Finish my Denyhosts package [$20]
-
Newer builds of pfSense 1.2.3+ should be ok with functional sshlockout_pf.
-
Yes sir. I took a look at the other day. However, it is nowhere near the functionality of Denyhosts. [EDIT I still can bruteforce my way into the latest build of 1.2.3]
The one thing that I really love about denyhosts is the option to get and send bad IPs from a central Database. If an IP is attacking you, you can opt in to send that IP to the denyhosts database so millions of other denyhosts users will block that IP with a list update. The same thing the other way around, denyhosts will download a list with IPs that attacked other people and prevent them from attacking you.Denyhosts doesn't just protect SSH, it also monitors http and more. All auth that occurs on the box is actively monitored.
-
tommyboy i said newer snapshots and there hasn't been one after my post.
-
My apologies
-
I started working on the package yesterday. I should have a basic version out soon. May have some questions to ask you to speed the development along.
Mark
-
The DenyHosts package is now available for pfSense 1.2.3 and higher. Please test it and let me know the results.
Best Regards,
Mark J Crane
-
Ok, I am testing now.
When you uninstall the package it does not restore the original hosts.allow entires
The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI. -
When you uninstall the package it does not restore the original hosts.allow entires
I just updated the package.
Now when the pfsense denyhosts 0.5 package is installed now it makes a copy of the hosts.allow file and saves it to hosts.allow.bak. When the package is deleted from the pfSense GUI then it saves the hosts.allow.bak file back to the hosts.allow file.
The package doesn't seems to want to start and I cannot figure out why, the service reports down in the service tab in the GUI.
The FreeBSD denyhosts package was not installing. I've done some additional work on it and it now seems to install okay. Please test and confirm.
Best Regards,
Mark J Crane
-
Ok. I looked at it, as far as I can tell its working fine.
Great work. Please send me a PM where I can send the money and complete the bounty. :)
-
This package doesn't work on Nano-BSD? I'm getting some errors. If you say it should run on this platform I can post the errors.
-
Post them my friend.
-
Post them my friend.
It installs fine, then it shows the following log:
2009-09-03 14:42:05,505 - denyhosts : INFO DenyHosts launched with the following args: 2009-09-03 14:42:05,506 - denyhosts : INFO /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon 2009-09-03 14:42:05,507 - prefs : INFO DenyHosts configuration settings: 2009-09-03 14:42:05,508 - prefs : INFO ADMIN_EMAIL: [None] 2009-09-03 14:42:05,509 - prefs : INFO AGE_RESET_INVALID: [864000] 2009-09-03 14:42:05,510 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2009-09-03 14:42:05,511 - prefs : INFO AGE_RESET_ROOT: [2160000] 2009-09-03 14:42:05,512 - prefs : INFO AGE_RESET_VALID: [432000] 2009-09-03 14:42:05,512 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2009-09-03 14:42:05,513 - prefs : INFO BLOCK_SERVICE: [sshd] 2009-09-03 14:42:05,514 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2009-09-03 14:42:05,515 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2009-09-03 14:42:05,516 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2009-09-03 14:42:05,517 - prefs : INFO DAEMON_PURGE: [3600] 2009-09-03 14:42:05,518 - prefs : INFO DAEMON_SLEEP: [30] 2009-09-03 14:42:05,518 