Should this bug qualify as a high priority security fix since this is a
security feature which is silently not working?
People are constantly trying to attack my open ssh port. I didn't notice
this problem till several weeks after I set up the server. Like a fool I
just assumed that denyhosts would work as well as it did on edgy.
Hopefully no one has brute forced my password and covered up their
tracks in the last two weeks.
I can verify that denyhosts was silently failing to work on a fresh install of
feisty.
There were no messages indicating any problem in any of the log files.
The /var/lib/denyhosts directory was empty.
ps -ef | grep denyhosts showed nothing running.
sudo /etc/init.d/denyhosts start would look like it worked and some startup
stuff appeared in /var/log/denyhosts but then the process silently died.
The end of /var/log/denyhosts was:
2007-06-06 07:05:23,193 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 07:05:23,193 - prefs : INFO WORK_DIR:
[/var/lib/denyhosts]
2007-06-06 07:05:23,203 - denyhosts : INFO restricted: set([])
Investigating further I tried running from the command line.
[EMAIL PROTECTED]:/var/log$ denyhosts
DenyHosts could not obtain lock (pid: )
[Errno 13] Permission denied: '/var/run/denyhosts.pid'
[EMAIL PROTECTED]:/var/log$ sudo /etc/init.d/denyhosts stop
[EMAIL PROTECTED]:/var/log$ sudo denyhosts
Traceback (most recent call last):
File "/usr/sbin/denyhosts", line 165, in <module>
first_time, noemail, daemon)
File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 78, in __init__
self.get_denied_hosts()
File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 272, in
get_denied_hosts
for line in open(self.__prefs.get('HOSTS_DENY'), "r"):
IOError: [Errno 2] No such file or directory: '/etc/hosts.deny'
DenyHosts exited abnormally
[EMAIL PROTECTED]:/var/log$ sudo touch /etc/hosts.deny
[EMAIL PROTECTED]:/var/log$ sudo denyhosts
[EMAIL PROTECTED]:/var/log$
So creating the hosts.deny file avoids the python error message.
It seems like the python error message should have gone to one of the /var/log
files to make the problem more obvious.
After creating /etc/hosts.deny everything seems to be working.
The expected files show up in /var/lib/denyhosts
The end of /var/log/denyhosts is now:
2007-06-06 08:53:31,449 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 08:53:31,449 - prefs : INFO WORK_DIR:
[/var/lib/denyhosts]
2007-06-06 08:53:31,450 - denyhosts : INFO restricted: set([])
2007-06-06 08:53:31,461 - denyhosts : INFO Processing log file
(/var/log/auth.log) from offset (15264)
2007-06-06 08:53:31,464 - denyhosts : INFO launching DenyHosts daemon
(version 2.6)...
2007-06-06 08:53:31,482 - denyhosts : INFO DenyHosts daemon is now
running, pid: 7663
2007-06-06 08:53:31,484 - denyhosts : INFO send daemon process a TERM
signal to terminate cleanly
2007-06-06 08:53:31,485 - denyhosts : INFO eg. kill -TERM 7663
2007-06-06 08:53:31,485 - denyhosts : INFO monitoring log:
/var/log/auth.log
2007-06-06 08:53:31,486 - denyhosts : INFO sync_time: 3600
2007-06-06 08:53:31,486 - denyhosts : INFO purging of /etc/hosts.deny is
disabled
2007-06-06 08:53:31,487 - denyhosts : INFO denyhosts synchronization
disabled
So I guess the work around is:
sudo touch /etc/hosts.deny
Regards,
Mike Sebastian
--
denyhosts package causing problems
https://bugs.launchpad.net/bugs/87898
You received this bug notification because you are a member of Ubuntu
Bugs, which is the bug contact for Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
