Yes you can. The denyhosts program only monitors one log file. So you need to come up with a way to log failures to a common log file AND write custom patterns to match the failures.
Here is what I did to monitor FTPD. I installed vsftpd in place of Sun's ftpd on my Solaris box. I defined authentication logging to go to the same file for vsftpd and sshd in /etc/syslog.conf. I added patterns to match in /usr/share/denyhosts/denyhosts.cfg. You need to matches. The first looks for sshd AND vsftpd messages. The second matches the vsftp failed login messages. # Match is in two parts. Add vsftp: to match log entry. Add vsftp regex to match log mesesage. - Ron Nash # Jun 16 11:12:37 rohan vsftpd: [ID 702911 news.warning] Mon Jun 16 11:12:37 2008 [pid 13050] [root] FAIL LOGIN: Client "130. 191.17.126" SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|vsftpd:) (?P<message>.*) USERDEF_FAILED_ENTRY_REGEX=\[(?P<user>\S+)\].*FAIL LOGIN.*"(?P<host>\S+)" So to match SMTP failures, the logged failures have to apprear in the log file denyhosts monitors. One way is to write a shell script that tails the SMTP log, greps the failures and logs them to the common log file (the logger command will do this nicely) A more elegant solution is to have your SMTP daemon log these failures directly to syslog with the appropriate syslog facility (ie: local1.info) -Ron > Hi List,... > > i've installed DenyHosts now for the second time and I'm absoluely > pleased with it ... > > But ... > > In the denyhosts.conf there is the following Section: > > ####################################################################### > # > # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY > # > # man 5 hosts_access for details > # > # eg. sshd: 127.0.0.1 # will block sshd logins from 127.0.0.1 > # > # To block all services for the offending host: > #BLOCK_SERVICE = ALL > # To block only sshd: > BLOCK_SERVICE = sshd > # To only record the offending host and nothing else (if using > # an auxilary file to list the hosts). Refer to: > # http://denyhosts.sourceforge.net/faq.html#aux > #BLOCK_SERVICE = > # > ####################################################################### > > In my opinion it says, that i can choose to block the Host for all > services, if he had tried to contact me using ssh. > > So ... > > ... is it possible monitoring other services (i.e. like FTP, SMTP) and > exclude attacking hosts by adding it to the hosts.deny-file like > DenyHosts do it in the "ssh-case"? > > In an actual case i found - i.e. - the following entries in my > /var/log/syslog - file: > > ......... > Jul 13 09:16:32 h1396903 postfix/smtpd[18411]: NOQUEUE: reject: RCPT > from 118-169-206-82.dynamic.hinet.net[118.169.206.82]: 554 5.7.1 > <[EMAIL PROTECTED]>: Relay access denied; > from=<[EMAIL PROTECTED]> to=<[EMAIL PROTECTED]> > proto=SMTP helo=<www.MyMainServer.com> > > Jul 13 09:16:32 h1396903 postfix/smtpd[18411]: lost connection after > RCPT from 118-169-206-82.dynamic.hinet.net[118.169.206.82] > > Jul 13 09:16:32 h1396903 postfix/smtpd[18411]: disconnect from > 118-169-206-82.dynamic.hinet.net[118.169.206.82] > .......... > > Reading this, i recognized, that a script-kiddie tries to use my server > as a relay. But he don't tried to connect using ssh. > > So,... > > ... is it possible to block this attempts using DenyHosts? > > Greetz ... > Stefan > > ------------------------------------------------------------------------- > Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! > Studies have shown that voting for your favorite open source project, > along with a healthy diet, reduces your potential for chronic lameness > and boredom. Vote Now at http://www.sourceforge.net/community/cca08 > _______________________________________________ > Denyhosts-user mailing list > [email protected] > https://lists.sourceforge.net/lists/listinfo/denyhosts-user > ------------------------------------------------------------------------- Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW! Studies have shown that voting for your favorite open source project, along with a healthy diet, reduces your potential for chronic lameness and boredom. Vote Now at http://www.sourceforge.net/community/cca08 _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
