Laine Lee wrote: > Here are some examples of asl.log entries that had to be removed before > DenyHosts could keep running.
Are you using the configuration changes recommended in http://denyhosts.sourceforge.net/mac_os_10_4.txt (watch out for html mangling of the text, the < appears as < and the > as >)? > [Time 2007.05.14 16:32:17 UTC] [Facility local2] [Sender sudo] [PID -1] > [Message turindot : TTY=ttyp1 ; PWD=/Users/turindot ; USER=root ; > COMMAND=/usr/bin/grep failed to auth /var/log/secure.log] [Level 5] [UID -2] > [GID -2] [Host fledge] > > [Time 2007.05.17 15:35:22 UTC] [Facility daemon] [Sender diskarbitrationd] > [PID 57] [Message disk1s10 hfs 7291CDB1-85D9-3925-9983-1ED4FCA418B6 > FWB48 /Volumes/FWB48] [Level 5] [UID -2] [GID -2] [Host > localhost] > > > Here's the error encountered. > > > starting DenyHosts: /usr/bin/env python > /System/Library/Frameworks/...denyhosts.py --daemon > --config=/usr/...denyhosts.cfg > Traceback (most recent call last): > File "/System/Library/Frameworks/...denyhosts.py", line 164, in ? > first_time, noemail, daemon) > File "/System/Library/Frameworks/...deny_hosts.py", line 82, in __init__ > offset = self.process_log(logfile, last_offset) > File "/System/Library/Frameworks/...deny_hosts.py", line 380, in > process_log > message = sshd_m.group('message') > IndexError: no such group > > DenyHosts exited abnormally > > > Can the secure.log file be monitored rather than the asl.log file in Mac OS > X Server? I'm asking partly because of the above problem, and partly because > the secure.log appears to contain IP addresses of attackers that don't seem > to appear in the asl.log. Thanks. I don't really know, I have no MacOSX, but from other messages on this list: >> I think that I have made progress by setting "UsePAM yes" in sshd_config. ... >> > The corresponding REGEX for denyhosts becomes: >> > SSHD_FORMAT_REGEX:.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM: >> > (?P<message>.*?)\].*? ... >> additionally setting >> >> UseDNS no >> >> in /etc/sshd_config finishes the process yielding this in asl.log: -- René Berber ------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
