Navigation

    Netgate Discussion Forum
    • Register
    • Login
    • Search
    • Categories
    • Recent
    • Tags
    • Popular
    • Users
    • Search

    Finish my Denyhosts package [$20]

    Completed Bounties
    11
    36
    33569
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • T
      tommyboy180 last edited by

      I have started a denyhosts package and do not have the time or knowledge right now to finish it right now.

      Here are the files that I have completed, a good portion of the work is already done. One downside is that I am really off on some code and the xml GUI code is a little lazy. Hopefully this will start it.

      Files: http://www.tomschaefer.org/temp/pfsense/denyhosts/

      EDIT 23 Apr: Updated, and fix a typo.

      -Tom Schaefer
      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

      Please support pfBlocker | File Browser | Strikeback

      1 Reply Last reply Reply Quote 0
      • T
        tommyboy180 last edited by

        To install denyhosts on 1.2.3 RC1 follow the below directions. Unfortunately this method does not work for 1.2.2.

        Step 1: #```
        pkg_add -r denyhosts

        
        which will download ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.1-realease/Latest/denyhosts.tbz
        which will also download dependency ftp://ftp.freebsd.org/pub/FreeBSD/ports/i386/packages-7.1-realease/All/python25-2.5.2_3.tbz
        
        Then python reports
        Note that some of the standard modules are provided as separate
        ports since they require extra dependencies:
        
        bsddb           databases/py-bsddb
        gdbm            databases/py-gdbm
        sqlite3         databases/py-sqlite3
        tkinter         x11-toolkits/py-tkinter
        
        Install them as needed.
        
        Then denyhosts prints
        
        –-----------------------------------------------------------------------------
        To run denyhosts from startup, add denyhosts_enable="YES"
        in your /etc/rc.conf.
        onfigiration options can be found in /usr/local/etc/denyhosts.conf
        -------------------------------------------------------------------------------
        In order to proper working of denyhosts
        1\. edit your /etc/hosts.allow file and add:
        sshd : /etc/hosts.deniedssh : deny
        sshd : ALL : allow
        2\. issue the following command if /etc/hosts.deniedssh does not exist yet
        touch /etc/hosts.deniedssh
        -------------------------------------------------------------------------------
        Warning:
        
        syslogd should ideally be run with the -c option; this will ensure that
        denyhosts notices multiple repeated login attempts.
        
        To do this, add syslogd_flags="-c" to /etc/rc.conf
        -------------------------------------------------------------------------------
        Step 2:```
        mv /usr/local/etc/rc.d/denyhosts /usr/local/etc/rc.d/denyhosts.sh
        

        you also need to edit denyhosts.sh in /usr/local/etc/rc.d and change denyhosts_enable="NO" to denyhosts_enable="YES"
        you also need to edit denyhosts.sh in /usr/local/etc/rc.d and change 'command_interpreter="/usr/local/bin/python"' to 'command_interpreter="/usr/local/bin/python2.5"'

        chmod 755 denyhosts.sh
        

        Step 3: in /usr/local/etc/denyhosts.conf and /usr/local/etc/denyhosts.conf-dist
        you also need to change "SECURE_LOG = /var/log/auth.log" to "SECURE_LOG = /var/log/system.log"
        you also need to uncomment BLOCK_SERVICE = ALL (or you can just block ssh)
        you also need to uncomment SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

        Step 4: add "sshd : /etc/hosts.deniedssh : deny" to /etc/hosts.allow (above ALL : ALL : allow)

        Notes:
        log is in /var/log/denyhosts
        execute```
        /usr/local/etc/rc.d/denyhosts.sh start

        this has been tested on 1.2.3 RC1 but I cannot get it to install on 1.2.2, I always get an error.

        -Tom Schaefer
        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

        Please support pfBlocker | File Browser | Strikeback

        1 Reply Last reply Reply Quote 0
        • C
          cybrsrfr last edited by

          I believe 1.2.2 is freebsd 7.0 while 1.2.3 is freebsd 7.1. If the denyhosts.tbz is compile for 7.1 then that may be why it fails on 7.0.

          I was short on time on saturday but I will take a deeper look at the package on monday.

          1 Reply Last reply Reply Quote 0
          • T
            tommyboy180 last edited by

            Yep. When I tried to get denyhosts working on 1.2.2 I used the packages-7-stable location. For some odd reason I kept getting an error that was asking for some lib file.
            Anyway if you want you can check out my 1.2.2 install script and my 1.2.3 script to see what I was doing. So far I can only get it working on 1.2.3.
            http://www.tomschaefer.org/temp/pfsense/denyhosts/

            -Tom Schaefer
            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

            Please support pfBlocker | File Browser | Strikeback

            1 Reply Last reply Reply Quote 0
            • K
              kapara last edited by

              Just out of curiosity…Does this modify a rule on the firewall..like an aliase and update it with a list of IP's or does it query a list out on the net?

              Are you able to create a white list?

              Skype ID:  Marinhd

              1 Reply Last reply Reply Quote 0
              • T
                tommyboy180 last edited by

                Hello, it does not modify rules on the firewall. All hosts are checked against the /etc/hosts.deniedssh for access. By default everyone is allowed.
                When the system log shows that someone attempted to access ssh or web access many times with a wrong password they are blocked.

