Good news -- looks like denyhosts is working! My guess -- from a highly non-expert point of view -- is that most likely denyhosts wasn't updated for 10.5. To summarize, here are my changes after doing Fink install denyhosts-py25-2.6-1:
1) edit the sshd_config file according to the link http://article.gmane.org/gmane.os.apple.fink.beginners/19292/match=denyhosts It's just two or three simple changes. 2) In /sw/etc/denyhosts-py25 edit the denyhosts.cfg file by changing SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/secure.log and comment out the statement SSHD_FORMAT_REGEX= Then, according to instructions in this thread, I killed the active daemon and restarted with sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- daemon It is working very nicely. Catching all kinds of break in attempts and logging them in host.deny. I went to another computer and tried five bogus logins. Denyhosts caught this, added the id to the list and allowed no further interactions from this computer. Nice. The only thing I haven't tried is rebooting to make sure the daemon starts properly and sees all relevant files. If I have probs, I'll let you know. Thanks everybody for all the help. Very much appreciated. g On May 9, 2008, at 11:50 AM, Robert T Wyatt wrote: > > Robert T Wyatt wrote: >> Alexander Hansen wrote: >>> glenn millhauser wrote: >>>> Hi All, >>>> Okay -- the files below (pointed out in Robert's message) were >>>> all >>>> found to be in place. Also, based on the thread >>>> >>>> http://thread.gmane.org/gmane.comp.security.denyhosts.user/397/focus=399 >>>> >>>> I changed: >>>> >>>> SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/ >>>> secure.log >>>> >>>> I also commented out the statement SSHD_FORMAT_REGEX= >>>> Then, I ran the way Alexander did: >>>> >>>> sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- >>>> daemon >>>> >>>> >>>> It now appears that denyhosts finds the denyhosts.cfg file. >>>> However, >>>> I get the error: >>>> >>>> DenyHosts could not obtain lock (pid: 112) >>>> [Errno 17] File exists: '/sw/var/run/denyhosts-py25.pid' >>>> >>>> >>>> I think I might be getting closer but don't know what to do with >>>> this. >>>> Any ideas?? >>>> >>>> thanks, >>>> g >>> That would make me suspect that the daemon is already running for >>> you, >>> and it won't let you do a second instance. >> >> I agree with Alex and if you 'cat /sw/var/run/denyhosts-py25.pid' you >> will obtain the process id of the running instance and can then kill >> the process (sudo kill -TERM PID --where PID is the process id) so >> that you can restart it manually. >> >> FWIW, I think fink's denyhosts puts its log in /sw/var/log/denyhosts >> or somewhere very close to that; the log should give the loaded >> configuration, PID, DH's recommended kill command, and a lot of other >> goodies. >> >> Sounds like you're making good progress! >> >> --rtw > > There is another possibility: if DH terminated abnormally, the .pid > file would still be present. > > During startup, DH looks for this file, if it's present (whether the > daemon is actually running or not) it will not start. > > Simply: sudo rm /sw/var/run/denyhosts-py25.pid to get rid of the file > if this is the case. > > --rtw > Glenn L. Millhauser Department of Chemistry & Biochemistry UC Santa Cruz Santa Cruz, CA 95064 831 459 2176 voice 831 566 3337 cell 831 459 2935 fax http://chemistry.ucsc.edu/~glennm http://www.chemistry.ucsc.edu/faculty/millhauser.html ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Fink-beginners mailing list [email protected] http://news.gmane.org/gmane.os.apple.fink.beginners
