On 4/28/2011 12:20 PM, Emmanuelle Morin wrote:

> Here is my secure.log :
>
> Apr 28 11:44:03 server1 sshd[34360]: Invalid user klement from
38.96.175.129
> Apr 28 11:44:04 server1 sshd[34362]: Invalid user zumlot from
38.96.175.129

So your original SSHD_FORMAT_REGEX was wrong.  Let me guess, you copied
it from the DH Web site...

> I have tried the following regex : .*sshd\[.*\]: Invalid user (.*)

Where?  How?  Looks wrong, don't waste your time trying things at
random.  First understand what you are doing: DenyHosts works in two
steps, first it looks for a match on SSHD_FORMAT_REGEX, when it has a
match it captures the rest of the message and tries to match that with
its own hard-coded regexes plus the user defined regex.

> it doesn't change anything !
>
> Do I have to put something on the SSHD_FORMAT_REGEX ?

Only if you changed it (comment out your change, let the default work).
 Otherwise no.

> Can you give me an example of a line DenyHosts will complain on ?

What for?  Your log looks like any other normal log, DenyHost own (2nd
of 7) regex will match.

It looks to me that the only thing you needed to change, in
denyhosts.cfg, was the log file in SECURE_LOG.  Anything else, and it
probably caused DH to fail.

Also don't expect DH to go backwards in time, it will not detect what
has been going on in the past, unless you use the parameter to ignore state.
-- 
René Berber


------------------------------------------------------------------------------
WhatsUp Gold - Download Free Network Management Software
The most intuitive, comprehensive, and cost-effective network 
management toolset available today.  Delivers lowest initial 
acquisition cost and overall TCO of any competing solution.
http://p.sf.net/sfu/whatsupgold-sd
_______________________________________________
Denyhosts-user mailing list
Denyhosts-user@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/denyhosts-user

Reply via email to