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2009-09-03 14:42:05,519 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2009-09-03 14:42:05,520 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2009-09-03 14:42:05,521 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2009-09-03 14:42:05,522 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2009-09-03 14:42:05,523 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2009-09-03 14:42:05,525 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2009-09-03 14:42:05,526 - prefs : INFO FAILED_ENTRY_REGEX6: [None] 2009-09-03 14:42:05,527 - prefs : INFO FAILED_ENTRY_REGEX7: [None] 2009-09-03 14:42:05,528 - prefs : INFO HOSTNAME_LOOKUP: [NO] 2009-09-03 14:42:05,529 - prefs : INFO HOSTS_DENY: [/etc/hosts.deniedssh] 2009-09-03 14:42:05,530 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid] 2009-09-03 14:42:05,530 - prefs : INFO PLUGIN_DENY: [None] 2009-09-03 14:42:05,531 - prefs : INFO PLUGIN_PURGE: [None] 2009-09-03 14:42:05,532 - prefs : INFO PURGE_DENY: [None] 2009-09-03 14:42:05,533 - prefs : INFO PURGE_THRESHOLD: [0] 2009-09-03 14:42:05,534 - prefs : INFO RESET_ON_SUCCESS: [no] 2009-09-03 14:42:05,535 - prefs : INFO SECURE_LOG: [/var/log/system.log] 2009-09-03 14:42:05,535 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z] 2009-09-03 14:42:05,536 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>] 2009-09-03 14:42:05,537 - prefs : INFO SMTP_HOST: [localhost] 2009-09-03 14:42:05,538 - prefs : INFO SMTP_PASSWORD: [None] 2009-09-03 14:42:05,539 - prefs : INFO SMTP_PORT: [25] 2009-09-03 14:42:05,540 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report] 2009-09-03 14:42:05,541 - prefs : INFO SMTP_USERNAME: [None] 2009-09-03 14:42:05,541 - prefs : INFO SSHD_FORMAT_REGEX: [None] 2009-09-03 14:42:05,542 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None] 2009-09-03 14:42:05,543 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES] 2009-09-03 14:42:05,544 - prefs : INFO SYNC_DOWNLOAD: [yes] 2009-09-03 14:42:05,545 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000] 2009-09-03 14:42:05,546 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3] 2009-09-03 14:42:05,547 - prefs : INFO SYNC_INTERVAL: [3600] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_UPLOAD: [yes] 2009-09-03 14:42:05,549 - prefs : INFO SYSLOG_REPORT: [no] 2009-09-03 14:42:05,550 - prefs : INFO WORK_DIR: [/usr/local/share/denyhosts/data] 2009-09-03 14:42:05,552 - denyhosts : INFO restricted: set([]) 2009-09-03 14:42:05,556 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... 2009-09-03 14:42:05,568 - denyhosts : INFO DenyHosts daemon is now running, pid: 7654 2009-09-03 14:42:05,570 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly 2009-09-03 14:42:05,571 - denyhosts : INFO eg. kill -TERM 7654 2009-09-03 14:42:05,573 - denyhosts : INFO monitoring log: /var/log/system.log 2009-09-03 14:42:05,574 - denyhosts : INFO sync_time: 3600 2009-09-03 14:42:05,575 - denyhosts : INFO purging of /etc/hosts.deniedssh is disabled 2009-09-03 14:42:05,578 - denyhosts : INFO sync_time: : 3600 2009-09-03 14:42:05,579 - denyhosts : INFO sync_sleep_ratio: 120</nobody@localhost> ```After a while it displays some errors. I will post them in an hour or so as they appear. thanks so far! 8) -
