I've been seeing the same failure mode in denyhosts on about 10 hosts for at
least a couple of months now. I've tried tweaking configuration options but
the problem is still occurring any where from every couple days to a couple
of weeks apart.
Basically after a random amount of time, denyhosts will hang and quietly
stop blocking attacks. The only way you know this is to actively monitor the
logs and see it has stopped logging.
You will see something like this in the logs:
2008-05-29 22:01:21,292 - denyfileutil: INFO purging entries older than:
Thu May 22 22:01:21 2008
2008-05-29 22:01:21,411 - loginattempt: INFO purging_hosts: [ # 15 IPs...#
2008-05-29 22:01:21,876 - denyfileutil: INFO num entries purged: 15
Then the process will hang and the error/traceback below won't appear until
you stop and start the service.
I'm seeing the same problem on both el4 and el5 (i.e CentOS 4 & 5) boxes
using RPMForge's rpm ex. denyhosts-2.6-3.el5.rf.noarch.rpm
I've tried setting and commenting out the SYNC_DOWNLOAD_RESILIENCY option in
the config file. That has no effect on the hangs. I don't really want to
turn off sync but I suspect that would help, given the traceback.
Can anyone please offer a suggestion on how to fix this?
Obviously having a firewalling program quietly hanging on a regular basis is
a really bad thing...
2008-05-29 19:01:18,238 - loginattempt: INFO purging_hosts: [# 3 IPs
2008-05-29 19:01:18,660 - denyfileutil: INFO num entries purged: 3
2008-05-29 19:01:19,218 - sync : INFO received 40 new hosts
2008-05-29 19:01:19,218 - denyhosts : INFO received new hosts: [# 40 IPs
2008-05-29 20:01:19,148 - denyfileutil: INFO purging entries older than:
Thu May 22 20:01:19 2008
2008-05-29 20:01:19,268 - loginattempt: INFO purging_hosts: [# 6 IPs ']
2008-05-29 20:01:19,689 - denyfileutil: INFO num entries purged: 6
2008-05-29 20:01:20,478 - sync : INFO received 26 new hosts
2008-05-29 20:01:20,479 - denyhosts : INFO received new hosts: [# 26 IPs
2008-05-29 21:01:20,404 - denyfileutil: INFO purging entries older than:
Thu May 22 21:01:20 2008
2008-05-29 21:01:20,525 - loginattempt: INFO purging_hosts: [# 13 Ips
2008-05-29 21:01:20,948 - denyfileutil: INFO num entries purged: 13
2008-05-29 21:01:21,371 - sync : INFO received 33 new hosts
2008-05-29 21:01:21,372 - denyhosts : INFO received new hosts: [# 33 IPs
2008-05-29 22:01:21,292 - denyfileutil: INFO purging entries older than:
Thu May 22 22:01:21 2008
2008-05-29 22:01:21,411 - loginattempt: INFO purging_hosts: [ # 15 IPs...#
2008-05-29 22:01:21,876 - denyfileutil: INFO num entries purged: 15
# Process hangs and stops logging, doesn't block new attacks
# service restart issued 2008-06-03 ~12:23:06
2008-06-03 12:23:06,341 - denyhosts : INFO DenyHosts daemon is shutting
down
2008-06-03 12:23:06,342 - sync : ERROR 0
Traceback (most recent call last):
File "/usr/lib/python2.4/site-packages/DenyHosts/sync.py", line 117, in
receive_new_hosts
self.__prefs.get("SYNC_DOWNLOAD_RESILIENCY"))
File "/usr/lib64/python2.4/xmlrpclib.py", line 1096, in __call__
return self.__send(self.__name, args)
File "/usr/lib64/python2.4/xmlrpclib.py", line 1383, in __request
verbose=self.__verbose
