Also, Apache must be restarted AFAIK in order to block an attacker using
it's internal ALLOW/DENY rules. Of course, you could block it at the
kernel level w/ iptables if you wanted.
Phil
On Tue, 28 Oct 2008, René Berber wrote:
Terry Carmen wrote:
Does anybody know if denyhosts can parse multiple logs?
No, it can't...
I recommend using fail2ban, it can scan multiple logs and it already has
regexes for Apache.
It's doing a great job with failed ssh logins, but I'l like to have it
handle failed apache logins as well:
/etc/httpd/logs/error_log:
[Tue Oct 28 14:42:37 2008] [error] [client xx.xx.xxx.xxx] user sdfasdfa
not found: /
It would be easy enough to point it to the log with a custom regex, but
then I assume it would then ignore /var/log/secure
Any thoughts?
An option with other services that use syslog is to just merge/copy the
messages to one log, but Apache is different, doesn't use syslog, has
its own log format (which can be customized). I don't watch Apache's
log so I don't have first hand experience.
--
Regards,
Phil Schwartz
- http://www.phil-schwartz.com
Open Source Projects:
- DenyHosts: http://www.denyhosts.net
- Kodos: http://kodos.sourceforge.net
- ReleaseForge: http://releaseforge.sourceforge.net
- Scratchy: http://scratchy.sourceforge.net
- FAQtor: http://faqtor.sourceforge.net
-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
