Page 3 of 4 FirstFirst 1234 LastLast
Results 21 to 30 of 32

Thread: HOWTO: Installing DenyHosts

  1. #21
    Join Date
    Apr 2006
    Beans
    1,842

    Re: HOWTO: Installing DenyHosts

    Quote Originally Posted by dbott67 View Post
    Putting the dot in front would allow any host from my work domain to be allowed in. From the TCP Wrappers Configuration File Site:



    Purging the hosts.deny file does not issue any output, however, if you check the file before & after, you will notice that any logged IP address that is older than the PURGE_DENY value will be removed.
    All noted. Tks

    For Debian-based distros (such as Ubuntu) the sshd is logged in /var/log/auth.log.
    I got it.

    $ tail -f /var/log/auth.log
    Code:
    Aug 27 23:17:01 ubuntu CRON[5157]: (pam_unix) session closed for user root
    Aug 27 23:39:01 ubuntu CRON[5246]: (pam_unix) session opened for user root by (uid=0)
    Aug 27 23:39:01 ubuntu CRON[5246]: (pam_unix) session closed for user root
    Aug 27 23:49:54 ubuntu sudo:  satimis : TTY=tty1 ; PWD=/home/satimis ; USER=root ; COMMAND=/sbin/shutdown -h now
    Aug 28 09:06:21 ubuntu sshd[4655]: Server listening on 0.0.0.0 port 22.
    Aug 28 09:09:01 ubuntu CRON[4826]: (pam_unix) session opened for user root by (uid=0)
    Aug 28 09:09:02 ubuntu CRON[4826]: (pam_unix) session closed for user root
    Aug 28 09:09:51 ubuntu login[4336]: (pam_unix) session opened for user satimis by (uid=0)
    Aug 28 09:17:01 ubuntu CRON[4907]: (pam_unix) session opened for user root by (uid=0)
    Aug 28 09:17:01 ubuntu CRON[4907]: (pam_unix) session closed for user root
    B.R.
    satimis

  2. #22
    Join Date
    Dec 2006
    Beans
    177
    Distro
    Hardy Heron (Ubuntu Development)

    Re: HOWTO: Installing DenyHosts

    Here's a little off topic question...

    Let's say I want to make a world map of all my blocked IPs based on geographical location (they're all china IPs but I do have 1 from italy!). Anybody know of some nifty tools to help me make this?

  3. #23
    Join Date
    Apr 2007
    Beans
    29
    Distro
    Ubuntu 7.04 Feisty Fawn

    Re: HOWTO: Installing DenyHosts

    Hi,

    May I know what messages should I expect from

    tail -f -s3 /etc/hosts.deny
    if I attempt a simulated internal attack on my ssh?

    I have attempted few tries but nothing is logged. What can I do to see some failed attempts?

    Thanks.

  4. #24
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Installing DenyHosts

    Quote Originally Posted by swoosh View Post
    Hi,

    May I know what messages should I expect from



    if I attempt a simulated internal attack on my ssh?

    I have attempted few tries but nothing is logged. What can I do to see some failed attempts?

    Thanks.
    You should see something like this:
    Code:
    dbott@feisty:~$ tail -f -s3 /etc/hosts.deny
    # DenyHosts: Thu Oct 18 22:34:31 2007 | sshd: 192.168.1.107
    sshd: 192.168.1.107
    If you don't get anything showing up after a few attempts, make sure that DenyHosts is running:
    Code:
    dbott@feisty:~$ ps aux | grep deny
    dbott     5007  0.0  0.0   2884   752 pts/0    R+   22:36   0:00 grep deny
    root     20631  0.0  0.5   8336  4760 ?        SN   Oct14   0:00 python /usr/sbin/denyhosts --daemon --config=/etc/denyhosts.conf --config=/etc/denyhosts.conf
    Also make sure that the auth.log file shows the attempts:
    Code:
    dbott@feisty:~$ cat /var/log/auth.log | grep sshd
    Oct 18 22:33:09 feisty sshd[4851]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107  user=root
    Oct 18 22:33:11 feisty sshd[4851]: Failed password for root from 192.168.1.107 port 1482 ssh2
    Oct 18 22:34:03 feisty sshd[4889]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107  user=root
    Oct 18 22:34:04 feisty sshd[4889]: Failed password for root from 192.168.1.107 port 1483 ssh2
    Oct 18 22:34:34 feisty sshd[4909]: (pam_unix) authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.1.107  user=root
    Oct 18 22:34:36 feisty sshd[4909]: Failed password for root from 192.168.1.107 port 1484 ssh2
    Oct 18 22:35:13 feisty sshd[4909]: Failed password for root from 192.168.1.107 port 1484 ssh2
    Oct 18 22:36:24 feisty sshd[4909]: fatal: Timeout before authentication for 192.168.1.107
    -Dave
    Last edited by dbott67; October 19th, 2007 at 03:45 AM. Reason: Added more info

