Just wanted to mention that I finally took the time to try this out and it is working like a charm! Thanks for figuring it out and posting the steps involved. --Robert
glenn millhauser wrote: > Good news -- looks like denyhosts is working! My guess -- from a > highly non-expert point of view -- is that most likely denyhosts > wasn't updated for 10.5. To summarize, here are my changes after > doing Fink install denyhosts-py25-2.6-1: > > 1) edit the sshd_config file according to the link > http://article.gmane.org/gmane.os.apple.fink.beginners/19292/match=denyhosts > > It's just two or three simple changes. > > 2) In /sw/etc/denyhosts-py25 edit the denyhosts.cfg file by changing > > SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/secure.log > > and comment out the statement SSHD_FORMAT_REGEX= > > > Then, according to instructions in this thread, I killed the active > daemon and restarted with > > sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- > daemon > > > It is working very nicely. Catching all kinds of break in attempts > and logging them in host.deny. I went to another computer and tried > five bogus logins. Denyhosts caught this, added the id to the list > and allowed no further interactions from this computer. Nice. > > The only thing I haven't tried is rebooting to make sure the daemon > starts properly and sees all relevant files. If I have probs, I'll > let you know. > > Thanks everybody for all the help. Very much appreciated. > g > > > > > On May 9, 2008, at 11:50 AM, Robert T Wyatt wrote: > >> Robert T Wyatt wrote: >>> Alexander Hansen wrote: >>>> glenn millhauser wrote: >>>>> Hi All, >>>>> Okay -- the files below (pointed out in Robert's message) were >>>>> all >>>>> found to be in place. Also, based on the thread >>>>> >>>>> http://thread.gmane.org/gmane.comp.security.denyhosts.user/397/focus=399 >>>>> >>>>> I changed: >>>>> >>>>> SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/ >>>>> secure.log >>>>> >>>>> I also commented out the statement SSHD_FORMAT_REGEX= >>>>> Then, I ran the way Alexander did: >>>>> >>>>> sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- >>>>> daemon >>>>> >>>>> >>>>> It now appears that denyhosts finds the denyhosts.cfg file. >>>>> However, >>>>> I get the error: >>>>> >>>>> DenyHosts could not obtain lock (pid: 112) >>>>> [Errno 17] File exists: '/sw/var/run/denyhosts-py25.pid' >>>>> >>>>> >>>>> I think I might be getting closer but don't know what to do with >>>>> this. >>>>> Any ideas?? >>>>> >>>>> thanks, >>>>> g >>>> That would make me suspect that the daemon is already running for >>>> you, >>>> and it won't let you do a second instance. >>> I agree with Alex and if you 'cat /sw/var/run/denyhosts-py25.pid' you >>> will obtain the process id of the running instance and can then kill >>> the process (sudo kill -TERM PID --where PID is the process id) so >>> that you can restart it manually. >>> >>> FWIW, I think fink's denyhosts puts its log in /sw/var/log/denyhosts >>> or somewhere very close to that; the log should give the loaded >>> configuration, PID, DH's recommended kill command, and a lot of other >>> goodies. >>> >>> Sounds like you're making good progress! >>> >>> --rtw >> There is another possibility: if DH terminated abnormally, the .pid >> file would still be present. >> >> During startup, DH looks for this file, if it's present (whether the >> daemon is actually running or not) it will not start. >> >> Simply: sudo rm /sw/var/run/denyhosts-py25.pid to get rid of the file >> if this is the case. >> >> --rtw >> > > > > Glenn L. Millhauser > Department of Chemistry & Biochemistry > UC Santa Cruz > Santa Cruz, CA 95064 > 831 459 2176 voice > 831 566 3337 cell > 831 459 2935 fax > > http://chemistry.ucsc.edu/~glennm > http://www.chemistry.ucsc.edu/faculty/millhauser.html ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Fink-beginners mailing list [email protected] http://news.gmane.org/gmane.os.apple.fink.beginners
