Joop Beris wrote: [snip] >>> - Stop the denyhosts daemon. >>> - Remove the host from /etc/hosts.deny >>> - Added the host to /[WORK-DIR]/allowed-hosts >>> - Removed the host from all other files in /[WORK-DIR] >>> - Removed the offending lines from the syslog so it would not be picked >>> up again by denyhosts >> This step may be the problem: if you manually change the log file >> denyhosts detects that it changed and scans it again. > > If I did not do this step, Denyhosts would pick up the IP address again > from /var/log/messages, where my syslog leaves its logging. At least, that is > what I thought. > Also, with this host no longer being IN /var/log/messages, after starting the > Denyhosts daemon, how did Denyhosts pick the IP address up again? I think the > above steps get rid of any trace that this host was/should be blocked? > >>> - Started the denyhosts daemon > >> Where did you see the step that changes the log? If it is in the FAQ, I >> think it should be corrected. > > It's not in the FAQ. > After I did it the FAQ way, the IP address got dumped back in /etc/hosts.deny > almost right away. The only way that was possible, or so I thought, was if > Denyhosts re-scanned /var/log/messages, discovered the IP and blocked it > again. So I followed the FAQ again and removed the lines > from /var/log/messages. > > So without the IP address being present in /var/log/messages, and without the > IP address being present in any file in the work-dir EXCEPT allowed-hosts, > how did the host get added back to /etc/hosts.deny?? Any thoughts?
Yes, you are reporting 3 different problems : 1) Adding the IP to allowed-hosts didn't prevent it from being black-listed again. 2) Deleting the IP from all work files, after stoping DH, didn't prevent the IP from being added. 3) Deleting the IP from the log ... same problem. One explanation to the last 2 problems is that the IP got added to the sync server and you are receiving it again and again. If you show the IP, or at least the last 2 octets, we could search our local list and see if it is there. Are you sync-ing at all? Another, also partial, explanation could be that you are starting DH with an option that causes it to re-scan the log. That could be -debug or --ignore. Of course that doesn't explain (3). I don't have an explanation for problem (1) other than you have a problem with permissions (DH can't read the allowed-hosts file), syntax (the name of the file or its contents)... you could check those problems in DH's log, when it starts it shows exactly the options it is using, including what it found in that file. -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2008. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
