Marconi wrote: > At 10:00 PM -0700 8/16/07, David Liontooth sent email regarding > [Denyhosts-user] Installing on OSX 10.4 -- /etc/hosts.deny?: > >> On the Mac OSX 10.4 system I'm installing denyhosts on, there's no >> /etc/hosts.deny. >> I created one, and denyhosts starts fine, and populates from the log. >> What I don't know yet is whether it will block as intended -- can >> someone tell me? >> > > I'm currently using /etc/hosts.deny on OS X 10.4.10 and it does > indeed work. At least proftpd checks it. I'm pretty sure sshd does as > well. If you'd like to know for sure, try to ssh to 24.119.59.5 > multiple times and let me know if it stops accepting your connections > at some point. Email me with your IP and I'll watch for it. (And > remove it after the test.) > I got it working!
Thanks for the suggestion on testing -- I realized I could test from my e-mail server: [EMAIL PROTECTED]:/usr/share/denyhosts# tail -f /var/log/secure.log Aug 17 08:37:39 venice sshd[26962]: Invalid user test from 64.6.248.2 Aug 17 08:37:40 venice sshd[26964]: Invalid user test from 64.6.248.2 Aug 17 08:37:41 venice sshd[26966]: Invalid user test from 64.6.248.2 Aug 17 08:37:43 venice sshd[26968]: Invalid user test from 64.6.248.2 Aug 17 08:37:44 venice sshd[26970]: Invalid user test from 64.6.248.2 Aug 17 08:37:45 venice sshd[26972]: Invalid user test from 64.6.248.2 Aug 17 08:37:46 venice sshd[26974]: Invalid user test from 64.6.248.2 Aug 17 08:37:47 venice sshd[26976]: Invalid user test from 64.6.248.2 Aug 17 08:37:49 venice sshd[26978]: Invalid user test from 64.6.248.2 Aug 17 08:37:50 venice sshd[26980]: Invalid user test from 64.6.248.2 BTW none of this shows up in asl.log, so configurations must differ -- and "About this Mac" says Version 10.4.10. # uname -a Darwin venice 8.10.1 Darwin Kernel Version 8.10.1: Wed May 23 16:33:00 PDT 2007; root:xnu-792.22.5~1/RELEASE_I386 i386 i386 With this line in denyhosts.cfg, denyhosts does nothing -- failed attempts don't get included in /etc/hosts.deny: SSHD_FORMAT_REGEX=.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM: (?P<message>.*?)\].*? If I comment this out (as someone suggested earlier on this board) and restart, failed attempts do get included in /etc/hosts.deny on startup, and connections are blocked -- cool. My only other OSX-specific modification to /usr/share/denyhosts.cfg is to set LOCK_FILE = /var/run/denyhosts.pid, which is confirmed to work. And I did have to upgrade from the previously installed python 2.3 -- denyhosts installation failed, as others on the board found. python 2.5.1 from the python site works fine, though you have to install it as root or the internal python paths for root won't change. And you have to replace the /usr/bin/python symlink (or your /etc/bashrc) so bash finds the right version: [EMAIL PROTECTED]:/usr/bin# rm python [EMAIL PROTECTED]:/usr/bin# ln -s ../../Library/Frameworks/Python.framework/Versions/2.5/bin/python python How do I get the daemon to start automatically on OSX? I added this to /etc/rc: # Start DenyHosts /usr/share/denyhosts/daemon-control start It works, as I see this after a reboot: # l /var/run | grep deny -rw-r--r-- 1 root daemon 3 Aug 17 09:17 denyhosts.pid But probably not the correct way to do it. I couldn't find a /etc/init.d. Oh, and if there are mac people out there -- how do you get "ps aux" to wrap? Drives me bonkers, I can't see the process. Wrap is turned on in the terminal and other commands wrap. ps -w makes no difference. Dave ------------------------------------------------------------------------- This SF.net email is sponsored by: Splunk Inc. Still grepping through log files to find problems? Stop. Now Search log events and configuration files using AJAX and a browser. Download your FREE copy of Splunk now >> http://get.splunk.com/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