                The list of IP can be updated from a net list located on http://xmlrpc.denyhosts.net:9911 but this is optional. You can configure this in the config file.

                To create a white list just add a host to the hosts.allow file in the format of "ALL : ALL : allow". For example: "sshd : 192.168.1.100 : allow" will whitelist host 100 for ssh access.

                -Tom Schaefer
                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                Please support pfBlocker | File Browser | Strikeback

                1 Reply Last reply Reply Quote 0
                • C
                  cybrsrfr last edited by

                  tommyboy180: I sent a private message to you. I haven't seen a response yet.

                  1 Reply Last reply Reply Quote 0
                  • T
                    tommyboy180 last edited by

                    Bounty Still in progress.

                    -Tom Schaefer
                    SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                    Please support pfBlocker | File Browser | Strikeback

                    1 Reply Last reply Reply Quote 0
                    • ?
                      Guest last edited by

                      Did you respond to mcrane's private message?  It sounded like he was interested in taking up the bounty.

                      1 Reply Last reply Reply Quote 0
                      • T
                        tommyboy180 last edited by

                        Yes I did. I even had the privilege to speak with him on the phone one morning about a month ago. Mcrane has agreed to help me build this package after he has finished some other projects.

                        We may see this package soon, hopfully.

                        -Tom Schaefer
                        SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                        Please support pfBlocker | File Browser | Strikeback

                        1 Reply Last reply Reply Quote 0
                        • C
                          cybrsrfr last edited by

                          Sorry for the delay I will try to get this done soon.

                          1 Reply Last reply Reply Quote 0
                          • V
                            vynce last edited by

                            Another alternative is denyssh. It's designed for use on FreeBSD with PF. I don't think it's as well maintained or as popular as DenyHosts though.

                            Keep in mind that pfSense already has sshlockout_pf as well (at least in v1.2). It looks like syslog runs all of its entries through sshlockout_pf. If an entry indicates some kind of ssh login failure, the originating IP is added to the sshlockout table. There is a rule that drops everything from any addresses in the sshlockout table. Every 60 minutes, the sshlockout table is emptied by a cron rule.

                            Perhaps the DenyHosts package should disable the sshlockout_pf mechanism when it's installed (?).

                            1 Reply Last reply Reply Quote 0
                            • T
                              tommyboy180 last edited by

                              Denyhosts is still the way to go. Its the better choice and its already ported for FreeBSD.

                              I took a look at sshlockout_pf. Tested a default install of pfsense 1.2.3 July build and I was able to bruteforce ssh. Nothing locked me out, the only thing that did happen was after 5 failed attempts pfsense closed the connection but a new one could be established everytime. There is defintly a need for a denyhosts package. I am hoping the package will be created soon.
                              I also found this link for the people that are installing denyhosts with pkg_add

                              -Tom Schaefer
                              SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                              Please support pfBlocker | File Browser | Strikeback

                              1 Reply Last reply Reply Quote 0
                              • E
                                eri-- last edited by

                                Newer builds of pfSense 1.2.3+ should be ok with functional sshlockout_pf.

                                1 Reply Last reply Reply Quote 0
                                • T
                                  tommyboy180 last edited by

                                  Yes sir. I took a look at the other day. However, it is nowhere near the functionality of Denyhosts. [EDIT I still can bruteforce my way into the latest build of 1.2.3]
                                  The one thing that I really love about denyhosts is the option to get and send bad IPs from a central Database. If an IP is attacking you, you can opt in to send that IP to the denyhosts database so millions of other denyhosts users will block that IP with a list update. The same thing the other way around, denyhosts will download a list with IPs that attacked other people and prevent them from attacking you.

                                  Denyhosts doesn't just protect SSH, it also monitors http and more. All auth that occurs on the box is actively monitored.

                                  -Tom Schaefer
                                  SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                  Please support pfBlocker | File Browser | Strikeback

                                  1 Reply Last reply Reply Quote 0
                                  • E
                                    eri-- last edited by

                                    tommyboy i said newer snapshots and there hasn't been one after my post.

                                    1 Reply Last reply Reply Quote 0
                                    • T
                                      tommyboy180 last edited by

                                      My apologies

                                      -Tom Schaefer
                                      SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                      Please support pfBlocker | File Browser | Strikeback

                                      1 Reply Last reply Reply Quote 0
                                      • C
                                        cybrsrfr last edited by

                                        I started working on the package yesterday. I should have a basic version out soon. May have some questions to ask you to speed the development along.

                                        Mark

                                        1 Reply Last reply Reply Quote 0
                                        • C
                                          cybrsrfr last edited by

                                          The DenyHosts package is now available for pfSense 1.2.3 and higher. Please test it and let me know the results.

                                          Best Regards,

                                          Mark J Crane

                                          1 Reply Last reply Reply Quote 0
                                          • T
                                            tommyboy180 last edited by

                                            Ok, I am testing now.

                                            When you uninstall the package it does not restore the original hosts.allow entires
                                            The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI.

                                            -Tom Schaefer
                                            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                            Please support pfBlocker | File Browser | Strikeback

                                            1 Reply Last reply Reply Quote 0
                                            • C
                                              cybrsrfr last edited by

                                              @tommyboy180:

                                              When you uninstall the package it does not restore the original hosts.allow entires

                                              I just updated the package.