2009-09-03 14:42:05,505 - denyhosts : INFO DenyHosts launched with the following args: 2009-09-03 14:42:05,506 - denyhosts : INFO /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon 2009-09-03 14:42:05,507 - prefs : INFO DenyHosts configuration settings: 2009-09-03 14:42:05,508 - prefs : INFO ADMIN_EMAIL: [None] 2009-09-03 14:42:05,509 - prefs : INFO AGE_RESET_INVALID: [864000] 2009-09-03 14:42:05,510 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2009-09-03 14:42:05,511 - prefs : INFO AGE_RESET_ROOT: [2160000] 2009-09-03 14:42:05,512 - prefs : INFO AGE_RESET_VALID: [432000] 2009-09-03 14:42:05,512 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2009-09-03 14:42:05,513 - prefs : INFO BLOCK_SERVICE: [sshd] 2009-09-03 14:42:05,514 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2009-09-03 14:42:05,515 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2009-09-03 14:42:05,516 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2009-09-03 14:42:05,517 - prefs : INFO DAEMON_PURGE: [3600] 2009-09-03 14:42:05,518 - prefs : INFO DAEMON_SLEEP: [30] 2009-09-03 14:42:05,518 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2009-09-03 14:42:05,519 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2009-09-03 14:42:05,520 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2009-09-03 14:42:05,521 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2009-09-03 14:42:05,522 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2009-09-03 14:42:05,523 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2009-09-03 14:42:05,524 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2009-09-03 14:42:05,525 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2009-09-03 14:42:05,526 - prefs : INFO FAILED_ENTRY_REGEX6: [None] 2009-09-03 14:42:05,527 - prefs : INFO FAILED_ENTRY_REGEX7: [None] 2009-09-03 14:42:05,528 - prefs : INFO HOSTNAME_LOOKUP: [NO] 2009-09-03 14:42:05,529 - prefs : INFO HOSTS_DENY: [/etc/hosts.deniedssh] 2009-09-03 14:42:05,530 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid] 2009-09-03 14:42:05,530 - prefs : INFO PLUGIN_DENY: [None] 2009-09-03 14:42:05,531 - prefs : INFO PLUGIN_PURGE: [None] 2009-09-03 14:42:05,532 - prefs : INFO PURGE_DENY: [None] 2009-09-03 14:42:05,533 - prefs : INFO PURGE_THRESHOLD: [0] 2009-09-03 14:42:05,534 - prefs : INFO RESET_ON_SUCCESS: [no] 2009-09-03 14:42:05,535 - prefs : INFO SECURE_LOG: [/var/log/system.log] 2009-09-03 14:42:05,535 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z] 2009-09-03 14:42:05,536 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>] 2009-09-03 14:42:05,537 - prefs : INFO SMTP_HOST: [localhost] 2009-09-03 14:42:05,538 - prefs : INFO SMTP_PASSWORD: [None] 2009-09-03 14:42:05,539 - prefs : INFO SMTP_PORT: [25] 2009-09-03 14:42:05,540 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report] 2009-09-03 14:42:05,541 - prefs : INFO SMTP_USERNAME: [None] 2009-09-03 14:42:05,541 - prefs : INFO SSHD_FORMAT_REGEX: [None] 2009-09-03 14:42:05,542 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None] 2009-09-03 14:42:05,543 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES] 2009-09-03 14:42:05,544 - prefs : INFO SYNC_DOWNLOAD: [yes] 2009-09-03 14:42:05,545 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000] 2009-09-03 14:42:05,546 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3] 2009-09-03 14:42:05,547 - prefs : INFO SYNC_INTERVAL: [3600] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911] 2009-09-03 14:42:05,548 - prefs : INFO SYNC_UPLOAD: [yes] 2009-09-03 14:42:05,549 - prefs : INFO SYSLOG_REPORT: [no] 2009-09-03 14:42:05,550 - prefs : INFO WORK_DIR: [/usr/local/share/denyhosts/data] 2009-09-03 14:42:05,552 - denyhosts : INFO restricted: set([]) 2009-09-03 14:42:05,556 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... 