API tools faq
paste
Advertisement
Guest User

Untitled

a guest
May 5th, 2017
97
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 12.74 KB | None | 0 0
raw download clone embed print report
  1. # cat ../denyhosts
  2.  
  3. 2010-01-28 03:43:20,349 - denyhosts : INFO DenyHosts launched with the following args:
  4. 2010-01-28 03:43:20,402 - denyhosts : INFO /usr/local/bin/denyhosts.py --config /usr/local/etc/denyhosts.conf --daemon
  5. 2010-01-28 03:43:20,402 - prefs : INFO DenyHosts configuration settings:
  6. 2010-01-28 03:43:20,402 - prefs : INFO ADMIN_EMAIL: [root]
  7. 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_INVALID: [864000]
  8. 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_RESTRICTED: [2160000]
  9. 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_ROOT: [2160000]
  10. 2010-01-28 03:43:20,403 - prefs : INFO AGE_RESET_VALID: [432000]
  11. 2010-01-28 03:43:20,403 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
  12. 2010-01-28 03:43:20,403 - prefs : INFO BLOCK_SERVICE: [sshd]
  13. 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts]
  14. 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s]
  15. 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None]
  16. 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_PURGE: [3600]
  17. 2010-01-28 03:43:20,403 - prefs : INFO DAEMON_SLEEP: [30]
  18. 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_INVALID: [5]
  19. 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1]
  20. 2010-01-28 03:43:20,403 - prefs : INFO DENY_THRESHOLD_ROOT: [1]
  21. 2010-01-28 03:43:20,404 - prefs : INFO DENY_THRESHOLD_VALID: [5]
  22. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX: [None]
  23. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX2: [None]
  24. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX3: [None]
  25. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX4: [None]
  26. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX5: [None]
  27. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX6: [None]
  28. 2010-01-28 03:43:20,404 - prefs : INFO FAILED_ENTRY_REGEX7: [None]
  29. 2010-01-28 03:43:20,404 - prefs : INFO HOSTNAME_LOOKUP: [NO]
  30. 2010-01-28 03:43:20,404 - prefs : INFO HOSTS_DENY: [/etc/hosts.deniedssh]
  31. 2010-01-28 03:43:20,404 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid]
  32. 2010-01-28 03:43:20,404 - prefs : INFO PLUGIN_DENY: [None]
  33. 2010-01-28 03:43:20,404 - prefs : INFO PLUGIN_PURGE: [None]
  34. 2010-01-28 03:43:20,404 - prefs : INFO PURGE_DENY: [604800]
  35. 2010-01-28 03:43:20,404 - prefs : INFO PURGE_THRESHOLD: [5]
  36. 2010-01-28 03:43:20,405 - prefs : INFO RESET_ON_SUCCESS: [no]
  37. 2010-01-28 03:43:20,405 - prefs : INFO SECURE_LOG: [/var/log/auth.log]
  38. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z]
  39. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>]
  40. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_HOST: [192.168.XXX.XXXX]
  41. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_PASSWORD: [XXXX]
  42. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_PORT: [25]
  43. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report]
  44. 2010-01-28 03:43:20,405 - prefs : INFO SMTP_USERNAME: [XXXXX]
  45. 2010-01-28 03:43:20,405 - prefs : INFO SSHD_FORMAT_REGEX: [None]
  46. 2010-01-28 03:43:20,405 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None]
  47. 2010-01-28 03:43:20,405 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
  48. 2010-01-28 03:43:20,405 - prefs : INFO SYNC_DOWNLOAD: [yes]
