Everything is working correctly since I changed the SSH LOG FILE from /var/log/ssh/* to /var/log/secure
Also, the file /var/log/notify_isp.log was not created and was an issue. I did a simple "touch". Everything is working OK now.. : [EMAIL PROTECTED]:/usr/share/denyhosts> cat /var/log/notify_isp.log Report generated for 61.7.255.30 and sent to [EMAIL PROTECTED] on Thu Jul 24 23:46:33 -0700 2008 Report generated for 61.7.255.30 and sent to [EMAIL PROTECTED] on Thu Jul 24 23:46:34 -0700 2008 When you'll write the README -I can do it if you want- you need to talk about those 2 stuff :) Thanks Nazar Aziz wrote: > HI there. > >> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >> /bin/cat: /var/log/sshd/*: No such file or directory >> ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting >> (RuntimeError) > >> /bin/cat: /var/log/sshd/*: No such file or directory > > > Can you check that your sshd log files are in /var/log/sshd (as set in > the LOG_FILE constant) as it appears that cat is not able to find that > directory. > > Cheers. > > 2008/7/25 S A I N T - 4 2 <[EMAIL PROTECTED]>: >> Looks like it's not working here. >> I intalled Ruby. >> I copied the script in /usr/share/denyhosts/ >> I configured the PLUGIN_DENY= to /usr/share/denyhosts/name_of_script.rb >> and restarted denyhosts. >> >> That's it right ? >> Any way to make tests ? >> >> Jul 22 08:34:37 tyesun sshd[18962]: refused connect from ::ffff:61.7.255.30 >> (::ffff:61.7.255.30) >> >> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >> /bin/cat: /var/log/sshd/*: No such file or directory >> ./notify_isp.rb:129: No evidence found for IP 61.7.255.30. Aborting >> (RuntimeError) >> >> >> I changed the LOG_FILE to /var/log/secure, and it is now working (a small >> readme should come with the file in order to explain this). >> >> Now, when I run the command, I got this: >> [EMAIL PROTECTED]:/usr/share/denyhosts> ./notify_isp.rb 61.7.255.30 >> ./notify_isp.rb:134: Host 61.7.255.30 has already been reported. Not >> reporting again. (RuntimeError) >> >> >> >> >> >> >> SWK wrote: >>> Hi Nazar,... >>> >>> nice script,... i plugged it in and now i'm still waiting for the first >>> nerd to trap in ...*g >>> >>> Is it possible to add a "CC"-Variable in the message to have a copy of the >>> sended email? >>> >>> Regards ... >>> >>> Stefan >>> >>> Nazar Aziz schrieb: >>>> Hi List. >>>> >>>> Just wanted to drop a quick email to say that I've developed a >>>> DenyHosts plugin that will notify the attacker's ISP with an excerpt >>>> from your sshd log file. I've been running this script for the last >>>> two days and I've had half a dozen positive replies from system admins >>>> who've subsequently disconnected offending servers. >>>> >>>> Downloaded it here:http://github.com/nazar/report-hack-isp/tree/master >>>> >>>> Instructions: http://github.com/nazar/report-hack-isp/wikis >>>> >>>> Why I did this: >>>> >>>> http://panthersoftware.com/articles/view/5/automatically-report-all-ssh-brute-force-attacks-to-isps >>>> >>>> Cheers. >>>> >>>> Nazar >>>> >>>> ------------------------------------------------------------------------- >>>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>>> challenge >>>> Build the coolest Linux based applications with Moblin SDK & win great >>>> prizes >>>> Grand prize is a trip for two to an Open Source event anywhere in the >>>> world >>>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>>> _______________________________________________ >>>> Denyhosts-user mailing list >>>> [email protected] >>>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >>>> >>> >>> ------------------------------------------------------------------------- >>> This SF.Net email is sponsored by the Moblin Your Move Developer's >>> challenge >>> Build the coolest Linux based applications with Moblin SDK & win great >>> prizes >>> Grand prize is a trip for two to an Open Source event anywhere in the >>> world >>> http://moblin-contest.org/redirect.php?banner_id=100&url=/ >>> _______________________________________________ >>> Denyhosts-user mailing list >>> [email protected] >>> https://lists.sourceforge.net/lists/listinfo/denyhosts-user >>> > ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
