I have recently installed and configured Deny Hosts 2.5 which is running as daemon. Based on DEBUG mode output DH processes the log file properly and purges properly however suspicious logins are not identified and no new hosts are ever denied.
2006-08-08 08:26:13,420 - denyhosts : DEBUG /var/log/messages has additional data 2006-08-08 08:26:13,422 - denyhosts : DEBUG no new denied hosts 2006-08-08 08:26:13,422 - denyhosts : DEBUG no new suspicious logins The log file being processed does clearly contain questionable login attempt info: Aug 8 06:49:00 MYSITE sshd(pam_unix)[22602]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx user=root Aug 8 06:49:01 MYSITE sshd(pam_unix)[22605]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx user=root Aug 8 06:49:01 MYSITE sshd(pam_unix)[22606]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx user=root Aug 8 06:49:02 MYSITE sshd(pam_unix)[22611]: authentication failure; logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx user=root The log file in question contains hundreds of these attempts. Any advice would be greatly appreciated. Jason ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
