Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- # cat ../denyhosts
- 2010-01-28 03:43:20,349 - denyhosts : INFO DenyHosts launched with the following args:
- 2010-01-28 03:43:20,402 - denyhosts : INFO /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon
- 2010-01-28 03:43:20,402 - prefs : INFO DenyHosts configuration settings:
- 2010-01-28 03:43:20,402 - prefs : INFO ADMIN_EMAIL: [root]
- 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_INVALID: [864000]
- 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_RESTRICTED: [2160000]
- 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_ROOT: [2160000]
- 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_VALID: [432000]
- 2010-01-28 03:43:20,403 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
- 2010-01-28 03:43:20,403 - prefs : INFO BLOCK_SERVICE: [sshd]
- 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts]
- 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
- 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None]
- 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_PURGE: [3600]
- 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_SLEEP: [30]
- 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_INVALID: [5]
- 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1]
- 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_ROOT: [1]
- 2010-01-28 03:43:20,404 - prefs : INFO DENY_THRESHOLD_VALID: [5]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX2: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX3: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX4: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX5: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX6: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX7: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO HOSTNAME_LOOKUP: [NO]
- 2010-01-28 03:43:20,404 - prefs : INFO HOSTS_DENY: [/etc/hosts.deniedssh]
- 2010-01-28 03:43:20,404 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid]
- 2010-01-28 03:43:20,404 - prefs : INFO PLUGIN_DENY: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO PLUGIN_PURGE: [None]
- 2010-01-28 03:43:20,404 - prefs : INFO PURGE_DENY: [604800]
- 2010-01-28 03:43:20,404 - prefs : INFO PURGE_THRESHOLD: [5]
- 2010-01-28 03:43:20,405 - prefs : INFO RESET_ON_SUCCESS: [no]
- 2010-01-28 03:43:20,405 - prefs : INFO SECURE_LOG: [/var/log/auth.log]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_HOST: [192.168.XXX.XXXX]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_PASSWORD: [XXXX]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_PORT: [25]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report]
- 2010-01-28 03:43:20,405 - prefs : INFO SMTP_USERNAME: [XXXXX]
- 2010-01-28 03:43:20,405 - prefs : INFO SSHD_FORMAT_REGEX: [None]
- 2010-01-28 03:43:20,405 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None]
- 2010-01-28 03:43:20,405 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
- 2010-01-28 03:43:20,405 - prefs : INFO SYNC_DOWNLOAD: [yes]
- 2010-01-28 03:43:20,405 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000]
- 2010-01-28 03:43:20,406 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3]
- 2010-01-28 03:43:20,406 - prefs : INFO SYNC_INTERVAL: [3600]
- 2010-01-28 03:43:20,406 - prefs : INFO SYNC_SERVER: [None]
- 2010-01-28 03:43:20,406 - prefs : INFO SYNC_UPLOAD: [yes]
- 2010-01-28 03:43:20,406 - prefs : INFO SYSLOG_REPORT: [no]
- 2010-01-28 03:43:20,406 - prefs : INFO WORK_DIR: [/usr/local/share/denyhosts/data]
- 2010-01-28 03:43:20,441 - denyhosts : INFO restricted: set([])
- 2010-01-28 03:43:20,441 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
- 2010-01-28 03:43:20,443 - denyhosts : INFO DenyHosts daemon is now running, pid: 76655
- 2010-01-28 03:43:20,444 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
- 2010-01-28 03:43:20,444 - denyhosts : INFO eg. kill -TERM 76655
- 2010-01-28 03:43:20,445 - denyhosts : INFO monitoring log: /var/log/auth.log
- 2010-01-28 03:43:20,445 - denyhosts : INFO sync_time: 3600
- 2010-01-28 03:43:20,445 - denyhosts : INFO daemon_purge: 3600
- 2010-01-28 03:43:20,445 - denyhosts : INFO daemon_sleep: 30
- 2010-01-28 03:43:20,445 - denyhosts : INFO purge_sleep_ratio: 120
- 2010-01-28 03:43:20,445 - denyhosts : INFO denyhosts synchronization disabled
- 2010-01-28 04:43:20,844 - denyfileutil: INFO purging entries older than: Thu Jan 21 04:43:20 2010
- 2010-01-28 04:43:20,943 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 05:43:21,346 - denyfileutil: INFO purging entries older than: Thu Jan 21 05:43:21 2010
- 2010-01-28 05:43:21,407 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 06:43:21,999 - denyfileutil: INFO purging entries older than: Thu Jan 21 06:43:21 2010
- 2010-01-28 06:43:22,001 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 07:43:22,476 - denyfileutil: INFO purging entries older than: Thu Jan 21 07:43:22 2010
- 2010-01-28 07:43:22,479 - loginattempt: INFO purging_hosts: ['93.157.85.3']
- 2010-01-28 07:43:22,481 - denyfileutil: INFO num entries purged: 1
- ......
