Hello list, I'm trying to use denyhosts to secure an FTP (VSFTPD) server against BF attacks, and I'm not having a lot of luck. The server in question is an RHEL 4 server and I'm using denyhosts 2.6 . I've been able to block traffic on it using hosts.deny, so I know it's integrated with TCP wrappers.
I'm trying to run denyhosts in daemon mode, writing to hosts.deny and reading login attempts from /var/log/messages. Here's a snippet of my messages file: Sep 11 13:05:49 TESTBED002 vsftpd(pam_unix)[11393]: authentication failure; logname= uid=0 euid=0 tty= ruser= rhost=192.168.100.228 user=test I've got the config file set to block after 5 failed attempts, and I see the failed attempts in the messages file, but all I get from the debug output from denyhosts is this: 2007-09-11 13:10:09,000 - denyhosts : DEBUG /var/log/messages has additional data 2007-09-11 13:10:09,001 - denyhosts : DEBUG no new denied hosts 2007-09-11 13:10:09,001 - denyhosts : DEBUG no new suspicious logins I'm sure someone out there has configured vsftpd with denyhosts in daemon mode, and would appreciate any input that can be offered. Thanks in advance... Danno ------------------------------------------------------------------------- This SF.net email is sponsored by: Microsoft Defy all challenges. Microsoft(R) Visual Studio 2005. http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
