On Aug 19, 2010, at 1:33 PM, René Berber wrote: > Luke wrote: > > [snip] >> Aug 19 11:07:37 - AllowedHosts: DEBUG initializing AllowedHosts >> Aug 19 11:07:37 - AllowedHosts: DEBUG Could not open >> /usr/share/denyhosts/data/allowed-hosts - [Errno 2] No such file or >> directory: '/usr/share/denyhosts/data/allowed-hosts' > > That's not a real problem. > > What I forgot is that it is better to run it with --verbose and --debug, > I was expecting some info that is not there. > >> /var/log/secure.log >> >> Aug 19 11:14:15 Crapbag >> /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[265]: >> Authentication: FAILED :: User Name: N/A :: Viewer Address: 75.63.18.190 :: >> Type: VNC DES >> Aug 19 11:14:45: --- last message repeated 12 times --- > > That is a problem... DH doesn't handle those "repeated" lines, nothing > does. What can be done to fix it is to re-configure syslog to not do > that; in some syslogs its "RepeatedMsgReduction off".
I've now set = dup_delay 0 which logs all failed entries and its still not blocking VNC failed attempts it does block ssh however. I'll probably just end up disabling vnc or just enabling it on demand. > >> Aug 19 11:15:47 Crapbag >> /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[265]: >> Authentication: FAILED :: User Name: N/A :: Viewer Address: 75.63.18.190 :: >> Type: VNC DES >> Aug 19 11:16:17: --- last message repeated 16 times --- > > What is your PURGE_DENY, DENY_THRESHOLD_INVALID, AGE_RESET_INVALID, and > DAEMON_SLEEP values in denyhosts.cfg (or denyhosts.conf)? > > I see the regex I sent is missing a space, could you test these exactly > as shown (except for the unintended line wrapping): > > SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|AppleVNCServer\[\d+\]:) > (?P<message>.*) > > USERDEF_FAILED_ENTRY_REGEX=Authentication: FAILED :: User Name: > (?P<user>\S+) :: Viewer Address: (?P<host>\S+) .* > > -- > René Berber > > > ------------------------------------------------------------------------------ > This SF.net email is sponsored by > > Make an app they can't live without > Enter the BlackBerry Developer Challenge > http://p.sf.net/sfu/RIM-dev2dev > _______________________________________________ > Denyhosts-user mailing list > Denyhosts-user@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/denyhosts-user ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
