Not a problem.
When DH decides some host has been bad and should be nuked, it writes and entry
to the hosts.deny file blocking any further access to programs that look at
that file when authenticating. DH also looks in the PLUGIN_DENY variable to
see if there is a script it should run. If there is, it passes the offending
IP address to that script.
For my setup, that script in the PLUGIN_DENY variable is denyhosts_script.sh.
So DH calls my script when it has already detected that someone needs to be
dealt with. My script doesn't monitor anything, DH does that. My script
simply adds a line to the INPUT and FORWARD tables so no traffic can get in or
through the firewall from that host.
Later, when the bad guy goes away, DH decides to remove the address from
hosts.deny. It also checks the variable PLUGIN_PURGE to see if there is a
script listed there. If so, it runs that script passing the IP address to be
"un-nuked".
My script checks to see if the address has been nuked by IPTables. If it has,
it removes that rule from the INPUT and FORWARD tables.
HTH!
Sorry for the confusion. AS my voice teacher once said, "English is a
wonderful language as long as you don't try to speak it, sing it, or
communicate with it."
-Michael
>>> SWK <[EMAIL PROTECTED]> 7/14/2008 9:48 AM >>>
So Michael,...
maybe i'm blind, but i can't see, how the "denyhosts_script.sh" is monitoring
the connecting
attempts of users who try to get me using the SMTP Port.
Shame on me, i'm not so familiar with IP-Tables ...
Can you explain it a little more verbose?
Greetz ...
Stefan
Michael Weber schrieb:
> Hello, Stefan.
>
> Easy answer is, "Yup!"
>
> What I do is to include a script to block and unblock hosts like this:
>
> PLUGIN_DENY=/usr/share/denyhosts/denyhosts_script.sh
> PLUGIN_PURGE=/usr/share/denyhosts/unblock_script.sh
>
> Here's the guts of the deny script:
>
> if [[ `grep "$1" /usr/share/denyhosts/allowed-hosts | wc -l` == 0 ]]
> then
> /sbin/iptables -I INPUT -s $1 -j DROP
> /sbin/iptables -I FORWARD -s $1 -j DROP
>
> echo "$2 Denying $1" >> /var/log/denyhosts.log
> else
> echo "$2 NOT denying $1" >> /var/log/denyhosts.log
> fi
>
>
> And here's the unblock script:
>
> if [[ `/sbin/iptables -L -n | grep $1 | wc -l` == 0 ]]
> then
> echo "$2 NOT unblocking $1 since it is not blocked" >>
> /var/log/denyhosts.log
> else
> /sbin/iptables -D INPUT -s $1 -j DROP
> /sbin/iptables -D FORWARD -s $1 -j DROP
>
> echo "$2 unblocking $1" >> /var/log/denyhosts.log
> fi
>
>
> HTH!
>
> -Michael
>
>
>>>> SWK <[EMAIL PROTECTED]> 7/13/2008 3:24 AM >>>
> Hi List,...
>
> i've installed DenyHosts now for the second time and I'm absoluely
> pleased with it ...
>
> But ...
>
> ... is it possible monitoring other services (i.e. like FTP, SMTP) and
> exclude attacking hosts by adding it to the hosts.deny-file like
> DenyHosts do it in the "ssh-case"?
>
>
>
> E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
> file(s) may contain privileged, confidential or proprietary information
> or be protected from disclosure under law ("Confidential Information").
> Any use or disclosure of this Confidential Information, or taking any
> action in reliance thereon, by any individual/entity other than the
> intended recipient(s) is strictly prohibited. This Confidential
> Information is intended solely for the use of the
> individual(s) addressed. If you are not an intended recipient, you have
> received this Confidential Information in error and have an obligation
> to promptly inform the sender and permanently destroy, in its entirety,
> this Confidential Information (and all copies thereof). E-mail is
> handled in the strictest of confidence by Allied National, however,
> unless sent encrypted, it is not a secure communication method and may
> have been intercepted, edited or altered during transmission and
> therefore is not guaranteed.
>
>
-------------------------------------------------------------------------
Sponsored by: SourceForge.net Community Choice Awards: VOTE NOW!
Studies have shown that voting for your favorite open source project,
along with a healthy diet, reduces your potential for chronic lameness
and boredom. Vote Now at http://www.sourceforge.net/community/cca08
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary information
or be protected from disclosure under law ("Confidential Information").
Any use or disclosure of this Confidential Information, or taking any
action in reliance thereon, by any individual/entity other than the
intended recipient(s) is strictly prohibited. This Confidential
Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you have
received this Confidential Information in error and have an obligation
to promptly inform the sender and permanently destroy, in its entirety,
this Confidential Information (and all copies thereof). E-mail is
handled in the strictest of confidence by Allied National, however,
unless sent encrypted, it is not a secure communication method and may
have been intercepted, edited or altered during transmission and
therefore is not guaranteed.
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