  5. #25
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Installing DenyHosts

    Quote Originally Posted by hebetude View Post
    Here's a little off topic question...

    Let's say I want to make a world map of all my blocked IPs based on geographical location (they're all china IPs but I do have 1 from italy!). Anybody know of some nifty tools to help me make this?
    There are sites out there that offer software that can do this, such as http://www.ip2location.com/ and other similar sites. I don't know if there are any open source IP - Geolocation projects out there, but I'm certain that someone familiar with the API for Google Maps can scrape the data from a service similar to the above and make a pretty cool mash-up.

    -Dave

  6. #26
    Join Date
    May 2006
    Beans
    79

    Re: HOWTO: Installing DenyHosts

    Hello,
    followed this tutorial, worked like a charm. have blocked already 6 sites...
    i was curious on couple of things:
    1- somehow, denyhosts locked me out.... might be because i access (successfully though) my host every day?
    2 - i'd like to block access also to port 25 as i noticed that i have many intruder trying to login to my mail server.
    i have strong passwords, so i am not particularly worried - also because i am using VPS as a learning tool for configuring my own LInux server - but i'd like to discourage those intruders by locking them out

    how will i do it? what is the correct syntax?

    is it
    BLOCK_SERVICES=sshd, smtp ?

    i'd love to use BLOCK_SERVICES=ALL but i fear i will be locked out forever from my VPS (currently, i am using ssh to login)

    anyone could give me some advices?

    regards
    marco

  7. #27
    Join Date
    Dec 2006
    Beans
    177
    Distro
    Hardy Heron (Ubuntu Development)

    Re: HOWTO: Installing DenyHosts

    Mine started locking me out when I upgraded to Hardy on my server. Don't know why, I checked the logs and didn't see 3 unsuccessful attempts (as I specified). Very disappointing it has worked great for months now.

  8. #28
    Join Date
    Mar 2007
    Beans
    7

    Re: HOWTO: Installing DenyHosts

    how do is denyhosts disabled or removed when no longer needed?

    ty a lot.

    s4s

  9. #29
    Join Date
    May 2006
    Location
    Houston, TX
    Beans
    Hidden!
    Distro
    Kubuntu 10.04 Lucid Lynx

    Re: HOWTO: Installing DenyHosts

    When I tried to use denyhosts on Gutsy, it would give me the following on startup:

    File "/usr/bin/denyhosts.py", line 5, in <module>
    import DenyHosts.python_version
    ImportError: No module named DenyHosts.python_version
    In case anyone else has this issue, I found the fix. Edit the /etc/init.d/denyhosts file.
    Change (or comment out)
    PYTHON_BIN = /usr/bin/env python"
    to
    PYTHON_BIN = "/usr/bin/python2.4"

  10. #30
    Join Date
    Sep 2006
    Beans
    118

    Re: HOWTO: Installing DenyHosts

    I'm a little confused about allowing hosts. I installed denyhosts on an Ubuntu 6.06.1 server and tested it to make sure my IP would be blocked after the specified threshold. Now, I want to add my IP in the allowed list so that it never gets blocked again.

    Some material I read says to create a file called "allowed-hosts" in WORK_DIR and others say to edit /etc/hosts.allow. I've tried both methods and I still cannot get back in from the IP that was blocked.

    I'm running version 2.6 of DenyHosts.

    What am I doing wrong? Is there a service I need to restart or something? Also, if "allowed-hosts" is the correct file, is the path /etc/allowed-hosts or /usr/share/denyhosts/allowed-hosts or something else?

    Thanks.
    __________________

Page 3 of 4 FirstFirst 1234 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •