Dave wrote: > Hello, > I've installed denyhosts on centos 5.3 trying to block automated > attacks on ssh. It appears to be working in that entries are being added to > /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip > being added perday when the total is many more than that. My config is > below, i've gone over it and am not seeing what i missed. Suggestions > welcome. > I was also wondering if denyhosts can block other types of robot > attacks such as smtp or port 80?
It can deny access to any service that uses hosts.deny if you change it to ALL instead of sshd. It is configured to watch /var/log/secure, so if smtpd logs login failures there, then it can be used to add to the deny list. Apache does not use hosts.allow or hosts.deny by default. Some googling suggested this might be done with xinetd but I haven't tried it. > BLOCK_SERVICE = sshd > SYNC_SERVER = http://xmlrpc.denyhosts.net:9911 > SYNC_INTERVAL = 1h > SYNC_UPLOAD = yes > SYNC_DOWNLOAD = yes I believe the IP entries being added are because you using the sync feature. The email only notifies new entries added due to active attempts against your server, not those added by the sync, IIRC. Rick _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos