>> Am 06.08.2013 18:34, schrieb LuKreme: >>> I believe that is correct. The only login attmepts that are not >>> suspicious are those that are whitelisted. >> >> Are you sure? > > Not sure, no, but that is what I recall.
No, this is not correct. According to Phil Schwartz: "Suspicious logins are based on DenyHosts observing that a failied login exceeded the threhold but then was able to login based on the user/ip address." http://sourceforge.net/mailarchive/message.php?msg_id=30785414 Denyhosts is designed to detect brute-force attacks, so whitelisting seems not only like a pointless workaround, but also bad system security. This is especially the case if one of the machines on the whitelist ever gets compromised. In my case, the behavior of denyhosts changed around May 26 of this year without me changing any of the configuration files. I have checked my package logs to see what new packages were installed around that time, and I'm stumped to find anything that could be causing this problem. I've also tried uninstalling and reinstalling denyhosts (including deleting /var/lib/denyhosts), zapping /var/log/auth.log, and all of my logins are still marked as being suspicious. So either: 1. It was working properly for several years and then it became broken; or 2. It was broken for several years and then it started working properly. If anyone has any insight into getting denyhosts to work properly, and not a workaround with logcheck or whitelisting, I'd appreciate any tips. Thanks ------------------------------------------------------------------------------ Get 100% visibility into Java/.NET code with AppDynamics Lite! It's a free troubleshooting tool designed for production. Get down to code-level detail for bottlenecks, with <2% overhead. Download for free and get started troubleshooting in minutes. http://pubads.g.doubleclick.net/gampad/clk?id=48897031&iu=/4140/ostg.clktrk _______________________________________________ Denyhosts-user mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/denyhosts-user