2009-09-03 14:42:05,568 - denyhosts : INFO DenyHosts daemon is now running, pid: 7654 2009-09-03 14:42:05,570 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly 2009-09-03 14:42:05,571 - denyhosts : INFO eg. kill -TERM 7654 2009-09-03 14:42:05,573 - denyhosts : INFO monitoring log: /var/log/system.log 2009-09-03 14:42:05,574 - denyhosts : INFO sync_time: 3600 2009-09-03 14:42:05,575 - denyhosts : INFO purging of /etc/hosts.deniedssh is disabled 2009-09-03 14:42:05,578 - denyhosts : INFO sync_time: : 3600 2009-09-03 14:42:05,579 - denyhosts : INFO sync_sleep_ratio: 120 2009-09-03 15:42:07,378 - sync : ERROR [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp' 2009-09-03 15:42:08,069 - sync : ERROR global name 'e' is not defined Traceback (most recent call last): File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts self.set_sync_timestamp(timestamp) File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp except e: NameError: global name 'e' is not defined 2009-09-03 16:42:09,615 - sync : ERROR [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp' 2009-09-03 16:42:10,251 - sync : ERROR global name 'e' is not defined Traceback (most recent call last): File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts self.set_sync_timestamp(timestamp) File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp except e: NameError: global name 'e' is not defined 2009-09-03 17:42:12,336 - sync : ERROR [Errno 2] No such file or directory: '/usr/local/share/denyhosts/data/sync-timestamp' 2009-09-03 17:42:13,040 - sync : ERROR global name 'e' is not defined Traceback (most recent call last): File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 119, in receive_new_hosts self.set_sync_timestamp(timestamp) File "/usr/local/lib/python2.5/site-packages/DenyHosts/sync.py", line 58, in set_sync_timestamp except e: NameError: global name 'e' is not defined</nobody@localhost>Also, at which interval does it run through the logs? I see a lot of invalid logons but nothing gets blocked?
Sep 3 16:16:27 sshd[18671]: Invalid user sybase from 222.236.47.135 Sep 3 16:16:23 sshd[18669]: Invalid user user1 from 222.236.47.135 Sep 3 16:16:20 sshd[18666]: Invalid user notes from 222.236.47.135 Sep 3 16:16:17 sshd[18662]: Invalid user jobs from 222.236.47.135 Sep 3 16:16:09 sshd[18660]: Invalid user user2 from 222.236.47.135 Sep 3 16:16:07 sshd[18657]: Invalid user kid from 222.236.47.135 Sep 3 16:16:03 sshd[18654]: Invalid user setup from 222.236.47.135 Sep 3 16:16:03 sshd[18638]: Invalid user candice from 222.236.47.135 Sep 3 16:16:00 sshd[18640]: Invalid user lawrence from 222.236.47.135 Sep 3 16:15:53 sshd[18554]: Invalid user download from 222.236.47.135 Sep 3 16:15:53 sshd[18552]: Invalid user candi from 222.236.47.135 Sep 3 16:15:50 sshd[18550]: Invalid user software from 222.236.47.135 Sep 3 16:15:47 sshd[18547]: Invalid user candace from 222.236.47.135 Sep 3 16:15:44 sshd[18543]: Invalid user marketing from 222.236.47.135 Sep 3 16:15:44 sshd[18542]: Invalid user camryn from 222.236.47.135 Sep 3 16:15:39 sshd[18537]: Invalid user media from 222.236.47.135 Sep 3 16:15:39 sshd[18540]: Invalid user cammie from 222.236.47.135 Sep 3 16:15:36 sshd[18535]: Invalid user camille from 222.236.47.135 Sep 3 16:15:34 sshd[18533]: Invalid user user from 222.236.47.135 Sep 3 16:15:33 sshd[18531]: Invalid user camilla from 222.236.47.135 Sep 3 16:15:31 sshd[18528]: Invalid user project