  49. 2010-01-28 03:43:20,405 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000]
  50. 2010-01-28 03:43:20,406 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3]
  51. 2010-01-28 03:43:20,406 - prefs : INFO SYNC_INTERVAL: [3600]
  52. 2010-01-28 03:43:20,406 - prefs : INFO SYNC_SERVER: [None]
  53. 2010-01-28 03:43:20,406 - prefs : INFO SYNC_UPLOAD: [yes]
  54. 2010-01-28 03:43:20,406 - prefs : INFO SYSLOG_REPORT: [no]
  55. 2010-01-28 03:43:20,406 - prefs : INFO WORK_DIR: [/usr/local/share/denyhosts/data]
  56. 2010-01-28 03:43:20,441 - denyhosts : INFO restricted: set([])
  57. 2010-01-28 03:43:20,441 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
  58. 2010-01-28 03:43:20,443 - denyhosts : INFO DenyHosts daemon is now running, pid: 76655
  59. 2010-01-28 03:43:20,444 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
  60. 2010-01-28 03:43:20,444 - denyhosts : INFO eg. kill -TERM 76655
  61. 2010-01-28 03:43:20,445 - denyhosts : INFO monitoring log: /var/log/auth.log
  62. 2010-01-28 03:43:20,445 - denyhosts : INFO sync_time: 3600
  63. 2010-01-28 03:43:20,445 - denyhosts : INFO daemon_purge: 3600
  64. 2010-01-28 03:43:20,445 - denyhosts : INFO daemon_sleep: 30
  65. 2010-01-28 03:43:20,445 - denyhosts : INFO purge_sleep_ratio: 120
  66. 2010-01-28 03:43:20,445 - denyhosts : INFO denyhosts synchronization disabled
  67. 2010-01-28 04:43:20,844 - denyfileutil: INFO purging entries older than: Thu Jan 21 04:43:20 2010
  68. 2010-01-28 04:43:20,943 - denyfileutil: INFO num entries purged: 0
  69. 2010-01-28 05:43:21,346 - denyfileutil: INFO purging entries older than: Thu Jan 21 05:43:21 2010
  70. 2010-01-28 05:43:21,407 - denyfileutil: INFO num entries purged: 0
  71. 2010-01-28 06:43:21,999 - denyfileutil: INFO purging entries older than: Thu Jan 21 06:43:21 2010
  72. 2010-01-28 06:43:22,001 - denyfileutil: INFO num entries purged: 0
  73. 2010-01-28 07:43:22,476 - denyfileutil: INFO purging entries older than: Thu Jan 21 07:43:22 2010
  74. 2010-01-28 07:43:22,479 - loginattempt: INFO purging_hosts: ['93.157.85.3']
  75. 2010-01-28 07:43:22,481 - denyfileutil: INFO num entries purged: 1
  76. ......
  77. 2010-01-28 14:43:25,254 - denyfileutil: INFO purging entries older than: Thu Jan 21 14:43:25 2010
  78. 2010-01-28 14:43:25,256 - denyfileutil: INFO num entries purged: 0
  79. 2010-01-28 15:30:55,639 - denyhosts : INFO new denied hosts: ['222.68.194.69']
  80. 2010-01-28 15:43:26,047 - denyfileutil: INFO purging entries older than: Thu Jan 21 15:43:26 2010
  81. 2010-01-28 15:43:26,049 - denyfileutil: INFO num entries purged: 0
  82. 2010-01-28 16:05:26,306 - denyhosts : INFO new denied hosts: ['85.114.141.30']
  83. 2010-01-28 16:43:29,799 - denyfileutil: INFO purging entries older than: Thu Jan 21 16:43:29 2010
  84. 2010-01-28 16:43:29,802 - denyfileutil: INFO num entries purged: 0
  85. 2010-01-28 16:45:30,032 - denyhosts : INFO new denied hosts: ['222.169.224.226']
  86. 2010-01-28 17:00:01,426 - denyhosts : INFO /var/log/auth.log has been rotated
  87. 2010-01-28 17:43:04,100 - denyhosts : INFO new denied hosts: ['59.37.54.38']
  88. 2010-01-28 17:43:34,119 - denyfileutil: INFO purging entries older than: Thu Jan 21 17:43:34 2010
  89. 2010-01-28 17:43:34,122 - denyfileutil: INFO num entries purged: 0
  90. 2010-01-28 18:00:04,446 - denyhosts : INFO /var/log/auth.log has been rotated
  91. 2010-01-28 18:43:34,778 - denyfileutil: INFO purging entries older than: Thu Jan 21 18:43:34 2010
  92. 2010-01-28 18:43:34,781 - denyfileutil: INFO num entries purged: 0
  93. ....