                                              Now when the pfsense denyhosts 0.5 package is installed now it makes a copy of the hosts.allow file and saves it to hosts.allow.bak. When the package is deleted from the pfSense GUI then it saves the hosts.allow.bak file back to the hosts.allow file.

                                              @tommyboy180:

                                              The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI.

                                              The FreeBSD denyhosts package was not installing. I've done some additional work on it and it now seems to install okay. Please test and confirm.

                                              Best Regards,

                                              Mark J Crane

                                              1 Reply Last reply Reply Quote 0
                                              • T
                                                tommyboy180 last edited by

                                                Ok. I looked at it, as far as I can tell its working fine.

                                                Great work. Please send me a PM where I can send the money and complete the bounty. :)

                                                -Tom Schaefer
                                                SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                                Please support pfBlocker | File Browser | Strikeback

                                                1 Reply Last reply Reply Quote 0
                                                • P
                                                  pakjebakmeel last edited by

                                                  This package doesn't work on Nano-BSD? I'm getting some errors. If you say it should run on this platform I can post the errors.

                                                  1 Reply Last reply Reply Quote 0
                                                  • T
                                                    tommyboy180 last edited by

                                                    Post them my friend.

                                                    -Tom Schaefer
                                                    SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                                    Please support pfBlocker | File Browser | Strikeback

                                                    1 Reply Last reply Reply Quote 0
                                                    • P
                                                      pakjebakmeel last edited by

                                                      @tommyboy180:

                                                      Post them my friend.

                                                      It installs fine, then it shows the following log:

