In my experience this will be the case until one's system crashes, at which point one will have to manually remove the /sw/var/run/denyhosts-py25.pid file before the daemon can be restarted. Any normal shutdown or restart (whether remote or local) will automatically remove the file. --Robert
glenn millhauser wrote: > Delighted to know it is working for you. Since last May when we got > denyhosts up and running, it has worked beautifully. Also, with > restarts, the daemon shuts down and restarts just fine. So, once > denyhosts is running in daemon mode, you can forget about it. It will > just keep logging those brute force break in attempts to your hosts.deny > file. > all the best, > glenn > > > On Oct 21, 2008, at 9:26 AM, Robert T Wyatt wrote: > >> Just wanted to mention that I finally took the time to try this out >> and it is working like a charm! Thanks for figuring it out and posting >> the steps involved. --Robert >> >> glenn millhauser wrote: >>> Good news -- looks like denyhosts is working! My guess -- from a >>> highly non-expert point of view -- is that most likely denyhosts >>> wasn't updated for 10.5. To summarize, here are my changes after >>> doing Fink install denyhosts-py25-2.6-1: >>> >>> 1) edit the sshd_config file according to the link >>> >>> http://article.gmane.org/gmane.os.apple.fink.beginners/19292/match=denyhosts >>> >>> It's just two or three simple changes. >>> >>> 2) In /sw/etc/denyhosts-py25 edit the denyhosts.cfg file by changing >>> >>> SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/secure.log >>> >>> and comment out the statement SSHD_FORMAT_REGEX= >>> >>> >>> Then, according to instructions in this thread, I killed the active >>> daemon and restarted with >>> >>> sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- >>> daemon >>> >>> >>> It is working very nicely. Catching all kinds of break in attempts >>> and logging them in host.deny. I went to another computer and tried >>> five bogus logins. Denyhosts caught this, added the id to the list >>> and allowed no further interactions from this computer. Nice. >>> >>> The only thing I haven't tried is rebooting to make sure the daemon >>> starts properly and sees all relevant files. If I have probs, I'll >>> let you know. >>> >>> Thanks everybody for all the help. Very much appreciated. >>> g >>> >>> >>> >>> >>> On May 9, 2008, at 11:50 AM, Robert T Wyatt wrote: >>> >>>> Robert T Wyatt wrote: >>>>> Alexander Hansen wrote: >>>>>> glenn millhauser wrote: >>>>>>> Hi All, >>>>>>> Okay -- the files below (pointed out in Robert's message) were >>>>>>> all >>>>>>> found to be in place. Also, based on the thread >>>>>>> >>>>>>> http://thread.gmane.org/gmane.comp.security.denyhosts.user/397/focus=399 >>>>>>> >>>>>>> I changed: >>>>>>> >>>>>>> SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/ >>>>>>> secure.log >>>>>>> >>>>>>> I also commented out the statement SSHD_FORMAT_REGEX= >>>>>>> Then, I ran the way Alexander did: >>>>>>> >>>>>>> sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- >>>>>>> daemon >>>>>>> >>>>>>> >>>>>>> It now appears that denyhosts finds the denyhosts.cfg file. >>>>>>> However, >>>>>>> I get the error: >>>>>>> >>>>>>> DenyHosts could not obtain lock (pid: 112) >>>>>>> [Errno 17] File exists: '/sw/var/run/denyhosts-py25.pid' >>>>>>> >>>>>>> >>>>>>> I think I might be getting closer but don't know what to do with >>>>>>> this. >>>>>>> Any ideas?? >>>>>>> >>>>>>> thanks, >>>>>>> g >>>>>> That would make me suspect that the daemon is already running for >>>>>> you, >>>>>> and it won't let you do a second instance. >>>>> I agree with Alex and if you 'cat /sw/var/run/denyhosts-py25.pid' you >>>>> will obtain the process id of the running instance and can then kill >>>>> the process (sudo kill -TERM PID --where PID is the process id) so >>>>> that you can restart it manually. >>>>> >>>>> FWIW, I think fink's denyhosts puts its log in /sw/var/log/denyhosts >>>>> or somewhere very close to that; the log should give the loaded >>>>> configuration, PID, DH's recommended kill command, and a lot of other >>>>> goodies. >>>>> >>>>> Sounds like you're making good progress! >>>>> >>>>> --rtw >>>> There is another possibility: if DH terminated abnormally, the .pid >>>> file would still be present. >>>> >>>> During startup, DH looks for this file, if it's present (whether the >>>> daemon is actually running or not) it will not start. >>>> >>>> Simply: sudo rm /sw/var/run/denyhosts-py25.pid to get rid of the file >>>> if this is the case. >>>> >>>> --rtw >>>> >>> >>> >>> >>> Glenn L. Millhauser >>> Department of Chemistry & Biochemistry >>> UC Santa Cruz >>> Santa Cruz, CA 95064 >>> 831 459 2176 voice >>> 831 566 3337 cell >>> 831 459 2935 fax >>> >>> http://chemistry.ucsc.edu/~glennm >>> http://www.chemistry.ucsc.edu/faculty/millhauser.html >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> <http://moblin-contest.org/redirect.php?banner_id=100&url=/> >> _______________________________________________ >> Fink-beginners mailing list >> [email protected] >> http://news.gmane.org/gmane.os.apple.fink.beginners >> > > > > Glenn L. Millhauser > > Department of Chemistry & Biochemistry > > UC Santa Cruz > > Santa Cruz, CA 95064 > > 831 459 2176 voice > > 831 566 3337 cell > > 831 459 2935 fax > > > http://chemistry.ucsc.edu/~glennm > > http://www.chemistry.ucsc.edu/faculty/millhauser.html > > > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Fink-beginners mailing list [email protected] http://news.gmane.org/gmane.os.apple.fink.beginners