- 2010-01-28 14:43:25,254 - denyfileutil: INFO purging entries older than: Thu Jan 21 14:43:25 2010
- 2010-01-28 14:43:25,256 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 15:30:55,639 - denyhosts : INFO new denied hosts: ['222.68.194.69']
- 2010-01-28 15:43:26,047 - denyfileutil: INFO purging entries older than: Thu Jan 21 15:43:26 2010
- 2010-01-28 15:43:26,049 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 16:05:26,306 - denyhosts : INFO new denied hosts: ['85.114.141.30']
- 2010-01-28 16:43:29,799 - denyfileutil: INFO purging entries older than: Thu Jan 21 16:43:29 2010
- 2010-01-28 16:43:29,802 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 16:45:30,032 - denyhosts : INFO new denied hosts: ['222.169.224.226']
- 2010-01-28 17:00:01,426 - denyhosts : INFO /var/log/auth.log has been rotated
- 2010-01-28 17:43:04,100 - denyhosts : INFO new denied hosts: ['59.37.54.38']
- 2010-01-28 17:43:34,119 - denyfileutil: INFO purging entries older than: Thu Jan 21 17:43:34 2010
- 2010-01-28 17:43:34,122 - denyfileutil: INFO num entries purged: 0
- 2010-01-28 18:00:04,446 - denyhosts : INFO /var/log/auth.log has been rotated
- 2010-01-28 18:43:34,778 - denyfileutil: INFO purging entries older than: Thu Jan 21 18:43:34 2010
- 2010-01-28 18:43:34,781 - denyfileutil: INFO num entries purged: 0
- ....
- 2010-01-29 00:43:37,194 - denyfileutil: INFO purging entries older than: Fri Jan 22 00:43:37 2010
- 2010-01-29 00:43:37,197 - denyfileutil: INFO num entries purged: 0
- 2010-01-29 00:52:07,343 - denyhosts : INFO new denied hosts: ['189.53.205.211']
- 2010-01-29 01:43:42,177 - denyfileutil: INFO purging entries older than: Fri Jan 22 01:43:42 2010
- 2010-01-29 01:43:42,180 - denyfileutil: INFO num entries purged: 0
- 2010-01-29 02:00:13,748 - denyhosts : INFO /var/log/auth.log has been rotated
- 2010-01-29 02:43:47,859 - denyfileutil: INFO purging entries older than: Fri Jan 22 02:43:47 2010
- 2010-01-29 02:43:47,861 - denyfileutil: INFO num entries purged: 0
- 2010-01-29 03:43:53,909 - denyfileutil: INFO purging entries older than: Fri Jan 22 03:43:53 2010
- 2010-01-29 03:43:53,949 - denyfileutil: INFO num entries purged: 0
- 2010-01-29 04:00:24,544 - denyhosts : INFO /var/log/auth.log has been rotated
- 2010-01-29 04:43:54,883 - denyfileutil: INFO purging entries older than: Fri Jan 22 04:43:54 2010
- 2010-01-29 04:43:54,885 - denyfileutil: INFO num entries purged: 0
- # cat /var/log/auth.log
- ......