                                                      
                                                      2009-09-03 14:42:05,505 - denyhosts   : INFO     DenyHosts launched with the following args:
                                                      2009-09-03 14:42:05,506 - denyhosts   : INFO        /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon
                                                      2009-09-03 14:42:05,507 - prefs       : INFO     DenyHosts configuration settings:
                                                      2009-09-03 14:42:05,508 - prefs       : INFO        ADMIN_EMAIL: [None]
                                                      2009-09-03 14:42:05,509 - prefs       : INFO        AGE_RESET_INVALID: [864000]
                                                      2009-09-03 14:42:05,510 - prefs       : INFO        AGE_RESET_RESTRICTED: [2160000]
                                                      2009-09-03 14:42:05,511 - prefs       : INFO        AGE_RESET_ROOT: [2160000]
                                                      2009-09-03 14:42:05,512 - prefs       : INFO        AGE_RESET_VALID: [432000]
                                                      2009-09-03 14:42:05,512 - prefs       : INFO        ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
                                                      2009-09-03 14:42:05,513 - prefs       : INFO        BLOCK_SERVICE: [sshd]
                                                      2009-09-03 14:42:05,514 - prefs       : INFO        DAEMON_LOG: [/var/log/denyhosts]
                                                      2009-09-03 14:42:05,515 - prefs       : INFO        DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
                                                      2009-09-03 14:42:05,516 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT: [None]
                                                      2009-09-03 14:42:05,517 - prefs       : INFO        DAEMON_PURGE: [3600]
                                                      2009-09-03 14:42:05,518 - prefs       : INFO        DAEMON_SLEEP: [30]
                                                      2009-09-03 14:42:05,518 - prefs       : INFO        DENY_THRESHOLD_INVALID: [5]
                                                      2009-09-03 14:42:05,519 - prefs       : INFO        DENY_THRESHOLD_RESTRICTED: [1]
                                                      2009-09-03 14:42:05,520 - prefs       : INFO        DENY_THRESHOLD_ROOT: [1]
                                                      2009-09-03 14:42:05,521 - prefs       : INFO        DENY_THRESHOLD_VALID: [10]
                                                      2009-09-03 14:42:05,522 - prefs       : INFO        FAILED_ENTRY_REGEX: [None]
                                                      2009-09-03 14:42:05,523 - prefs       : INFO        FAILED_ENTRY_REGEX2: [None]
                                                      2009-09-03 14:42:05,524 - prefs       : INFO        FAILED_ENTRY_REGEX3: [None]
                                                      2009-09-03 14:42:05,524 - prefs       : INFO        FAILED_ENTRY_REGEX4: [None]
                                                      2009-09-03 14:42:05,525 - prefs       : INFO        FAILED_ENTRY_REGEX5: [None]
                                                      2009-09-03 14:42:05,526 - prefs       : INFO        FAILED_ENTRY_REGEX6: [None]
                                                      2009-09-03 14:42:05,527 - prefs       : INFO        FAILED_ENTRY_REGEX7: [None]
                                                      2009-09-03 14:42:05,528 - prefs       : INFO        HOSTNAME_LOOKUP: [NO]
                                                      2009-09-03 14:42:05,529 - prefs       : INFO        HOSTS_DENY: [/etc/hosts.deniedssh]
                                                      2009-09-03 14:42:05,530 - prefs       : INFO        LOCK_FILE: [/var/run/denyhosts.pid]
                                                      2009-09-03 14:42:05,530 - prefs       : INFO        PLUGIN_DENY: [None]
                                                      2009-09-03 14:42:05,531 - prefs       : INFO        PLUGIN_PURGE: [None]
                                                      2009-09-03 14:42:05,532 - prefs       : INFO        PURGE_DENY: [None]
                                                      2009-09-03 14:42:05,533 - prefs       : INFO        PURGE_THRESHOLD: [0]
                                                      2009-09-03 14:42:05,534 - prefs       : INFO        RESET_ON_SUCCESS: [no]
                                                      2009-09-03 14:42:05,535 - prefs       : INFO        SECURE_LOG: [/var/log/system.log]
                                                      2009-09-03 14:42:05,535 - prefs       : INFO        SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z]
                                                      2009-09-03 14:42:05,536 - prefs       : INFO        SMTP_FROM: [DenyHosts <nobody@localhost>]
                                                      2009-09-03 14:42:05,537 - prefs       : INFO        SMTP_HOST: [localhost]
                                                      2009-09-03 14:42:05,538 - prefs       : INFO        SMTP_PASSWORD: [None]
                                                      2009-09-03 14:42:05,539 - prefs       : INFO        SMTP_PORT: [25]
                                                      2009-09-03 14:42:05,540 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts Report]
                                                      2009-09-03 14:42:05,541 - prefs       : INFO        SMTP_USERNAME: [None]
                                                      2009-09-03 14:42:05,541 - prefs       : INFO        SSHD_FORMAT_REGEX: [None]
                                                      2009-09-03 14:42:05,542 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX: [None]
                                                      2009-09-03 14:42:05,543 - prefs       : INFO        SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
                                                      2009-09-03 14:42:05,544 - prefs       : INFO        SYNC_DOWNLOAD: [yes]
                                                      2009-09-03 14:42:05,545 - prefs       : INFO        SYNC_DOWNLOAD_RESILIENCY: [18000]
                                                      2009-09-03 14:42:05,546 - prefs       : INFO        SYNC_DOWNLOAD_THRESHOLD: [3]
                                                      2009-09-03 14:42:05,547 - prefs       : INFO        SYNC_INTERVAL: [3600]
                                                      2009-09-03 14:42:05,548 - prefs       : INFO        SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911]
                                                      2009-09-03 14:42:05,548 - prefs       : INFO        SYNC_UPLOAD: [yes]
                                                      2009-09-03 14:42:05,549 - prefs       : INFO        SYSLOG_REPORT: [no]
                                                      2009-09-03 14:42:05,550 - prefs       : INFO        WORK_DIR: [/usr/local/share/denyhosts/data]
                                                      2009-09-03 14:42:05,552 - denyhosts   : INFO     restricted: set([])
                                                      2009-09-03 14:42:05,556 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
                                                      2009-09-03 14:42:05,568 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 7654
                                                      2009-09-03 14:42:05,570 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
                                                      2009-09-03 14:42:05,571 - denyhosts   : INFO       eg.  kill -TERM 7654
                                                      2009-09-03 14:42:05,573 - denyhosts   : INFO     monitoring log: /var/log/system.log
                                                      2009-09-03 14:42:05,574 - denyhosts   : INFO     sync_time: 3600
                                                      2009-09-03 14:42:05,575 - denyhosts   : INFO     purging of /etc/hosts.deniedssh is disabled
                                                      2009-09-03 14:42:05,578 - denyhosts   : INFO     sync_time:      : 3600
                                                      2009-09-03 14:42:05,579 - denyhosts   : INFO     sync_sleep_ratio: 120</nobody@localhost> 
                                                      ```After a while it displays some errors. I will post them in an hour or so as they appear.
                                                      
                                                      thanks so far!  8)
                                                      1 Reply Last reply Reply Quote 0
                                                      • P
                                                        pakjebakmeel last edited by

