Re: [Denyhosts-user] ssh root login attempts not being banned

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 454-5900

Neal Becker wrote:

> I'm using stock denyhosts-2.6-10.fc9.noarch on Fedora F9.  AFAIK, I
> did not change any settings from defaults.

That probably is the problem, your defaults seem to be "do nothing".

> I see a bunch of these in /var/log/messages: Oct 25 15:04:32 nbecker
> sshd[13980]: Failed password for root from 210.214.136.95 port 58285
> ssh2
> 
> I do not see any thing in /etc/hosts.deny about this, and I do not
> see anything in /var/log/denyhosts.log about this.
> 
> denyhosts is running, and is updating via sync.

Sync doesn't seem to be configured...

> I'm really wondering if the fedora f9 denyhosts that we all depend on
> actually even works at all?
> 
> Here is the startup info: 2008-10-22 04:24:39,995 - denyhosts   :
> INFO     DenyHosts launched with the following args: 2008-10-22
> 04:24:39,995 - denyhosts   : INFO        /usr/bin/denyhosts.py
> --daemon --config=/etc/denyhosts.conf 2008-10-22 04:24:39,995 - prefs
> : INFO     DenyHosts configuration settings: 2008-10-22 04:24:39,995
> - prefs       : INFO        ADMIN_EMAIL: [root@localhost] 2008-10-22
> 04:24:39,995 - prefs       : INFO        AGE_RESET_INVALID: [864000] 
> 2008-10-22 04:24:39,995 - prefs       : INFO
> AGE_RESET_RESTRICTED: [2160000] 2008-10-22 04:24:39,995 - prefs
> : INFO        AGE_RESET_ROOT: [2160000] 2008-10-22 04:24:39,996 -
> prefs       : INFO        AGE_RESET_VALID: [432000] 2008-10-22
> 04:24:39,996 - prefs       : INFO
> ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2008-10-22 04:24:39,996 - prefs
> : INFO        BLOCK_SERVICE: [sshd] 2008-10-22 04:24:39,996 - prefs
> : INFO        DAEMON_LOG: [/var/log/denyhosts] 2008-10-22
> 04:24:39,996 - prefs       : INFO        DAEMON_LOG_MESSAGE_FORMAT:
> [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2008-10-22
> 04:24:39,996 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT:
> [None] 2008-10-22 04:24:39,996 - prefs       : INFO
> DAEMON_PURGE: [3600] 2008-10-22 04:24:39,996 - prefs       : INFO
> DAEMON_SLEEP: [30] 2008-10-22 04:24:39,997 - prefs       : INFO
> DENY_THRESHOLD_INVALID: [5] 2008-10-22 04:24:39,997 - prefs       :
> INFO        DENY_THRESHOLD_RESTRICTED: [1] 2008-10-22 04:24:39,997 -
> prefs       : INFO        DENY_THRESHOLD_ROOT: [1] 2008-10-22
> 04:24:39,997 - prefs       : INFO        DENY_THRESHOLD_VALID: [10] 
> 2008-10-22 04:24:39,997 - prefs       : INFO
> FAILED_ENTRY_REGEX: [None] 2008-10-22 04:24:39,997 - prefs       :
> INFO        FAILED_ENTRY_REGEX2: [None] 2008-10-22 04:24:39,997 -
> prefs       : INFO        FAILED_ENTRY_REGEX3: [None] 2008-10-22
> 04:24:39,997 - prefs       : INFO        FAILED_ENTRY_REGEX4: [None] 
> 2008-10-22 04:24:39,997 - prefs       : INFO
> FAILED_ENTRY_REGEX5: [None] 2008-10-22 04:24:39,998 - prefs       :
> INFO        FAILED_ENTRY_REGEX6: [None]

First thing missing: where is your denyhosts.cfg file?  I don't use
Fedora, it should be in /etc/ but could be in /usr/share/denyhosts/.

Second thing missing: SECURE_LOG seems to be undefined (in
denyhosts.cfg), nothing will happen until you define which log to watch.

Third (optional): same goes for SYNC_DOWNLOAD, also in the cfg file.
-- 
René Berber