#54 Running denyhosts on a system acting as central syslog serve

open
nobody
None
5
2011-05-19
2011-05-19
LawrenceK
No

When running denyhosts on a system running as a central syslog server for multiple systems denyhosts will block access to its own server based on login failure to the other servers.

Discussion

  • Kyle Willmon
    Kyle Willmon
    2011-05-24

    This actually seems like a good thing to me in most cases. More proof that a host is malicious. Obviously, I can see the cases where this is not desirable.

    If this is not the desired action, I would suggest giving DenyHosts some method of determining what log messages are local and what log messages came in from remote hosts. Keep in mind that DenyHosts simply watches /var/log/auth.log (or whatever file is listed in the configs) and matches it against a number of regex patterns. I would suggest directing remote host logs to a separate file with syslog.