Luke wrote: [snip] > Aug 19 11:07:37 - AllowedHosts: DEBUG initializing AllowedHosts > Aug 19 11:07:37 - AllowedHosts: DEBUG Could not open > /usr/share/denyhosts/data/allowed-hosts - [Errno 2] No such file or > directory: '/usr/share/denyhosts/data/allowed-hosts'
That's not a real problem. What I forgot is that it is better to run it with --verbose and --debug, I was expecting some info that is not there. > /var/log/secure.log > > Aug 19 11:14:15 Crapbag > /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[265]: > Authentication: FAILED :: User Name: N/A :: Viewer Address: 75.63.18.190 :: > Type: VNC DES > Aug 19 11:14:45: --- last message repeated 12 times --- That is a problem... DH doesn't handle those "repeated" lines, nothing does. What can be done to fix it is to re-configure syslog to not do that; in some syslogs its "RepeatedMsgReduction off". > Aug 19 11:15:47 Crapbag > /System/Library/CoreServices/RemoteManagement/AppleVNCServer.bundle/Contents/MacOS/AppleVNCServer[265]: > Authentication: FAILED :: User Name: N/A :: Viewer Address: 75.63.18.190 :: > Type: VNC DES > Aug 19 11:16:17: --- last message repeated 16 times --- What is your PURGE_DENY, DENY_THRESHOLD_INVALID, AGE_RESET_INVALID, and DAEMON_SLEEP values in denyhosts.cfg (or denyhosts.conf)? I see the regex I sent is missing a space, could you test these exactly as shown (except for the unintended line wrapping): SSHD_FORMAT_REGEX=.* (sshd.*:|\[sshd\]|AppleVNCServer\[\d+\]:) (?P<message>.*) USERDEF_FAILED_ENTRY_REGEX=Authentication: FAILED :: User Name: (?P<user>\S+) :: Viewer Address: (?P<host>\S+) .* -- René Berber ------------------------------------------------------------------------------ This SF.net email is sponsored by Make an app they can't live without Enter the BlackBerry Developer Challenge http://p.sf.net/sfu/RIM-dev2dev _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
