From: Phil S. <phi...@us...> - 2009-07-15 23:23:03
|
Was the IP still in /etc/hosts.deny after the 5 minutes? If not, how did it get removed? There is no auto-whitelist feature. There is however a purge facility which appears to be set to 300 seconds (5 minutes) which means added ips will be purged every 5 minutes which probably isn't desired. You may want to set it to 300h (hours) or 300d (days). Once an IP is purged it should be re-added if it exceeds one of the thresholds again. Regards, Phil On Wed, 15 Jul 2009, Yang, Zhengfan wrote: > Hello, > > I downloaded the latest Denyhosts and tested using the following > settings. But I got the following problems: after three login attempts > using invalid usernames, the IP did get blocked (it is added to > hosts.deny). And after about 5 minutes, the IP again works (it is > removed from hosts.deny). However, after that, this IP is never blocked > again, no matter how much failed login attempts I tried. In other words, > it seems this IP is permanently added to a white-list after the purging, > I am sure this is not the original intent of the software. I am > wondering whether my settings are correct, or something else happened. > > Best regards, > > Zhengfan Yang > > 2009-07-15 13:25:52,307 - denyhosts : INFO DenyHosts launched with the following args: > 2009-07-15 13:25:52,307 - denyhosts : INFO /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg > 2009-07-15 13:25:52,307 - prefs : INFO DenyHosts configuration settings: > 2009-07-15 13:25:52,308 - prefs : INFO ADMIN_EMAIL: [None] > 2009-07-15 13:25:52,308 - prefs : INFO AGE_RESET_INVALID: [864000] > 2009-07-15 13:25:52,308 - prefs : INFO AGE_RESET_ROOT: [2160000] > 2009-07-15 13:25:52,308 - prefs : INFO AGE_RESET_VALID: [432000] > 2009-07-15 13:25:52,308 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] > 2009-07-15 13:25:52,308 - prefs : INFO BLOCK_SERVICE: [sshd] > 2009-07-15 13:25:52,308 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] > 2009-07-15 13:25:52,308 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] > 2009-07-15 13:25:52,308 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] > 2009-07-15 13:25:52,309 - prefs : INFO DAEMON_PURGE: [180] > 2009-07-15 13:25:52,309 - prefs : INFO DAEMON_SLEEP: [30] > 2009-07-15 13:25:52,309 - prefs : INFO DENY_THRESHOLD_INVALID: [3] > 2009-07-15 13:25:52,309 - prefs : INFO DENY_THRESHOLD_ROOT: [1] > 2009-07-15 13:25:52,309 - prefs : INFO DENY_THRESHOLD_VALID: [5] > 2009-07-15 13:25:52,309 - prefs : INFO FAILED_ENTRY_REGEX: [None] > 2009-07-15 13:25:52,309 - prefs : INFO FAILED_ENTRY_REGEX2: [None] > 2009-07-15 13:25:52,309 - prefs : INFO FAILED_ENTRY_REGEX3: [None] > 2009-07-15 13:25:52,309 - prefs : INFO FAILED_ENTRY_REGEX4: [None] > 2009-07-15 13:25:52,309 - prefs : INFO FAILED_ENTRY_REGEX5: [None] > 2009-07-15 13:25:52,310 - prefs : INFO FAILED_ENTRY_REGEX6: [None] > 2009-07-15 13:25:52,310 - prefs : INFO HOSTNAME_LOOKUP: [YES] > 2009-07-15 13:25:52,310 - prefs : INFO HOSTS_DENY: [/etc/hosts.deny] > 2009-07-15 13:25:52,310 - prefs : INFO LOCK_FILE: [/var/lock/subsys/denyhosts] > 2009-07-15 13:25:52,310 - prefs : INFO PLUGIN_DENY: [None] > 2009-07-15 13:25:52,310 - prefs : INFO PLUGIN_PURGE: [None] > 2009-07-15 13:25:52,310 - prefs : INFO PURGE_DENY: [300] > 2009-07-15 13:25:52,310 - prefs : INFO SECURE_LOG: [/var/log/messages] > 2009-07-15 13:25:52,310 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>] > 2009-07-15 13:25:52,310 - prefs : INFO SMTP_HOST: [localhost] > 2009-07-15 13:25:52,311 - prefs : INFO SMTP_PASSWORD: [None] > 2009-07-15 13:25:52,311 - prefs : INFO SMTP_PORT: [25] > 2009-07-15 13:25:52,311 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report] > 2009-07-15 13:25:52,311 - prefs : INFO SMTP_USERNAME: [None] > 2009-07-15 13:25:52,311 - prefs : INFO SSHD_FORMAT_REGEX: [None] > 2009-07-15 13:25:52,311 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None] > 2009-07-15 13:25:52,311 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES] > 2009-07-15 13:25:52,311 - prefs : INFO SYNC_DOWNLOAD: [yes] > 2009-07-15 13:25:52,311 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3] > 2009-07-15 13:25:52,312 - prefs : INFO SYNC_INTERVAL: [1h] > 2009-07-15 13:25:52,312 - prefs : INFO SYNC_SERVER: [None] > 2009-07-15 13:25:52,312 - prefs : INFO SYNC_UPLOAD: [yes] > 2009-07-15 13:25:52,312 - prefs : INFO WORK_DIR: [/usr/share/denyhosts/data] > 2009-07-15 13:25:52,325 - denyhosts : INFO Processing log file (/var/log/messages) from offset (318860185) > 2009-07-15 13:25:53,626 - denyhosts : INFO new denied hosts: ['139.52.19.68'] > 2009-07-15 13:25:53,750 - denyhosts : INFO launching DenyHosts daemon (version 2.0)... > 2009-07-15 13:25:53,757 - denyhosts : INFO DenyHosts daemon is now running, pid: 9549 > 2009-07-15 13:25:53,758 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly > 2009-07-15 13:25:53,758 - denyhosts : INFO eg. kill -TERM 9549 > 2009-07-15 13:25:54,130 - denyhosts : INFO monitoring log: /var/log/messages > 2009-07-15 13:25:54,130 - denyhosts : INFO sync_time: 1h > 2009-07-15 13:25:54,130 - denyhosts : INFO daemon_purge: 180 > 2009-07-15 13:25:54,130 - denyhosts : INFO daemon_sleep: 30 > 2009-07-15 13:25:54,130 - denyhosts : INFO purge_sleep_ratio: 6 > 2009-07-15 13:25:54,131 - denyhosts : INFO denyhosts synchronization disabled > > ------------------------------------------------------------------------------ > Enter the BlackBerry Developer Challenge > This is your chance to win up to $100,000 in prizes! For a limited time, > vendors submitting new applications to BlackBerry App World(TM) will have > the opportunity to enter the BlackBerry Developer Challenge. See full prize > details at: http://p.sf.net/sfu/Challenge > _______________________________________________ > Denyhosts-user mailing list > Den...@li... > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > -- Regards, Phil Schwartz - http://www.phil-schwartz.com Open Source Projects: - DenyHosts: http://www.denyhosts.net - Kodos: http://kodos.sourceforge.net - ReleaseForge: http://releaseforge.sourceforge.net - Scratchy: http://scratchy.sourceforge.net - FAQtor: http://faqtor.sourceforge.net |