                                                        2009-09-03 14:42:05,505 - denyhosts   : INFO     DenyHosts launched with the following args:
                                                        2009-09-03 14:42:05,506 - denyhosts   : INFO        /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon
                                                        2009-09-03 14:42:05,507 - prefs       : INFO     DenyHosts configuration settings:
                                                        2009-09-03 14:42:05,508 - prefs       : INFO        ADMIN_EMAIL: [None]
                                                        2009-09-03 14:42:05,509 - prefs       : INFO        AGE_RESET_INVALID: [864000]
                                                        2009-09-03 14:42:05,510 - prefs       : INFO        AGE_RESET_RESTRICTED: [2160000]
                                                        2009-09-03 14:42:05,511 - prefs       : INFO        AGE_RESET_ROOT: [2160000]
                                                        2009-09-03 14:42:05,512 - prefs       : INFO        AGE_RESET_VALID: [432000]
                                                        2009-09-03 14:42:05,512 - prefs       : INFO        ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
                                                        2009-09-03 14:42:05,513 - prefs       : INFO        BLOCK_SERVICE: [sshd]
                                                        2009-09-03 14:42:05,514 - prefs       : INFO        DAEMON_LOG: [/var/log/denyhosts]
                                                        2009-09-03 14:42:05,515 - prefs       : INFO        DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
                                                        2009-09-03 14:42:05,516 - prefs       : INFO        DAEMON_LOG_TIME_FORMAT: [None]
                                                        2009-09-03 14:42:05,517 - prefs       : INFO        DAEMON_PURGE: [3600]
                                                        2009-09-03 14:42:05,518 - prefs       : INFO        DAEMON_SLEEP: [30]
                                                        2009-09-03 14:42:05,518 - prefs       : INFO        DENY_THRESHOLD_INVALID: [5]
                                                        2009-09-03 14:42:05,519 - prefs       : INFO        DENY_THRESHOLD_RESTRICTED: [1]
                                                        2009-09-03 14:42:05,520 - prefs       : INFO        DENY_THRESHOLD_ROOT: [1]
                                                        2009-09-03 14:42:05,521 - prefs       : INFO        DENY_THRESHOLD_VALID: [10]
                                                        2009-09-03 14:42:05,522 - prefs       : INFO        FAILED_ENTRY_REGEX: [None]
                                                        2009-09-03 14:42:05,523 - prefs       : INFO        FAILED_ENTRY_REGEX2: [None]
                                                        2009-09-03 14:42:05,524 - prefs       : INFO        FAILED_ENTRY_REGEX3: [None]
                                                        2009-09-03 14:42:05,524 - prefs       : INFO        FAILED_ENTRY_REGEX4: [None]
                                                        2009-09-03 14:42:05,525 - prefs       : INFO        FAILED_ENTRY_REGEX5: [None]
                                                        2009-09-03 14:42:05,526 - prefs       : INFO        FAILED_ENTRY_REGEX6: [None]
                                                        2009-09-03 14:42:05,527 - prefs       : INFO        FAILED_ENTRY_REGEX7: [None]
                                                        2009-09-03 14:42:05,528 - prefs       : INFO        HOSTNAME_LOOKUP: [NO]
                                                        2009-09-03 14:42:05,529 - prefs       : INFO        HOSTS_DENY: [/etc/hosts.deniedssh]
                                                        2009-09-03 14:42:05,530 - prefs       : INFO        LOCK_FILE: [/var/run/denyhosts.pid]
                                                        2009-09-03 14:42:05,530 - prefs       : INFO        PLUGIN_DENY: [None]
                                                        2009-09-03 14:42:05,531 - prefs       : INFO        PLUGIN_PURGE: [None]
                                                        2009-09-03 14:42:05,532 - prefs       : INFO        PURGE_DENY: [None]
                                                        2009-09-03 14:42:05,533 - prefs       : INFO        PURGE_THRESHOLD: [0]
                                                        2009-09-03 14:42:05,534 - prefs       : INFO        RESET_ON_SUCCESS: [no]
                                                        2009-09-03 14:42:05,535 - prefs       : INFO        SECURE_LOG: [/var/log/system.log]
                                                        2009-09-03 14:42:05,535 - prefs       : INFO        SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z]
                                                        2009-09-03 14:42:05,536 - prefs       : INFO        SMTP_FROM: [DenyHosts <nobody@localhost>]
                                                        2009-09-03 14:42:05,537 - prefs       : INFO        SMTP_HOST: [localhost]
                                                        2009-09-03 14:42:05,538 - prefs       : INFO        SMTP_PASSWORD: [None]
                                                        2009-09-03 14:42:05,539 - prefs       : INFO        SMTP_PORT: [25]
                                                        2009-09-03 14:42:05,540 - prefs       : INFO        SMTP_SUBJECT: [DenyHosts Report]
                                                        2009-09-03 14:42:05,541 - prefs       : INFO        SMTP_USERNAME: [None]
                                                        2009-09-03 14:42:05,541 - prefs       : INFO        SSHD_FORMAT_REGEX: [None]
                                                        2009-09-03 14:42:05,542 - prefs       : INFO        SUCCESSFUL_ENTRY_REGEX: [None]
                                                        2009-09-03 14:42:05,543 - prefs       : INFO        SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
                                                        2009-09-03 14:42:05,544 - prefs       : INFO        SYNC_DOWNLOAD: [yes]
                                                        2009-09-03 14:42:05,545 - prefs       : INFO        SYNC_DOWNLOAD_RESILIENCY: [18000]
                                                        2009-09-03 14:42:05,546 - prefs       : INFO        SYNC_DOWNLOAD_THRESHOLD: [3]
                                                        2009-09-03 14:42:05,547 - prefs       : INFO        SYNC_INTERVAL: [3600]
                                                        2009-09-03 14:42:05,548 - prefs       : INFO        SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911]
                                                        2009-09-03 14:42:05,548 - prefs       : INFO        SYNC_UPLOAD: [yes]
                                                        2009-09-03 14:42:05,549 - prefs       : INFO        SYSLOG_REPORT: [no]
                                                        2009-09-03 14:42:05,550 - prefs       : INFO        WORK_DIR: [/usr/local/share/denyhosts/data]
                                                        2009-09-03 14:42:05,552 - denyhosts   : INFO     restricted: set([])
                                                        2009-09-03 14:42:05,556 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
                                                        2009-09-03 14:42:05,568 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 7654
                                                        2009-09-03 14:42:05,570 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
                                                        2009-09-03 14:42:05,571 - denyhosts   : INFO       eg.  kill -TERM 7654
                                                        2009-09-03 14:42:05,573 - denyhosts   : INFO     monitoring log: /var/log/system.log
                                                        2009-09-03 14:42:05,574 - denyhosts   : INFO     sync_time: 3600
                                                        2009-09-03 14:42:05,575 - denyhosts   : INFO     purging of /etc/hosts.deniedssh is disabled
                                                        2009-09-03 14:42:05,578 - denyhosts   : INFO     sync_time:      : 3600
                                                        2009-09-03 14:42:05,579 - denyhosts   : INFO     sync_sleep_ratio: 120
                                                        2009-09-03 15:42:07,378 - sync        : ERROR    [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp'
                                                        2009-09-03 15:42:08,069 - sync        : ERROR    global name 'e' is not defined
                                                        Traceback (most recent call last):
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts
                                                            self.set_sync_timestamp(timestamp)
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp
                                                            except e:
                                                        NameError: global name 'e' is not defined
                                                        2009-09-03 16:42:09,615 - sync        : ERROR    [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp'
                                                        2009-09-03 16:42:10,251 - sync        : ERROR    global name 'e' is not defined
                                                        Traceback (most recent call last):
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts
                                                            self.set_sync_timestamp(timestamp)
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp
                                                            except e:
                                                        NameError: global name 'e' is not defined
                                                        2009-09-03 17:42:12,336 - sync        : ERROR    [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp'
                                                        2009-09-03 17:42:13,040 - sync        : ERROR    global name 'e' is not defined
                                                        Traceback (most recent call last):
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts
                                                            self.set_sync_timestamp(timestamp)
                                                          File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp
                                                            except e:
                                                        NameError: global name 'e' is not defined</nobody@localhost> 
                                                        

