs       : INFO        SYSLOG_REPORT: [no]
2006-04-26 15:13:03,849 - prefs       : INFO        WORK_DIR: [/usr/share/denyhosts/data]

At 03:05 PM 4/26/2006, Phil Schwartz wrote:

Hi Timothy,

I've had another report about the allowed-hosts but I haven't been able to reproduce it. In your denyhosts.log what does it say your configuration settings are. Mine looks like this:

Jan 18 20:28:05 - prefs       : INFO     DenyHosts configuration settings:
Jan 18 20:28:05 - prefs       : INFO        ADMIN_EMAIL: [EMAIL PROTECTED]
Jan 18 20:28:05 - prefs       : INFO        AGE_RESET_INVALID: [2592000]
Jan 18 20:28:05 - prefs       : INFO        AGE_RESET_ROOT: [31536000]
Jan 18 20:28:05 - prefs       : INFO        AGE_RESET_VALID: [432000]
Jan 18 20:28:05 - prefs       : INFO        ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
Jan 18 20:28:05 - prefs       : INFO        BLOCK_SERVICE: [sshd]
Jan 18 20:28:05 - prefs       : INFO        DAEMON_LOG: [/var/log/denyhosts]
Jan 18 20:28:05 - prefs       : INFO        DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
Jan 18 20:28:05 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT: [%b %d %H:%M:%S]
Jan 18 20:28:05 - prefs       : INFO        DAEMON_PURGE: [3600]
Jan 18 20:28:05 - prefs       : INFO        DAEMON_SLEEP: [5]
Jan 18 20:28:05 - prefs       : INFO        DENY_THRESHOLD: [5]
Jan 18 20:28:05 - prefs       : INFO        DENY_THRESHOLD_INVALID: [5]
Jan 18 20:28:05 - prefs       : INFO        DENY_THRESHOLD_ROOT: [1]
Jan 18 20:28:05 - prefs       : INFO        DENY_THRESHOLD_VALID: [10]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX10: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX2: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX3: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX4: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX5: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX6: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX7: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX8: [None]
Jan 18 20:28:05 - prefs       : INFO        FAILED_ENTRY_REGEX9: [None]
Jan 18 20:28:05 - prefs       : INFO        HOSTNAME_LOOKUP: [yes]
Jan 18 20:28:05 - prefs       : INFO        HOSTS_DENY: [/etc/hosts.deny]
Jan 18 20:28:05 - prefs       : INFO        LOCK_FILE: [/var/lock/subsys/denyhosts]
Jan 18 20:28:05 - prefs       : INFO        PLUGIN_DENY: [None]
Jan 18 20:28:05 - prefs       : INFO        PLUGIN_PURGE: [None]
Jan 18 20:28:05 - prefs       : INFO        PURGE_DENY: [259200]
Jan 18 20:28:05 - prefs       : INFO        SECURE_LOG: [/var/log/secure]
Jan 18 20:28:05 - prefs       : INFO        SMTP_FROM: [DenyHosts <[EMAIL PROTECTED]
Jan 18 20:28:05 - prefs       : INFO        SMTP_HOST: [foo]
Jan 18 20:28:05 - prefs       : INFO        SMTP_PASSWORD: [None]
Jan 18 20:28:05 - prefs       : INFO        SMTP_PORT: [25]
Jan 18 20:28:05 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts Report ]
Jan 18 20:28:05 - prefs       : INFO        SMTP_USERNAME: [None]
Jan 18 20:28:05 - prefs       : INFO        SSHD_FORMAT_REGEX: [None]
Jan 18 20:28:05 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX: [None]
Jan 18 20:28:05 - prefs       : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
Jan 18 20:28:05 - prefs       : INFO        WORK_DIR: [/home/phil/denyhosts/data]

Regards,

Phil

On Wed, 26 Apr 2006, Timothy Meader wrote:

Hello all, I'm trying to get denyhosts setup properly on a group of three Solaris 8 servers, but I'm having a bit of a problem. I've gotten everything seemingly up and running (though it might not hurt to add to the FAQ that the "hosts.evil" feature does not appear to work with tcp_wrappers under Solaris... any attempt to use this throws a syntax error under hosts.allow. ie the "EXCEPT /etc/hosts.evil" part)... but the allowed-hosts feature is giving me trouble.

I've tried both putting in full IPs into the allowed-hosts file, as well as IPs in the form 111.222.*, but neither form matches. I've tried copying the allowed-hosts file into /etc as well as /usr/share/denyhosts itself instead of just the WORK_DIR "/usr/share/denyhosts/data". The permissions on the file are 744, so that shouldn't be an issue.

My setup is Solaris 8, with the February recommended patch cluster and python (along with tcl and tk) installed from the precompiled packages on sunfreeware.

Finally, running denyhosts in debug mode shows no output related to allowed-hosts at all. I can see denyhosts adding new IPs to /etc/hosts.deny... but there is never an entry showing what's currently in the allowed-hosts list.

Thanks in advance for any and all help.

PS - almost forgot, I'm running denyhosts 2.4b from sourceforge.

Thanks.

---
Tim Meader
CNE Internet Services
NetCommerce Corporation
[EMAIL PROTECTED]
(301) 286-8013

-------------------------------------------------------
Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

--
Regards,

Phil Schwartz - http://www.phil-schwartz.com

Open Source Projects:
- DenyHosts: http://www.denyhosts.net
- Kodos: http://kodos.sourceforge.net
- ReleaseForge: http://releaseforge.sourceforge.net
- Scratchy: http://scratchy.sourceforge.net
- FAQtor: http://faqtor.sourceforge.net

---
Tim Meader
CNE Internet Services
NetCommerce Corporation
[EMAIL PROTECTED]
(301) 286-8013

Re: [Denyhosts-user] Allowed-hosts being ignored...

Reply via email to