File "/usr/lib64/python2.4/xmlrpclib.py", line 1131, in request
errcode, errmsg, headers = h.getreply()
File "/usr/lib64/python2.4/httplib.py", line 1137, in getreply
response = self._conn.getresponse()
File "/usr/lib64/python2.4/httplib.py", line 866, in getresponse
response.begin()
File "/usr/lib64/python2.4/httplib.py", line 365, in begin
self.msg = HTTPMessage(self.fp, 0)
File "/usr/lib64/python2.4/mimetools.py", line 16, in __init__
rfc822.Message.__init__(self, fp, seekable)
File "/usr/lib64/python2.4/rfc822.py", line 106, in __init__
self.readheaders()
File "/usr/lib64/python2.4/httplib.py", line 221, in readheaders
line = self.fp.readline()
File "/usr/lib64/python2.4/socket.py", line 325, in readline
data = recv(1)
File "/usr/lib/python2.4/site-packages/DenyHosts/deny_hosts.py", line 114,
in killDaemon
sys.exit(0)
SystemExit: 0
2008-06-03 12:23:06,471 - loginattempt: INFO resetting count for: #omitted,
a local IP#
2008-06-03 12:23:21,907 - denyhosts : INFO DenyHosts daemon is shutting
down
2008-06-03 12:23:33,561 - denyhosts : INFO DenyHosts launched with the
following args:
2008-06-03 12:23:33,561 - denyhosts : INFO /usr/bin/denyhosts.py
--daemon --config=/etc/denyhosts/denyhosts.cfg
2008-06-03 12:23:33,561 - prefs : INFO DenyHosts configuration
settings:
2008-06-03 12:23:33,561 - prefs : INFO ADMIN_EMAIL: [ #omitted, a
valid email addr# ]
2008-06-03 12:23:33,561 - prefs : INFO AGE_RESET_INVALID: [864000]
2008-06-03 12:23:33,561 - prefs : INFO AGE_RESET_RESTRICTED:
[2160000]
2008-06-03 12:23:33,561 - prefs : INFO AGE_RESET_ROOT: [2160000]
2008-06-03 12:23:33,561 - prefs : INFO AGE_RESET_VALID: [432000]
2008-06-03 12:23:33,562 - prefs : INFO
ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
2008-06-03 12:23:33,562 - prefs : INFO BLOCK_SERVICE: [sshd]
2008-06-03 12:23:33,562 - prefs : INFO DAEMON_LOG:
[/var/log/denyhosts]
2008-06-03 12:23:33,562 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT:
[%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
2008-06-03 12:23:33,562 - prefs : INFO DAEMON_LOG_TIME_FORMAT:
[None]
2008-06-03 12:23:33,562 - prefs : INFO DAEMON_PURGE: [3600]
2008-06-03 12:23:33,562 - prefs : INFO DAEMON_SLEEP: [30]
2008-06-03 12:23:33,562 - prefs : INFO DENY_THRESHOLD_INVALID: [5]
2008-06-03 12:23:33,562 - prefs : INFO DENY_THRESHOLD_RESTRICTED:
[1]
2008-06-03 12:23:33,563 - prefs : INFO DENY_THRESHOLD_ROOT: [1]
2008-06-03 12:23:33,563 - prefs : INFO DENY_THRESHOLD_VALID: [10]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX2: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX3: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX4: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX5: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX6: [None]
2008-06-03 12:23:33,563 - prefs : INFO FAILED_ENTRY_REGEX7: [None]
2008-06-03 12:23:33,564 - prefs : INFO HOSTNAME_LOOKUP: [YES]
2008-06-03 12:23:33,564 - prefs : INFO HOSTS_DENY:
[/etc/hosts.deny]
2008-06-03 12:23:33,564 - prefs : INFO LOCK_FILE:
[/var/lock/subsys/denyhosts]
2008-06-03 12:23:33,564 - prefs : INFO PLUGIN_DENY: [None]
2008-06-03 12:23:33,564 - prefs : INFO PLUGIN_PURGE: [None]
2008-06-03 12:23:33,564 - prefs : INFO PURGE_DENY: [604800]