                                                        Also, at which interval does it run through the logs? I see a lot of invalid logons but nothing gets blocked?

                                                        
                                                        Sep 3 16:16:27	sshd[18671]: Invalid user sybase from 222.236.47.135
                                                        Sep 3 16:16:23	sshd[18669]: Invalid user user1 from 222.236.47.135
                                                        Sep 3 16:16:20	sshd[18666]: Invalid user notes from 222.236.47.135
                                                        Sep 3 16:16:17	sshd[18662]: Invalid user jobs from 222.236.47.135
                                                        Sep 3 16:16:09	sshd[18660]: Invalid user user2 from 222.236.47.135
                                                        Sep 3 16:16:07	sshd[18657]: Invalid user kid from 222.236.47.135
                                                        Sep 3 16:16:03	sshd[18654]: Invalid user setup from 222.236.47.135
                                                        Sep 3 16:16:03	sshd[18638]: Invalid user candice from 222.236.47.135
                                                        Sep 3 16:16:00	sshd[18640]: Invalid user lawrence from 222.236.47.135
                                                        Sep 3 16:15:53	sshd[18554]: Invalid user download from 222.236.47.135
                                                        Sep 3 16:15:53	sshd[18552]: Invalid user candi from 222.236.47.135
                                                        Sep 3 16:15:50	sshd[18550]: Invalid user software from 222.236.47.135
                                                        Sep 3 16:15:47	sshd[18547]: Invalid user candace from 222.236.47.135
                                                        Sep 3 16:15:44	sshd[18543]: Invalid user marketing from 222.236.47.135
                                                        Sep 3 16:15:44	sshd[18542]: Invalid user camryn from 222.236.47.135
                                                        Sep 3 16:15:39	sshd[18537]: Invalid user media from 222.236.47.135
                                                        Sep 3 16:15:39	sshd[18540]: Invalid user cammie from 222.236.47.135
                                                        Sep 3 16:15:36	sshd[18535]: Invalid user camille from 222.236.47.135
                                                        Sep 3 16:15:34	sshd[18533]: Invalid user user from 222.236.47.135
                                                        Sep 3 16:15:33	sshd[18531]: Invalid user camilla from 222.236.47.135
                                                        Sep 3 16:15:31	sshd[18528]: Invalid user project from 222.236.47.135
                                                        Sep 3 16:15:30	sshd[18526]: Invalid user camile from 222.236.47.135
                                                        Sep 3 16:15:28	sshd[18523]: Invalid user tempuser from 222.236.47.135
                                                        Sep 3 16:15:26	sshd[18518]: Invalid user camie from 222.236.47.135
                                                        Sep 3 16:15:24	sshd[18520]: Invalid user student1 from 222.236.47.135
                                                        Sep 3 16:15:20	sshd[18511]: Invalid user spamtest from 222.236.47.135
                                                        Sep 3 16:15:19	sshd[18516]: Invalid user cameryn from 222.236.47.135
                                                        Sep 3 16:15:17	sshd[18513]: Invalid user cameren from 222.236.47.135
                                                        Sep 3 16:15:14	sshd[18509]: Invalid user calypso from 222.236.47.135
                                                        Sep 3 16:15:12	sshd[18506]: Invalid user info from 222.236.47.135
                                                        Sep 3 16:15:11	sshd[18504]: Invalid user cally from 222.236.47.135
                                                        Sep 3 16:15:09	sshd[18497]: Invalid user office from 222.236.47.135
                                                        Sep 3 16:15:08	sshd[18501]: Invalid user callista from 222.236.47.135
                                                        Sep 3 16:15:05	sshd[18498]: Invalid user calliope from 222.236.47.135
                                                        Sep 3 16:15:02	sshd[18483]: Invalid user callie from 222.236.47.135
                                                        Sep 3 16:14:58	sshd[18481]: Invalid user calli from 222.236.47.135
                                                        Sep 3 16:14:57	sshd[18469]: Invalid user nagios from 222.236.47.135
                                                        Sep 3 16:14:55	sshd[18467]: Invalid user calla from 222.236.47.135
                                                        Sep 3 16:14:52	sshd[18379]: Invalid user calista from 222.236.47.135
                                                        Sep 3 16:14:51	sshd[18381]: Invalid user college from 222.236.47.135
                                                        Sep 3 16:14:48	sshd[18376]: Invalid user portal from 222.236.47.135
                                                        Sep 3 16:14:47	sshd[18374]: Invalid user calina from 222.236.47.135
                                                        Sep 3 16:14:44	sshd[18372]: Invalid user testuser from 222.236.47.135