from 222.236.47.135 Sep 3 16:15:30 sshd[18526]: Invalid user camile from 222.236.47.135 Sep 3 16:15:28 sshd[18523]: Invalid user tempuser from 222.236.47.135 Sep 3 16:15:26 sshd[18518]: Invalid user camie from 222.236.47.135 Sep 3 16:15:24 sshd[18520]: Invalid user student1 from 222.236.47.135 Sep 3 16:15:20 sshd[18511]: Invalid user spamtest from 222.236.47.135 Sep 3 16:15:19 sshd[18516]: Invalid user cameryn from 222.236.47.135 Sep 3 16:15:17 sshd[18513]: Invalid user cameren from 222.236.47.135 Sep 3 16:15:14 sshd[18509]: Invalid user calypso from 222.236.47.135 Sep 3 16:15:12 sshd[18506]: Invalid user info from 222.236.47.135 Sep 3 16:15:11 sshd[18504]: Invalid user cally from 222.236.47.135 Sep 3 16:15:09 sshd[18497]: Invalid user office from 222.236.47.135 Sep 3 16:15:08 sshd[18501]: Invalid user callista from 222.236.47.135 Sep 3 16:15:05 sshd[18498]: Invalid user calliope from 222.236.47.135 Sep 3 16:15:02 sshd[18483]: Invalid user callie from 222.236.47.135 Sep 3 16:14:58 sshd[18481]: Invalid user calli from 222.236.47.135 Sep 3 16:14:57 sshd[18469]: Invalid user nagios from 222.236.47.135 Sep 3 16:14:55 sshd[18467]: Invalid user calla from 222.236.47.135 Sep 3 16:14:52 sshd[18379]: Invalid user calista from 222.236.47.135 Sep 3 16:14:51 sshd[18381]: Invalid user college from 222.236.47.135 Sep 3 16:14:48 sshd[18376]: Invalid user portal from 222.236.47.135 Sep 3 16:14:47 sshd[18374]: Invalid user calina from 222.236.47.135 Sep 3 16:14:44 sshd[18372]: Invalid user testuser from 222.236.47.135 Sep 3 16:14:43 sshd[18370]: Invalid user calhoun from 222.236.47.135 Sep 3 16:14:41 sshd[18367]: Invalid user temp from 222.236.47.135 Sep 3 16:14:40 sshd[18365]: Invalid user caley from 222.236.47.135 Sep 3 16:14:39 sshd[18363]: Invalid user sameer from 222.236.47.135 Sep 3 16:14:37 sshd[18360]: Invalid user caleigh from 222.236.47.135 Sep 3 16:14:36 sshd[18358]: Invalid user feedback from 222.236.47.135 Sep 3 16:14:35 sshd[18351]: Invalid user calantha from 222.236.47.135 Sep 3 16:14:33 sshd[18355]: Invalid user oracle from 222.236.47.135 Sep 3 16:14:30 sshd[18349]: Invalid user photo from 222.236.47.135 Sep 3 16:14:29 sshd[18342]: Invalid user navy from 222.236.47.135 Sep 3 16:14:27 sshd[18346]: Invalid user test from 222.236.47.135 Sep 3 16:14:25 sshd[18343]: Invalid user calandra from 222.236.47.135 Sep 3 16:14:24 sshd[18340]: Invalid user testing from 222.236.47.135 Sep 3 16:14:22 sshd[18330]: Invalid user calan from 222.236.47.135 Sep 3 16:14:22 sshd[18333]: Invalid user marine from 222.236.47.135 Sep 3 16:14:21 sshd[18337]: Invalid user tester from 222.236.47.135 Sep 3 16:14:18 sshd[18334]: Invalid user mysql from 222.236.47.135 Sep 3 16:14:14 sshd[18328]: Invalid user cala from 222.236.47.135 Sep 3 16:14:13 sshd[18326]: Invalid user postgres from 222.236.47.135 Sep 3 16:14:13 sshd[18321]: Invalid user marine from 222.236.47.135 Sep 3 16:14:11 sshd[18319]: Invalid user caitlyn from 222.236.47.135 Sep 3 16:14:10 sshd[18317]: Invalid user apache from 222.236.47.135 Sep 3 16:14:10 sshd[18312]: Invalid user marine from 222.236.47.135 Sep 3 16:14:08 sshd[18311]: Invalid user caitlin from 222.236.47.135 Sep 3 16:14:07 sshd[18308]: Invalid user demo from 222.236.47.135 Sep 3 16:14:05 sshd[18304]: Invalid user marine from 222.236.47.135 Sep 3 16:14:05 sshd[18306]: Invalid user caimile from 222.236.47.135 Sep 3 16:14:04 sshd[18302]: Invalid user postmaster from 222.236.47.135 Sep 3 16:14:02 sshd[18298]: Invalid user cailine from 222.236.47.135 Sep 3 16:14:02 