From: René B. <rb...@ca...> - 2008-10-25 23:57:40
|
Neal Becker wrote: > I'm using stock denyhosts-2.6-10.fc9.noarch on Fedora F9. AFAIK, I > did not change any settings from defaults. That probably is the problem, your defaults seem to be "do nothing". > I see a bunch of these in /var/log/messages: Oct 25 15:04:32 nbecker > sshd[13980]: Failed password for root from 210.214.136.95 port 58285 > ssh2 > > I do not see any thing in /etc/hosts.deny about this, and I do not > see anything in /var/log/denyhosts.log about this. > > denyhosts is running, and is updating via sync. Sync doesn't seem to be configured... > I'm really wondering if the fedora f9 denyhosts that we all depend on > actually even works at all? > > Here is the startup info: 2008-10-22 04:24:39,995 - denyhosts : > INFO DenyHosts launched with the following args: 2008-10-22 > 04:24:39,995 - denyhosts : INFO /usr/bin/denyhosts.py > --daemon --config=/etc/denyhosts.conf 2008-10-22 04:24:39,995 - prefs > : INFO DenyHosts configuration settings: 2008-10-22 04:24:39,995 > - prefs : INFO ADMIN_EMAIL: [root@localhost] 2008-10-22 > 04:24:39,995 - prefs : INFO AGE_RESET_INVALID: [864000] > 2008-10-22 04:24:39,995 - prefs : INFO > AGE_RESET_RESTRICTED: [2160000] 2008-10-22 04:24:39,995 - prefs > : INFO AGE_RESET_ROOT: [2160000] 2008-10-22 04:24:39,996 - > prefs : INFO AGE_RESET_VALID: [432000] 2008-10-22 > 04:24:39,996 - prefs : INFO > ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2008-10-22 04:24:39,996 - prefs > : INFO BLOCK_SERVICE: [sshd] 2008-10-22 04:24:39,996 - prefs > : INFO DAEMON_LOG: [/var/log/denyhosts] 2008-10-22 > 04:24:39,996 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: > [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2008-10-22 > 04:24:39,996 - prefs : INFO DAEMON_LOG_TIME_FORMAT: > [None] 2008-10-22 04:24:39,996 - prefs : INFO > DAEMON_PURGE: [3600] 2008-10-22 04:24:39,996 - prefs : INFO > DAEMON_SLEEP: [30] 2008-10-22 04:24:39,997 - prefs : INFO > DENY_THRESHOLD_INVALID: [5] 2008-10-22 04:24:39,997 - prefs : > INFO DENY_THRESHOLD_RESTRICTED: [1] 2008-10-22 04:24:39,997 - > prefs : INFO DENY_THRESHOLD_ROOT: [1] 2008-10-22 > 04:24:39,997 - prefs : INFO DENY_THRESHOLD_VALID: [10] > 2008-10-22 04:24:39,997 - prefs : INFO > FAILED_ENTRY_REGEX: [None] 2008-10-22 04:24:39,997 - prefs : > INFO FAILED_ENTRY_REGEX2: [None] 2008-10-22 04:24:39,997 - > prefs : INFO FAILED_ENTRY_REGEX3: [None] 2008-10-22 > 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX4: [None] > 2008-10-22 04:24:39,997 - prefs : INFO > FAILED_ENTRY_REGEX5: [None] 2008-10-22 04:24:39,998 - prefs : > INFO FAILED_ENTRY_REGEX6: [None] First thing missing: where is your denyhosts.cfg file? I don't use Fedora, it should be in /etc/ but could be in /usr/share/denyhosts/. Second thing missing: SECURE_LOG seems to be undefined (in denyhosts.cfg), nothing will happen until you define which log to watch. Third (optional): same goes for SYNC_DOWNLOAD, also in the cfg file. -- René Berber |