                                                        Sep 3 16:14:43	sshd[18370]: Invalid user calhoun from 222.236.47.135
                                                        Sep 3 16:14:41	sshd[18367]: Invalid user temp from 222.236.47.135
                                                        Sep 3 16:14:40	sshd[18365]: Invalid user caley from 222.236.47.135
                                                        Sep 3 16:14:39	sshd[18363]: Invalid user sameer from 222.236.47.135
                                                        Sep 3 16:14:37	sshd[18360]: Invalid user caleigh from 222.236.47.135
                                                        Sep 3 16:14:36	sshd[18358]: Invalid user feedback from 222.236.47.135
                                                        Sep 3 16:14:35	sshd[18351]: Invalid user calantha from 222.236.47.135
                                                        Sep 3 16:14:33	sshd[18355]: Invalid user oracle from 222.236.47.135
                                                        Sep 3 16:14:30	sshd[18349]: Invalid user photo from 222.236.47.135
                                                        Sep 3 16:14:29	sshd[18342]: Invalid user navy from 222.236.47.135
                                                        Sep 3 16:14:27	sshd[18346]: Invalid user test from 222.236.47.135
                                                        Sep 3 16:14:25	sshd[18343]: Invalid user calandra from 222.236.47.135
                                                        Sep 3 16:14:24	sshd[18340]: Invalid user testing from 222.236.47.135
                                                        Sep 3 16:14:22	sshd[18330]: Invalid user calan from 222.236.47.135
                                                        Sep 3 16:14:22	sshd[18333]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:14:21	sshd[18337]: Invalid user tester from 222.236.47.135
                                                        Sep 3 16:14:18	sshd[18334]: Invalid user mysql from 222.236.47.135
                                                        Sep 3 16:14:14	sshd[18328]: Invalid user cala from 222.236.47.135
                                                        Sep 3 16:14:13	sshd[18326]: Invalid user postgres from 222.236.47.135
                                                        Sep 3 16:14:13	sshd[18321]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:14:11	sshd[18319]: Invalid user caitlyn from 222.236.47.135
                                                        Sep 3 16:14:10	sshd[18317]: Invalid user apache from 222.236.47.135
                                                        Sep 3 16:14:10	sshd[18312]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:14:08	sshd[18311]: Invalid user caitlin from 222.236.47.135
                                                        Sep 3 16:14:07	sshd[18308]: Invalid user demo from 222.236.47.135
                                                        Sep 3 16:14:05	sshd[18304]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:14:05	sshd[18306]: Invalid user caimile from 222.236.47.135
                                                        Sep 3 16:14:04	sshd[18302]: Invalid user postmaster from 222.236.47.135
                                                        Sep 3 16:14:02	sshd[18298]: Invalid user cailine from 222.236.47.135
                                                        Sep 3 16:14:02	sshd[18295]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:14:01	sshd[18293]: Invalid user jboss from 222.236.47.135
                                                        Sep 3 16:14:00	sshd[18290]: Invalid user cailin from 222.236.47.135
                                                        Sep 3 16:13:59	sshd[18287]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:13:58	sshd[18284]: Invalid user upload from 222.236.47.135
                                                        Sep 3 16:13:57	sshd[18281]: Invalid user cai from 222.236.47.135
                                                        Sep 3 16:13:56	sshd[18278]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:13:54	sshd[18267]: Invalid user global from 222.236.47.135
                                                        Sep 3 16:13:54	sshd[18262]: Invalid user cady from 222.236.47.135
                                                        Sep 3 16:13:53	sshd[18261]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:13:51	sshd[18177]: Invalid user tomcat from 222.236.47.135
                                                        Sep 3 16:13:50	sshd[18174]: Invalid user cadi from 222.236.47.135
                                                        Sep 3 16:13:50	sshd[18173]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:13:48	sshd[18171]: Invalid user condor from 222.236.47.135
                                                        Sep 3 16:13:47	sshd[18168]: Invalid user marine from 222.236.47.135
                                                        Sep 3 16:13:45	sshd[18166]: Invalid user globus from 222.236.47.135
                                                        
                                                        
                                                        1 Reply Last reply Reply Quote 0
                                                        • C
                                                          cybrsrfr last edited by

                                                          I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.