- n 29 03:47:28 BERMEJO-BSD sshd[29491]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:31 BERMEJO-BSD sshd[29493]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:34 BERMEJO-BSD sshd[29495]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:36 BERMEJO-BSD sshd[29497]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:40 BERMEJO-BSD sshd[29499]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:43 BERMEJO-BSD sshd[29501]: Invalid user paulette from 189.53.205.211
- Jan 29 03:47:46 BERMEJO-BSD sshd[29503]: Invalid user pauline from 189.53.205.211
- Jan 29 03:47:49 BERMEJO-BSD sshd[29505]: Invalid user pauline from 189.53.205.211
- Jan 29 03:47:51 BERMEJO-BSD sshd[29507]: Invalid user pauline from 189.53.205.211
- Jan 29 03:47:54 BERMEJO-BSD sshd[29509]: Invalid user pauline from 189.53.205.211
- Jan 29 03:47:57 BERMEJO-BSD sshd[29511]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:00 BERMEJO-BSD sshd[29513]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:03 BERMEJO-BSD sshd[29515]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:06 BERMEJO-BSD sshd[29517]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:09 BERMEJO-BSD sshd[29519]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:12 BERMEJO-BSD sshd[29521]: Invalid user pauline from 189.53.205.211
- Jan 29 03:48:16 BERMEJO-BSD sshd[29523]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:20 BERMEJO-BSD sshd[29525]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:23 BERMEJO-BSD sshd[29527]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:26 BERMEJO-BSD sshd[29529]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:29 BERMEJO-BSD sshd[29531]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:32 BERMEJO-BSD sshd[29533]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:34 BERMEJO-BSD sshd[29535]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:37 BERMEJO-BSD sshd[29537]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:40 BERMEJO-BSD sshd[29539]: Invalid user cruz from 189.53.205.211
- Jan 29 03:48:43 BERMEJO-BSD sshd[29541]: Invalid user cruz from 189.53.205.211
- As you can see the date in log is after denyhosts block him, logrotate rotate log some times afeter black 189.53.205.211 ip
- # cat /etc/hosts.deniedssh
- # DenyHosts: Fri Jan 22 20:14:11 2010 | sshd: 62.172.75.110 : deny
- sshd: 62.172.75.110 : deny
- # DenyHosts: Fri Jan 22 23:52:13 2010 | sshd: 210.212.98.238 : deny
- sshd: 210.212.98.238 : deny
- # DenyHosts: Sat Jan 23 09:26:48 2010 | sshd: 85.17.200.206 : deny
- sshd: 85.17.200.206 : deny
- # DenyHosts: Sat Jan 23 11:29:49 2010 | sshd: 61.47.34.67 : deny
- sshd: 61.47.34.67 : deny
- # DenyHosts: Sat Jan 23 20:54:24 2010 | sshd: 218.6.19.8 : deny
- sshd: 218.6.19.8 : deny
- # DenyHosts: Mon Jan 25 14:49:25 2010 | sshd: 210.214.136.103 : deny
- sshd: 210.214.136.103 : deny
- # DenyHosts: Tue Jan 26 10:17:20 2010 | sshd: 78.157.32.5 : deny
- sshd: 78.157.32.5 : deny
- # DenyHosts: Tue Jan 26 12:59:52 2010 | sshd: 83.103.117.49 : deny
- sshd: 83.103.117.49 : deny
- # DenyHosts: Tue Jan 26 13:23:23 2010 | sshd: 85.37.38.220 : deny
- sshd: 85.37.38.220 : deny
- # DenyHosts: Tue Jan 26 20:34:21 2010 | sshd: 88.191.100.101 : deny
- sshd: 88.191.100.101 : deny
- # DenyHosts: Wed Jan 27 07:14:22 2010 | sshd: 174.120.208.50 : deny
- sshd: 174.120.208.50 : deny
- # DenyHosts: Wed Jan 27 07:27:52 2010 | sshd: 202.151.42.15 : deny
- sshd: 202.151.42.15 : deny
- # DenyHosts: Wed Jan 27 12:00:54 2010 | sshd: 213.34.207.198 : deny
- sshd: 213.34.207.198 : deny
- # DenyHosts: Thu Jan 28 15:30:55 2010 | sshd: 222.68.194.69 : deny
- sshd: 222.68.194.69 : deny
- # DenyHosts: Thu Jan 28 16:05:26 2010 | sshd: 85.114.141.30 : deny
- sshd: 85.114.141.30 : deny
- # DenyHosts: Thu Jan 28 16:45:30 2010 | sshd: 222.169.224.226 : deny
- sshd: 222.169.224.226 : deny
- # DenyHosts: Thu Jan 28 17:43:04 2010 | sshd: 59.37.54.38 : deny
- sshd: 59.37.54.38 : deny
- # DenyHosts: Fri Jan 29 00:52:07 2010 | sshd: 189.53.205.211 : deny
- sshd: 189.53.205.211 : deny
- Same hour of denied as denyhosts log
- # cat /etc/rc.conf
- ....
- # MetaServer Inetd
- inetd_enable="YES"
- # Servidor SSH
- # Mediante Inetd
- sshd_enable="NO"
- ....
- # cat /etc/inetd.conf
- ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
- Anybody can help me in disover why denyhosts is not working fine???
- Thank you!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement