thanks phil. I've since managed to track down the problem (should have dug deeper first) and discovered some process on my own box is trying access denied messages being logged in /var/log/secure every day at 16:05PM! What's crazier if this is a user that doesn't even exist! once upon a time I created a user called mjs2 and when tightening thing up with denyhost I removed it. But for some reason it's still doing something and I can't find any instaces of that name even with grep!
the simply fix was to put my own address into allowed-hosts and I think I'm ok now. again, very cool tool... -mark On Tue, May 31, 2011 at 1:48 PM, Phil Schwartz <phil_schwa...@users.sourceforge.net> wrote: > > Hello Mark, > > You can start DH in debug mode to get more detailed logs. You should > probably stop DH, clear the host(s) from /etc/hosts.deny AND from your > WORK_DIR/* files-- those file contain the number of failures so if they > already exceed the allowed number it's probable that they are causing the > lockouts. After they are cleared, restart DH. You can either start it w/ > debug (/etc/init.d/denyhosts start --debug) or afterwards by sending the > process a SIGUSR1 signal, eg. kill -SIGUSR1 <pid of denyhosts> > > Reagrds, > > Phil > > > > > On Fri, 27 May 2011, Mark Seger wrote: > >> First - very cool tool. I've only been using it for a few hours but >> already it's added a bunch of entries to my /etc/hosts.deny file. >> >> But now my dilemma, and I'm sure you've heard this before and so maybe >> an entry in the FAQ could help stop people like me from pestering you? >> >> My config at home is a PC running vista at 192.168.1.100 and a >> workstation running RHEL5.3 at 192.168.1.104. When I run denyhosts >> both addresses are marked as denied so I commented them out in >> /etc/hosts.deny and sure enough, they got flagged again a little >> later. Next I did a tail -f on /etc/hosts.deny and got on with my >> work. When I opened a putty window to my linux box up it popped and >> asked for a username, so it was still a valid host. BUT seconds after >> I closed the window without even trying to log in, both my pc's >> address AND the linux box were added to /etc/hosts.deny again. >> >> Now here's the real mystery - I thought denyhosts watches >> /var/log/secure for failed login attempts. But here's the tail of >> that log, noting 'poker' is my linux box. >> >> May 27 08:35:06 poker sshd[19524]: Connection closed by 192.168.1.100 >> >> this raises several questions, first and foremost, is if there wasn't >> a failed login, why was host 100, the vista box, denied? Furthermore, >> why was the address of my linux box itself added to /etc/hosts.deny? >> >> I did see in the faq I can always add an allow-hosts file to my >> workdir, but I'd really like to know what's going on here. Part of me >> thinks it may be a simple config setting but I have no idea what it >> might be. >> >> One last thing, here's the tail of the denyhosts log: >> >> 2011-05-27 08:35:20,801 - denyhosts : INFO new denied hosts: >> ['192.168.1.100', '192.168.1.104'] >> >> doesn't really say why the hosts were denied. Is there a way to make >> the log more verbose or somewhere else to look for more detail? >> >> -mark >> >> >> ------------------------------------------------------------------------------ >> vRanger cuts backup time in half-while increasing security. >> With the market-leading solution for virtual backup and recovery, >> you get blazing-fast, flexible, and affordable data protection. >> Download your free trial now. >> http://p.sf.net/sfu/quest-d2dcopy1 >> _______________________________________________ >> Denyhosts-user mailing list >> Denyhosts-user@lists.sourceforge.net >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >> > > -- > > Regards, > > Phil Schwartz > http://www.phil-schwartz.com > > Open Source Projects: > > DenyHosts: http://www.denyhosts.net > Kodos: http://kodos.sourceforge.net > ReleaseForge: http://releaseforge.sourceforge.net > Scratchy: http://scratchy.sourceforge.net > FAQtor: http://faqtor.sourceforge.net > > Become a fan of DenyHosts: > > http://www.facebook.com/pages/DenyHosts/58269629216 > > ------------------------------------------------------------------------------ Simplify data backup and recovery for your virtual environment with vRanger. Installation's a snap, and flexible recovery options mean your data is safe, secure and there when you need it. Data protection magic? Nope - It's vRanger. Get your free trial download today. http://p.sf.net/sfu/quest-sfdev2dev _______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
