Finish my Denyhosts package [$20]
-
I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.
-
@mcrane:
I'm sure this will not work correctly in a read only environment such as the nano. Read only will prevent it from creating the block list. DenyHosts would need to manage the block list in memory.
Too bad :-[ I REALLY like this package.. Perhaps someone who has the skills can make it work on embedded :-\ I get this when uninstalling too:
[code]Warning: rename(/tmp/crontab,/etc/crontab): Read-only file system in /etc/inc/pkg-utils.inc on line 929
-
With some work the phpservice package to do the same job but run the block list in memory (RAM). The PHP service package simply runs PHP continously in a loop so that it can run as a service. The package allows anyone any php code that is defined in the interface to run in that loop. As long as the code is carefully optimized it will run great.
-
After install Denyhosts service is disable and wont start after entering
$ /usr/local/etc/rc.d/denyhosts.sh start I get the error below
$ /usr/local/etc/rc.d/denyhosts.sh start
Missing configuration parameter: DENY_THRESHOLD_INVALIDNote: The configuration parameter DENY_THRESHOLD has been renamed
DENY_THRESHOLD_INVALID. Please update your DenyHosts configuration
file to reflect this change.
Missing configuration parameter: DENY_THRESHOLD_VALID
Missing configuration parameter: DENY_THRESHOLD_ROOT
Missing configuration parameter: DENY_THRESHOLD_RESTRICTEDNote: DENY_THRESHOLD_RESTRICTED has not been defined. Setting this
value to DENY_THRESHOLD_ROOThow can i fix thanks
-
I am getting errors on startup.
I followed the setup in 2nd posting exactly.# /usr/local/etc/rc.d/denyhosts.sh start Traceback (most recent call last): File "/usr/local/bin/denyhosts.py", line 5, in <module>import DenyHosts.python_version ImportError: No module named DenyHosts.python_version</module> -
Were you able to correct the issue, or is this a problem with the script?
-
What exactly does this package block?
I want to create a rdr for a server in my DMZ, will this package block all hosts in denyhosts hitting my WAN NIC even though its being redirected to an internal host?
Can I create white and black lists?
Does this package report back to denyhosts with new attack information?OK I see that this is blocking all traffic from the denyhosts lists.
$ pfctl -s all | grep ssh
block drop in log quick proto tcp from <sshlockout>to any port = ssh label "sshlockout"
Should this only block port 22?Thanks
I'm not sure if this would have been some help.
http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00360.html</sshlockout> -
I got this working, what i had to do was remove the most current version of python (2.5_51 or what ever it is), and install this exact version
http://forum.pfsense.org/index.php/topic,18948.msg100099.html#msg100099
Then i followed these instructions at the top of the thread to get it load.
$ cp /usr/local/share/denyhosts/denyhosts.cfg-dist /usr/local/etc/denyhosts.conf
Then edit /usr/local/etc/denyhosts.conf to set the parameters:
SECURE_LOG = /var/log/system.log
BLOCK_SERVICE = sshdDenyHosts should work after that.
However, it still doesnt "work". It loads properly now and runs, but it does not monitor the system.log at all. It says its doing it, but when i test with incorrect logins it does nothing. This seems to be a common issue for others who have it running on pfsense.
-
I don't like python much if I ever get time to work on this I will write an alternative php script that could run from my 'PHP Service' pfsense package.
-
We can move this to the completed Bounty section. Payment has been made.
Thank you again Mcrane for your work. I had fun working with you.