                                                          1 Reply Last reply Reply Quote 0
                                                          • P
                                                            pakjebakmeel last edited by

                                                            @mcrane:

                                                            I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.

                                                            Too bad  :-[ I REALLY like this package.. Perhaps someone who has the skills can make it work on embedded  :-\ I get this when uninstalling too:

                                                            [code]Warning: rename(/tmp/crontab,/etc/crontab): Read-only file system in /etc/inc/pkg-utils.inc on line 929

                                                            1 Reply Last reply Reply Quote 0
                                                            • C
                                                              cybrsrfr last edited by

                                                              With some work the phpservice package to do the same job but run the block list in memory (RAM). The PHP service package simply runs PHP continously in a loop so that it can run as a service. The package allows anyone any php code that is defined in the interface to run in that loop. As long as the code is carefully optimized it will run great.

                                                              1 Reply Last reply Reply Quote 0
                                                              • T
                                                                ToxIcon last edited by

                                                                After install Denyhosts service is disable and wont start after entering

                                                                $ /usr/local/etc/rc.d/denyhosts.sh start I get the error below

                                                                $ /usr/local/etc/rc.d/denyhosts.sh start
                                                                Missing configuration parameter: DENY_THRESHOLD_INVALID

                                                                Note: The configuration parameter DENY_THRESHOLD has been renamed
                                                                      DENY_THRESHOLD_INVALID.  Please update your DenyHosts configuration
                                                                      file to reflect this change.
                                                                Missing configuration parameter: DENY_THRESHOLD_VALID
                                                                Missing configuration parameter: DENY_THRESHOLD_ROOT
                                                                Missing configuration parameter: DENY_THRESHOLD_RESTRICTED

                                                                Note: DENY_THRESHOLD_RESTRICTED has not been defined. Setting this
                                                                value to DENY_THRESHOLD_ROOT

                                                                how can i fix thanks

                                                                1 Reply Last reply Reply Quote 0
                                                                • T
                                                                  thetoaster last edited by

                                                                  I am getting errors on startup.
                                                                  I followed the setup in 2nd posting exactly.

                                                                  # /usr/local/etc/rc.d/denyhosts.sh start
                                                                  Traceback (most recent call last):
                                                                    File "/usr/local/bin/denyhosts.py", line 5, in <module>import DenyHosts.python_version
                                                                  ImportError: No module named DenyHosts.python_version</module> 
                                                                  
                                                                  1 Reply Last reply Reply Quote 0
                                                                  • T
                                                                    tommyboy180 last edited by

                                                                    Were you able to correct the issue, or is this a problem with the script?

                                                                    -Tom Schaefer
                                                                    SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                                                    Please support pfBlocker | File Browser | Strikeback

                                                                    1 Reply Last reply Reply Quote 0
                                                                    • N
                                                                      newmember last edited by

                                                                      What exactly does this package block?
                                                                      I want to create a rdr for a server in my DMZ, will this package block all hosts in denyhosts hitting my WAN NIC even though its being redirected to an internal host?
                                                                      Can I create white and black lists?
                                                                      Does this package report back to denyhosts with new attack information?

                                                                      OK I see that this is blocking all traffic from the denyhosts lists.
                                                                      $ pfctl -s all | grep ssh
                                                                      block drop in log quick proto tcp from <sshlockout>to any port = ssh label "sshlockout"
                                                                      Should this only block port 22?

                                                                      Thanks

                                                                      I'm not sure if this would have been some help.
                                                                      http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00360.html</sshlockout>

                                                                      1 Reply Last reply Reply Quote 0
                                                                      • X
                                                                        xternal last edited by

                                                                        I got this working, what i had to do was remove the most current version of python (2.5_51 or what ever it is), and install this exact version

                                                                        http://forum.pfsense.org/index.php/topic,18948.msg100099.html#msg100099

                                                                        Then i followed these instructions at the top of the thread to get it load.

                                                                        $ cp /usr/local/share/denyhosts/denyhosts.cfg-dist /usr/local/etc/denyhosts.conf

                                                                        Then edit /usr/local/etc/denyhosts.conf to set the parameters:

                                                                        SECURE_LOG = /var/log/system.log
                                                                          BLOCK_SERVICE  = sshd

                                                                        DenyHosts should  work after that.

                                                                        However, it still doesnt "work". It loads properly now and runs, but it does not monitor the system.log at all. It says its doing it, but when i test with incorrect logins it does nothing. This seems to be a common issue for others who have it running on pfsense.

                                                                        1 Reply Last reply Reply Quote 0
                                                                        • C
                                                                          cybrsrfr last edited by

                                                                          I don't like python much if I ever get time to work on this I will write an alternative php script that could run from my 'PHP Service' pfsense package.

                                                                          1 Reply Last reply Reply Quote 0
                                                                          • T
                                                                            tommyboy180 last edited by

                                                                            We can move this to the completed Bounty section. Payment has been made.

                                                                            Thank you again Mcrane for your work. I had fun working with you.

                                                                            -Tom Schaefer
                                                                            SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM

                                                                            Please support pfBlocker | File Browser | Strikeback

                                                                            1 Reply Last reply Reply Quote 0
                                                                            • First post
                                                                              Last post