I'm running denyhosts-2.6_4 with python27-2.7.2_4 on multiple FreeBSD boxes RELEASE-7.2 to 9.0 and keep getting the same entries in my /var/log/denyhosts log which in turn shows the clutter in the /etc/hosts.deniedssh file to the tune of 15-20 or more entries everyday. I ended up making a script to clean the host as a plugin. My ubuntu 10.04 LTS boxes don't show the same behavior.
On the RELEASE-9.0 box, OpenSSH_5.8p2_hpn13v11 FreeBSD-20110503, OpenSSL
0.9.8q 2 Dec 2010, running ipf: IP Filter: v4.1.28 (400).
This is my conf file:
# /usr/local/etc/denyhosts.conf
# host: delta
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deniedssh
PURGE_DENY = 15d
PURGE_THRESHOLD = 5
BLOCK_SERVICE = ALL
DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 3
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/local/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /var/run/denyhosts.pid
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = jm...@lsuhsc.edu
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report [delta]
SYSLOG_REPORT=YES
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
RESET_ON_SUCCESS = yes
PLUGIN_DENY=/usr/local/etc/ipf.d/change-ipf-rules.sh
PLUGIN_PURGE=/usr/local/etc/ipf.d/change-ipf-rules.sh
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
##EOF
Entries from /var/log/denyhosts:
2012-04-11 10:48:15,272 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
2012-04-11 10:48:45,294 - loginattempt: INFO resetting count for:
10.2.161.33
2012-04-11 10:51:27,467 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
2012-04-11 11:27:27,811 - loginattempt: INFO resetting count for:
10.2.161.33
2012-04-11 11:30:09,705 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
2012-04-11 11:42:39,837 - denyfileutil: INFO purging entries older than:
Tue Mar 27 11:42:39 2012
2012-04-11 11:42:39,869 - denyfileutil: INFO num entries purged: 0
2012-04-11 12:10:22,016 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
2012-04-11 12:44:22,353 - loginattempt: INFO resetting count for:
10.2.161.33
2012-04-11 12:47:04,975 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
2012-04-11 12:48:04,993 - denyfileutil: INFO purging entries older than:
Tue Mar 27 12:48:04 2012
2012-04-11 12:48:05,024 - denyfileutil: INFO num entries purged: 0
2012-04-11 12:50:46,957 - denyhosts : INFO new denied hosts:
['mailer.arttour.ru', 'cray-xt6.node7.core.ta.edu',
'india580.server4you.de', '181.140.18.217.okb.tomsknet.ru']
...
--
John Mire: jm...@lsuhsc.edu
smime.p7s
Description: S/MIME cryptographic signature
------------------------------------------------------------------------------ Better than sec? Nothing is better than sec when it comes to monitoring Big Data applications. Try Boundary one-second resolution app monitoring today. Free. http://p.sf.net/sfu/Boundary-dev2dev
_______________________________________________ Denyhosts-user mailing list Denyhosts-user@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/denyhosts-user
