Delighted to know it is working for you. Since last May when we got
denyhosts up and running, it has worked beautifully. Also, with
restarts, the daemon shuts down and restarts just fine. So, once
denyhosts is running in daemon mode, you can forget about it. It will
just keep logging those brute force break in attempts to your
hosts.deny file.
all the best,
glenn
On Oct 21, 2008, at 9:26 AM, Robert T Wyatt wrote:
Just wanted to mention that I finally took the time to try this out
and it is working like a charm! Thanks for figuring it out and posting
the steps involved. --Robert
glenn millhauser wrote:
Good news -- looks like denyhosts is working! My guess -- from a
highly non-expert point of view -- is that most likely denyhosts
wasn't updated for 10.5. To summarize, here are my changes after
doing Fink install denyhosts-py25-2.6-1:
1) edit the sshd_config file according to the link
http://article.gmane.org/gmane.os.apple.fink.beginners/19292/match=denyhosts
It's just two or three simple changes.
2) In /sw/etc/denyhosts-py25 edit the denyhosts.cfg file by changing
SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/
secure.log
and comment out the statement SSHD_FORMAT_REGEX=
Then, according to instructions in this thread, I killed the active
daemon and restarted with
sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg --
daemon
It is working very nicely. Catching all kinds of break in attempts
and logging them in host.deny. I went to another computer and tried
five bogus logins. Denyhosts caught this, added the id to the list
and allowed no further interactions from this computer. Nice.
The only thing I haven't tried is rebooting to make sure the daemon
starts properly and sees all relevant files. If I have probs, I'll
let you know.
Thanks everybody for all the help. Very much appreciated.
g
On May 9, 2008, at 11:50 AM, Robert T Wyatt wrote:
Robert T Wyatt wrote:
Alexander Hansen wrote:
glenn millhauser wrote:
Hi All,
Okay -- the files below (pointed out in Robert's message) were
all
found to be in place. Also, based on the thread
http://thread.gmane.org/gmane.comp.security.denyhosts.user/397/focus=399
I changed:
SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/
secure.log
I also commented out the statement SSHD_FORMAT_REGEX=
Then, I ran the way Alexander did:
sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg --
daemon
It now appears that denyhosts finds the denyhosts.cfg file.
However,
I get the error:
DenyHosts could not obtain lock (pid: 112)
[Errno 17] File exists: '/sw/var/run/denyhosts-py25.pid'
I think I might be getting closer but don't know what to do with
this.
Any ideas??
thanks,
g
That would make me suspect that the daemon is already running for
you,
and it won't let you do a second instance.
I agree with Alex and if you 'cat /sw/var/run/denyhosts-py25.pid'
you
will obtain the process id of the running instance and can then
kill
the process (sudo kill -TERM PID --where PID is the process id) so
that you can restart it manually.
FWIW, I think fink's denyhosts puts its log in /sw/var/log/
denyhosts
or somewhere very close to that; the log should give the loaded
configuration, PID, DH's recommended kill command, and a lot of
other
goodies.
Sounds like you're making good progress!
--rtw
There is another possibility: if DH terminated abnormally, the .pid
file would still be present.
During startup, DH looks for this file, if it's present (whether the
daemon is actually running or not) it will not start.
Simply: sudo rm /sw/var/run/denyhosts-py25.pid to get rid of the
file
if this is the case.
--rtw
Glenn L. Millhauser
Department of Chemistry & Biochemistry
UC Santa Cruz
Santa Cruz, CA 95064
831 459 2176 voice
831 566 3337 cell
831 459 2935 fax
http://chemistry.ucsc.edu/~glennm
http://www.chemistry.ucsc.edu/faculty/millhauser.html
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's
challenge
Build the coolest Linux based applications with Moblin SDK & win
great prizes
Grand prize is a trip for two to an Open Source event anywhere in
the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Fink-beginners mailing list
[email protected]
http://news.gmane.org/gmane.os.apple.fink.beginners
Glenn L. Millhauser
Department of Chemistry & Biochemistry
UC Santa Cruz
Santa Cruz, CA 95064
831 459 2176 voice
831 566 3337 cell
831 459 2935 fax
http://chemistry.ucsc.edu/~glennm
http://www.chemistry.ucsc.edu/faculty/millhauser.html
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Fink-beginners mailing list
[email protected]
http://news.gmane.org/gmane.os.apple.fink.beginners
