On 4/28/2011 08:37, Emmanuelle Morin wrote:
Hello,
I'm new to security stuffs, but for sometimes now my server is under
brute force ssh attacks.
So i've decided to install DenyHosts, the installation went well.
After typing sudo ./daemon-control start
starting DenyHosts: /usr/bin/env python2.6
/Library/Python/2.6/site-packages/DenyHosts/deny_hosts.py --daemon
--config=/usr/local/share/denyhosts/denyhosts.cfg
No error but then when I run : sudo ./daemon-control status, it says
Denyhosts is not running
An other thing is I cannot find any asl.log file in /private/var/log so
I've used the secure.log but still not working.
Any ideas ?
What kind of server?
I'd try running it in commandline mode first
eg: /usr/bin/denyhosts.py --file /var/log/secure --noemail --unlock
--verbose
Usage:
/usr/bin/denyhosts.py [-f logfile | --file=logfile] [ -c configfile |
--config=configfile] [-i | --ignore] [-n | --noemail] [--purge]
[--migrate] [--daemon] [--sync] [--version]
--file: The name of log file to parse
--ignore: Ignore last processed offset (start processing from beginning)
--noemail: Do not send an email report
--unlock: if lockfile exists, remove it and run as normal
--migrate: migrate your HOSTS_DENY file so that it is suitable for --purge
--purge: expire entries older than your PURGE_DENY setting
--daemon: run DenyHosts in daemon mode
--sync: run DenyHosts synchronization mode
--version: Prints the version of DenyHosts and exits
Note: multiple --file args can be processed. If multiple files are
provided, --ignore is implied
When run in --daemon mode the following flags are ignored:
--file, --purge, --migrate, --sync, --verbose
Here's a script that works on RHEL5:
cat /etc/rc.d/init.d/denyhosts
#!/bin/bash
#
# denyhosts This shell script starts the denyhosts daemon OR enables the
# denyhosts cron job depending upon whether DAEMON = yes in
# /etc/sysconfig/denyhosts
#
# Author: Seth Vidal <skvi...@phy.duke.edu> (original script)
# Jason Tibbitts <ti...@math.uh.edu> (denyhost changes)
#
# chkconfig: - 85 35
#
# description: Enable execution of denyhosts, an SSH log watcher
# processname: denyhosts
# config: /etc/denyhosts.cfg
#
### BEGIN INIT INFO
# Provides: denyhosts
# Required-Start: $syslog smtpdaemon
# Short-Description: Enable execution of denyhosts, an SSH log watcher
# Description: DenyHosts is a Python script that analyzes the sshd
server
# log messages to determine which hosts are attempting to
# hack into your system. It also determines what user
# accounts are being targeted. It keeps track of the
# frequency of attempts from each host and, upon
discovering
# a repeated attack host, updates the /etc/hosts.deny
file
# to prevent future break-in attempts from that
host. Email
# reports can be sent to a system admin.
### END INIT INFO
# source function library
. /etc/rc.d/init.d/functions
# Make sure HOSTNAME is in the environment so denyhosts can
# use it in report subjects
HOSTNAME=$(hostname)
export HOSTNAME
CRONLOCK=/var/lock/subsys/denyhosts.init
LOCKFILE=/var/lock/subsys/denyhosts
DHOSTS=/usr/bin/denyhosts.py
DOPTS="--daemon --config=/etc/denyhosts.conf"
RETVAL=0
# Determine whether or not denyhosts is to be run as a daemon or
periodically
# by cron
[ -f /etc/sysconfig/denyhosts ] && . /etc/sysconfig/denyhosts
# cron service functions
c_start() {
echo -n $"Enabling denyhosts cron service: "
touch "$CRONLOCK" && success || failure
RETVAL=$?
echo
}
c_stop() {
echo -n $"Disabling denyhosts cron service: "
rm -f "$CRONLOCK" && success || failure
RETVAL=$?
echo
}
c_restart() {
c_stop
c_start
}
c_condrestart() {
[ -f "$CRONLOCK" ] && c_restart
}
c_status() {
if [ -f $CRONLOCK ]; then
echo $"denyhosts cron service is enabled."
RETVAL=0
else
echo $"denyhosts cron service is disabled."
RETVAL=3
fi
}
# daemon service functions
d_start() {
echo -n $"Starting denyhosts: "
# There may be a stray lockfile; clean it up.
status -p $LOCKFILE $DHOSTS &> /dev/null
STATUS=$?
if [ $STATUS -eq 0 ]; then
echo -n $"Denyhosts already running."
failure
RETVAL=0
else
if [ $STATUS -eq 1 ]; then
echo -n $"Stray lockfile present; removing it."
rm -f $LOCKFILE
fi
daemon $DHOSTS $DOPTS $EXTRA_OPTIONS
RETVAL=$?
fi
echo
}
d_stop() {
echo -n $"Stopping denyhosts: "
if [ -f $LOCKFILE ]; then
killproc $DHOSTS
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f $LOCKFILE
fi
}
# Upstream's control script sleeps here; copy that behavior just in case.
d_restart() {
d_stop
sleep 1;
d_start
}
d_condrestart() {
[ -f $LOCKFILE ] && d_restart
}
d_status() {
status -p $LOCKFILE $DHOSTS
RETVAL=$?
}
case "$1" in
start)
if [ $DAEMON = "yes" ]; then
d_start;
else
c_start;
fi
;;
stop)
if [ $DAEMON = "yes" ]; then
d_stop;
else
c_stop;
fi
;;
restart|force-reload)
if [ $DAEMON = "yes" ]; then
d_restart;
else
c_restart;
fi
;;
reload)
;;
condrestart)
if [ $DAEMON = "yes" ]; then
d_condrestart;
else
c_restart;
fi
;;
status)
if [ $DAEMON = "yes" ]; then
d_status;
else
c_status;
fi
;;
*)
echo $"Usage: $0
{start|stop|status|restart|reload|force-reload|condrestart}"
exit 1
esac
exit $RETVAL
------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network
management toolset available today. Delivers lowest initial
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
