HI there. > [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 > /bin/cat: /var/log/sshd/*: No such file or directory > ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting > (RuntimeError)
> /bin/cat: /var/log/sshd/*: No such file or directory Can you check that your sshd log files are in /var/log/sshd (as set in the LOG_FILE constant) as it appears that cat is not able to find that directory. Cheers. 2008/7/25 S A I N T - 4 2 <[EMAIL PROTECTED]>: > Looks like it's not working here. > I intalled Ruby. > I copied the script in /usr/share/denyhosts/ > I configured the PLUGIN_DENY= to /usr/share/denyhosts/name_of_script.rb > and restarted denyhosts. > > That's it right ? > Any way to make tests ? > > Jul 22 08:34:37 tyesun sshd[18962]: refused connect from ::ffff:61.7.255.30 > (::ffff:61.7.255.30) > > [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 > /bin/cat: /var/log/sshd/*: No such file or directory > ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting > (RuntimeError) > > > I changed the LOG_FILE to /var/log/secure, and it is now working (a small > readme should come with the file in order to explain this). > > Now, when I run the command, I got this: > [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 > ./notify_isp.rb:134: Host 61.7.255.30 has already been reported. Not > reporting again. (RuntimeError) > > > > > > > SWK wrote: >> >> Hi Nazar,... >> >> nice script,... i plugged it in and now i'm still waiting for the first >> nerd to trap in ...*g >> >> Is it possible to add a "CC"-Variable in the message to have a copy of the >> sended email? >> >> Regards ... >> >> Stefan >> >> Nazar Aziz schrieb: >>> >>> Hi List. >>> >>> Just wanted to drop a quick email to say that I've developed a >>> DenyHosts plugin that will notify the attacker's ISP with an excerpt >>> from your sshd log file. I've been running this script for the last >>> two days and I've had half a dozen positive replies from system admins >>> who've subsequently disconnected offending servers. >>> >>> Downloaded it here:http://github.com/nazar/report-hack-isp/tree/master >>> >>> Instructions: http://github.com/nazar/report-hack-isp/wikis >>> >>> Why I did this: >>> >>> http://panthersoftware.com/articles/view/5/automatically-report-all-ssh-brute-force-attacks-to-isps >>> >>> Cheers. >>> >>> Nazar >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>> challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the >>> world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> Denyhosts-user mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >>> >> >> >> ------------------------------------------------------------------------- >> This SF.Net email is sponsored by the Moblin Your Move Developer's >> challenge >> Build the coolest Linux based applications with Moblin SDK & win great >> prizes >> Grand prize is a trip for two to an Open Source event anywhere in the >> world >> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >> _______________________________________________ >> Denyhosts-user mailing list >> [email protected] >> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >> > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