2008-06-03 12:23:33,564 - prefs : INFO PURGE_THRESHOLD: [0]
2008-06-03 12:23:33,564 - prefs : INFO RESET_ON_SUCCESS: [yes]
2008-06-03 12:23:33,564 - prefs : INFO SECURE_LOG:
[/var/log/secure]
2008-06-03 12:23:33,564 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d
%b %Y %H:%M:%S %z]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_FROM: [DenyHosts
<[EMAIL PROTECTED], a valid host name#>]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_HOST: [localhost]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_PASSWORD: [None]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_PORT: [25]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_SUBJECT: [DenyHosts
Report: #omitted, a valid host name#]
2008-06-03 12:23:33,565 - prefs : INFO SMTP_USERNAME: [None]
2008-06-03 12:23:33,565 - prefs : INFO SSHD_FORMAT_REGEX: [.*
(sshd.*:|\[sshd\]|vsftpd.*:) (?P<message>.*)]
2008-06-03 12:23:33,565 - prefs : INFO SUCCESSFUL_ENTRY_REGEX:
[None]
2008-06-03 12:23:33,565 - prefs : INFO
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
2008-06-03 12:23:33,565 - prefs : INFO SYNC_DOWNLOAD: [yes]
2008-06-03 12:23:33,566 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY:
[18000]
2008-06-03 12:23:33,566 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3]
2008-06-03 12:23:33,566 - prefs : INFO SYNC_INTERVAL: [3600]
2008-06-03 12:23:33,566 - prefs : INFO SYNC_SERVER:
[http://xmlrpc.denyhosts.net:9911]
2008-06-03 12:23:33,566 - prefs : INFO SYNC_UPLOAD: [no]
2008-06-03 12:23:33,566 - prefs : INFO SYSLOG_REPORT: [no]
2008-06-03 12:23:33,566 - prefs : INFO USERDEF_FAILED_ENTRY_REGEX:
[authentication failure.* rhost=(?P<host>\S+)\s+user=(?P<user>\S+).*]
2008-06-03 12:23:33,566 - prefs : INFO USERDEF_FAILED_ENTRY_REGEX:
[authentication failure.* rhost=(?P<host>\S+).*]
2008-06-03 12:23:33,566 - prefs : INFO WORK_DIR:
[/usr/share/denyhosts/data]
2008-06-03 12:23:33,568 - denyhosts : INFO restricted: set([])
2008-06-03 12:23:33,569 - denyhosts : INFO launching DenyHosts daemon
(version 2.6)...
2008-06-03 12:23:33,571 - denyhosts : INFO DenyHosts daemon is now
running, pid: 3675
2008-06-03 12:23:33,571 - denyhosts : INFO send daemon process a TERM
signal to terminate cleanly
2008-06-03 12:23:33,571 - denyhosts : INFO eg. kill -TERM 3675
2008-06-03 12:23:33,619 - denyhosts : INFO monitoring log: /var/log/secure
2008-06-03 12:23:33,619 - denyhosts : INFO sync_time: 3600
2008-06-03 12:23:33,620 - denyhosts : INFO daemon_purge: 3600
2008-06-03 12:23:33,620 - denyhosts : INFO daemon_sleep: 30
2008-06-03 12:23:33,620 - denyhosts : INFO purge_sleep_ratio: 120
2008-06-03 12:23:33,620 - denyhosts : INFO sync_time: : 3600
2008-06-03 12:23:33,620 - denyhosts : INFO sync_sleep_ratio: 120
2008-06-03 13:01:33,733 - loginattempt: INFO resetting count for: [omitted,
a local IP]
Regards,
Rob
--
---------------------"Happiness is understanding."----------------------
Robert Hardy, B.Eng Computer Systems C.E.O. Webcon Inc.
-------------------------------------------------------------------------
This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
http://clk.atdmt.com/MRT/go/vse0120000070mrt/direct/01/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
