Luket, If you were to install denyhosts-py25 via fink, you could use the information below to get it working. This information may also be useful enough with your current configuration (however you came by it).
I know of at least two people for whom this configuration works (Glenn and myself). Good luck, Robert == http://thread.gmane.org/gmane.os.macosx.fink.beginners/21386/focus=21402 == Good news -- looks like denyhosts is working! My guess -- from a highly non-expert point of view -- is that most likely denyhosts wasn't updated for 10.5. To summarize, here are my changes after doing Fink install denyhosts-py25-2.6-1: 1) edit the sshd_config file according to the link http://article.gmane.org/gmane.os.apple.fink.beginners/19292/match=denyhosts It's just two or three simple changes. 2) In /sw/etc/denyhosts-py25 edit the denyhosts.cfg file by changing SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/secure.log and comment out the statement SSHD_FORMAT_REGEX= Then, according to instructions in this thread, I killed the active daemon and restarted with sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- daemon It is working very nicely. Catching all kinds of break in attempts and logging them in host.deny. I went to another computer and tried five bogus logins. Denyhosts caught this, added the id to the list and allowed no further interactions from this computer. Nice. The only thing I haven't tried is rebooting to make sure the daemon starts properly and sees all relevant files. If I have probs, I'll let you know. Thanks everybody for all the help. Very much appreciated. g On May 9, 2008, at 11:50 AM, Robert T Wyatt wrote: > > > > Robert T Wyatt wrote: >> >> Alexander Hansen wrote: >>> >>> glenn millhauser wrote: >>>> >>>> Hi All, >>>> >>>> Okay -- the files below (pointed out in Robert's message) were >>>> >>>> all >>>> >>>> found to be in place. Also, based on the thread >>>> >>>> >>>> >>>> http://thread.gmane.org/gmane.comp.security.denyhosts.user/397/focus=399 >>>> >>>> >>>> >>>> I changed: >>>> >>>> >>>> >>>> SECURE_LOG = /var/log/asl.log to SECURE_LOG = /var/log/ >>>> >>>> secure.log >>>> >>>> >>>> >>>> I also commented out the statement SSHD_FORMAT_REGEX= >>>> >>>> Then, I ran the way Alexander did: >>>> >>>> >>>> >>>> sudo denyhosts-py25.py -c /sw/etc/denyhosts-py25/denyhosts.cfg -- >>>> >>>> daemon >>>> >>>> >>>> >>>> >>>> >>>> It now appears that denyhosts finds the denyhosts.cfg file. >>>> >>>> However, >>>> >>>> I get the error: >>>> >>>> >>>> >>>> DenyHosts could not obtain lock (pid: 112) >>>> >>>> [Errno 17] File exists: '/sw/var/run/denyhosts-py25.pid' >>>> >>>> >>>> >>>> >>>> >>>> I think I might be getting closer but don't know what to do with >>>> >>>> this. >>>> >>>> Any ideas?? >>>> >>>> >>>> >>>> thanks, >>>> >>>> g >>> >>> That would make me suspect that the daemon is already running for >>> >>> you, >>> >>> and it won't let you do a second instance. >> >> >> >> I agree with Alex and if you 'cat /sw/var/run/denyhosts-py25.pid' you >> >> will obtain the process id of the running instance and can then kill >> >> the process (sudo kill -TERM PID --where PID is the process id) so >> >> that you can restart it manually. >> >> >> >> FWIW, I think fink's denyhosts puts its log in /sw/var/log/denyhosts >> >> or somewhere very close to that; the log should give the loaded >> >> configuration, PID, DH's recommended kill command, and a lot of other >> >> goodies. >> >> >> >> Sounds like you're making good progress! >> >> >> >> --rtw > > > > There is another possibility: if DH terminated abnormally, the .pid > > file would still be present. > > > > During startup, DH looks for this file, if it's present (whether the > > daemon is actually running or not) it will not start. > > > > Simply: sudo rm /sw/var/run/denyhosts-py25.pid to get rid of the file > > if this is the case. > > > > --rtw > > Glenn L. Millhauser Department of Chemistry & Biochemistry UC Santa Cruz Santa Cruz, CA 95064 831 459 2176 voice 831 566 3337 cell 831 459 2935 fax http://chemistry.ucsc.edu/~glennm http://www.chemistry.ucsc.edu/faculty/millhauser.html luket trif wrote: > Hi, > > > I'm using a mac with OS X 10.5.5, and recently installed denyhosts, > however i'm not sure if its working properly. I've received lots of > attempts to login to the ssh server from different ip addresses, in some > cases even hundreds from the same ip address. I'm launching denyhosts > via daemon_control and starts right up with no errors. Below is the a > clip from /var/log/denyhosts So everything seems to be working properly, > however there are times when my logfile turns offer from failed login > attempts from the same ip address and when i grep for that ip address in > /etc/hosts.deny its not found . The Deny_invalid_threshold is set to 3. > So i'm not sure if its working at all. I did add the correct Mac OS X > related strin g to denyhosts.cfg at the bottom (the one on the FAQ page > produced errors ) > > > So my question is. Is there a way to test to see if denyhosts is working > properly or working at all on my system ? Just for the fun of it, since > the threshold is set for failed login attempts at 3 i tried to login > from another server 30-40 times unsuccessfully with non existant > usernames to see if that would block my ip address and it hasn't. Tried > root as well and no luck. I'm thinking its probably not reading > secure.log correctly. Any help would be appreciated. > > thanks in advance. ------------------------------------------------------------------------- This SF.Net email is sponsored by the Moblin Your Move Developer's challenge Build the coolest Linux based applications with Moblin SDK & win great prizes Grand prize is a trip for two to an Open Source event anywhere in the world http://moblin-contest.org/redirect.php?banner_id=100&url=/ _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