sshd[18295]: Invalid user marine from 222.236.47.135 Sep 3 16:14:01 sshd[18293]: Invalid user jboss from 222.236.47.135 Sep 3 16:14:00 sshd[18290]: Invalid user cailin from 222.236.47.135 Sep 3 16:13:59 sshd[18287]: Invalid user marine from 222.236.47.135 Sep 3 16:13:58 sshd[18284]: Invalid user upload from 222.236.47.135 Sep 3 16:13:57 sshd[18281]: Invalid user cai from 222.236.47.135 Sep 3 16:13:56 sshd[18278]: Invalid user marine from 222.236.47.135 Sep 3 16:13:54 sshd[18267]: Invalid user global from 222.236.47.135 Sep 3 16:13:54 sshd[18262]: Invalid user cady from 222.236.47.135 Sep 3 16:13:53 sshd[18261]: Invalid user marine from 222.236.47.135 Sep 3 16:13:51 sshd[18177]: Invalid user tomcat from 222.236.47.135 Sep 3 16:13:50 sshd[18174]: Invalid user cadi from 222.236.47.135 Sep 3 16:13:50 sshd[18173]: Invalid user marine from 222.236.47.135 Sep 3 16:13:48 sshd[18171]: Invalid user condor from 222.236.47.135 Sep 3 16:13:47 sshd[18168]: Invalid user marine from 222.236.47.135 Sep 3 16:13:45 sshd[18166]: Invalid user globus from 222.236.47.135 -
I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.
-
@mcrane:
I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.
Too bad :-[ I REALLY like this package.. Perhaps someone who has the skills can make it work on embedded :-\ I get this when uninstalling too:
[code]Warning: rename(/tmp/crontab,/etc/crontab): Read-only file system in /etc/inc/pkg-utils.inc on line 929
-
With some work the phpservice package to do the same job but run the block list in memory (RAM). The PHP service package simply runs PHP continously in a loop so that it can run as a service. The package allows anyone any php code that is defined in the interface to run in that loop. As long as the code is carefully optimized it will run great.
-
After install Denyhosts service is disable and wont start after entering
$ /usr/local/etc/rc.d/denyhosts.sh start I get the error below
$ /usr/local/etc/rc.d/denyhosts.sh start
Missing configuration parameter: DENY_THRESHOLD_INVALIDNote: The configuration parameter DENY_THRESHOLD has been renamed
DENY_THRESHOLD_INVALID. Please update your DenyHosts configuration
file to reflect this change.
Missing configuration parameter: DENY_THRESHOLD_VALID
Missing configuration parameter: DENY_THRESHOLD_ROOT
Missing configuration parameter: DENY_THRESHOLD_RESTRICTEDNote: DENY_THRESHOLD_RESTRICTED has not been defined. Setting this
value to DENY_THRESHOLD_ROOThow can i fix thanks
-
I am getting errors on startup.
I followed the setup in 2nd posting exactly.# /usr/local/etc/rc.d/denyhosts.sh start Traceback (most recent call last): File "/usr/local/bin/denyhosts.py", line 5, in <module>import DenyHosts.python_version ImportError: No module named DenyHosts.python_version</module> -
Were you able to correct the issue, or is this a problem with the script?
-
What exactly does this package block?
I want to create a rdr for a server in my DMZ, will this package block all hosts in denyhosts hitting my WAN NIC even though its being redirected to an internal host?
Can I create white and black lists?
Does this package report back to denyhosts with new attack information?OK I see that this is blocking all traffic from the denyhosts lists.
$ pfctl -s all | grep ssh
block drop in log quick proto tcp from <sshlockout>to any port = ssh label "sshlockout"
Should this only block port 22?Thanks
I'm not sure if this would have been some help.
http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00360.html</sshlockout>