On 26/08/2008 9:22 AM, Jason Lingohr wrote: > On 26/08/2008 2:41 AM, Phil Schwartz wrote: > > > Did you stop DenyHosts before #3? DenyHosts reads the files at startup, > > modifies them as needed but doesn't re-read them. All of the data is > > cached. So if you were to leave DH running, clearing the IPs from the > > files wouldn't prevent the host from re-appearing. > > > > There is a patch on the project page that deletes a single IP address. > > It will be included in 2.7. > > > > Regards, > > > > Phil > > > > Yep, sure did. > > Perhaps I should try the patch -- either way, I'm sure I did everything > right. Do you mean tracker id 2006779? > > It seems to have been triggered by a repeated batch of: > > Did not receive identification string from <IP> > > It's as if DH just refuses to match/apply the allowed-hosts file. > > I should add that no entries are added to hosts.deny either. >
And more on this -- I've now added the above patch, and found a few things. Firstly, it doesn't even kick in unless --purge is also supplied, or am I missing something? Secondly, it doesn't seem to work: denyhosts.py --config=/usr/share/denyhosts/denyhosts.cfg --purge --purgeip=1.1.1.1 --debug [...] HOSTS_DENY: [/etc/hosts.evil] LOCK_FILE: [/var/lock/subsys/denyhosts] PLUGIN_DENY: [/usr/share/denyhosts/plugins/route_add.sh] PLUGIN_PURGE: [/usr/share/denyhosts/plugins/route_delete.sh] WORK_DIR: [/usr/share/denyhosts/data] purging entries older than: Mon Aug 25 09:58:31 2008 num entries purged: 0 purging listed IP addresses. [Errno 2] No such file or directory purging_hosts: [''] num entries purged: 1 invoking plugin: /usr/share/denyhosts/plugins/route_delete.sh /sbin/route delete -host reject reject: Unknown host [...] initializing AllowedHosts line: 1.1.1.1 - regex match? True allowed_hosts: ['1.1.1.1] done initializing AllowedHosts My purge script is a simple route reject flag Bourne script. It seems the patch isn't finding my commandline-supplied IP? Probably worth mentioning (after studying the patch and how it works), that a normal --purge doesn't get rid of the entry either, and it's older than the purge cutoff (I think). Also, not using sync (well, as far as I understand, if SYNC_SERVER isn't set, it doesn't get turned on): SYNC_DOWNLOAD: [yes] SYNC_DOWNLOAD_RESILIENCY: [18000] SYNC_DOWNLOAD_THRESHOLD: [3] SYNC_INTERVAL: [3600] SYNC_SERVER: [None] SYNC_UPLOAD: [yes] ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
