Hello Jason,
Your ssh/tcp_wrappers configuration logs messages in an unusual format. You'll need to supply custom regexes as explained here: http://denyhosts.sourceforge.net/faq.html#custom_regex Regards, Phil On Tue, 8 Aug 2006, Jason Crocker wrote: > I have recently installed and configured Deny Hosts 2.5 which is > running as daemon. Based on DEBUG mode output DH processes the log > file properly and purges properly however suspicious logins are not > identified and no new hosts are ever denied. > > 2006-08-08 08:26:13,420 - denyhosts : DEBUG /var/log/messages has > additional data > 2006-08-08 08:26:13,422 - denyhosts : DEBUG no new denied hosts > 2006-08-08 08:26:13,422 - denyhosts : DEBUG no new suspicious logins > > The log file being processed does clearly contain questionable login > attempt info: > > Aug 8 06:49:00 MYSITE sshd(pam_unix)[22602]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx > user=root > Aug 8 06:49:01 MYSITE sshd(pam_unix)[22605]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx > user=root > Aug 8 06:49:01 MYSITE sshd(pam_unix)[22606]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx > user=root > Aug 8 06:49:02 MYSITE sshd(pam_unix)[22611]: authentication failure; > logname= uid=0 euid=0 tty=NODEVssh ruser= rhost=azul2.bnct.ipn.mx > user=root > > The log file in question contains hundreds of these attempts. Any > advice would be greatly appreciated. > > Jason > > ------------------------------------------------------------------------- > Using Tomcat but need to do more? Need to support web services, security? > Get stuff done quickly with pre-integrated technology to make your job easier > Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo > http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > -- Regards, Phil Schwartz - http://www.phil-schwartz.com Open Source Projects: - DenyHosts: http://www.denyhosts.net - Kodos: http://kodos.sourceforge.net - ReleaseForge: http://releaseforge.sourceforge.net - Scratchy: http://scratchy.sourceforge.net - FAQtor: http://faqtor.sourceforge.net ------------------------------------------------------------------------- Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