  94. 2010-01-29 00:43:37,194 - denyfileutil: INFO purging entries older than: Fri Jan 22 00:43:37 2010
  95. 2010-01-29 00:43:37,197 - denyfileutil: INFO num entries purged: 0
  96. 2010-01-29 00:52:07,343 - denyhosts : INFO new denied hosts: ['189.53.205.211']
  97. 2010-01-29 01:43:42,177 - denyfileutil: INFO purging entries older than: Fri Jan 22 01:43:42 2010
  98. 2010-01-29 01:43:42,180 - denyfileutil: INFO num entries purged: 0
  99. 2010-01-29 02:00:13,748 - denyhosts : INFO /var/log/auth.log has been rotated
  100. 2010-01-29 02:43:47,859 - denyfileutil: INFO purging entries older than: Fri Jan 22 02:43:47 2010
  101. 2010-01-29 02:43:47,861 - denyfileutil: INFO num entries purged: 0
  102. 2010-01-29 03:43:53,909 - denyfileutil: INFO purging entries older than: Fri Jan 22 03:43:53 2010
  103. 2010-01-29 03:43:53,949 - denyfileutil: INFO num entries purged: 0
  104. 2010-01-29 04:00:24,544 - denyhosts : INFO /var/log/auth.log has been rotated
  105. 2010-01-29 04:43:54,883 - denyfileutil: INFO purging entries older than: Fri Jan 22 04:43:54 2010
  106. 2010-01-29 04:43:54,885 - denyfileutil: INFO num entries purged: 0
  107.  
  108.  
  109.  
  110. # cat /var/log/auth.log
  111.  
  112.  
  113.  
  114. ......
  115. n 29 03:47:28 BERMEJO-BSD sshd[29491]: Invalid user paulette from 189.53.205.211
  116. Jan 29 03:47:31 BERMEJO-BSD sshd[29493]: Invalid user paulette from 189.53.205.211
  117. Jan 29 03:47:34 BERMEJO-BSD sshd[29495]: Invalid user paulette from 189.53.205.211
  118. Jan 29 03:47:36 BERMEJO-BSD sshd[29497]: Invalid user paulette from 189.53.205.211
  119. Jan 29 03:47:40 BERMEJO-BSD sshd[29499]: Invalid user paulette from 189.53.205.211
  120. Jan 29 03:47:43 BERMEJO-BSD sshd[29501]: Invalid user paulette from 189.53.205.211
  121. Jan 29 03:47:46 BERMEJO-BSD sshd[29503]: Invalid user pauline from 189.53.205.211
  122. Jan 29 03:47:49 BERMEJO-BSD sshd[29505]: Invalid user pauline from 189.53.205.211
  123. Jan 29 03:47:51 BERMEJO-BSD sshd[29507]: Invalid user pauline from 189.53.205.211
  124. Jan 29 03:47:54 BERMEJO-BSD sshd[29509]: Invalid user pauline from 189.53.205.211
  125. Jan 29 03:47:57 BERMEJO-BSD sshd[29511]: Invalid user pauline from 189.53.205.211
  126. Jan 29 03:48:00 BERMEJO-BSD sshd[29513]: Invalid user pauline from 189.53.205.211
  127. Jan 29 03:48:03 BERMEJO-BSD sshd[29515]: Invalid user pauline from 189.53.205.211
  128. Jan 29 03:48:06 BERMEJO-BSD sshd[29517]: Invalid user pauline from 189.53.205.211
  129. Jan 29 03:48:09 BERMEJO-BSD sshd[29519]: Invalid user pauline from 189.53.205.211
  130. Jan 29 03:48:12 BERMEJO-BSD sshd[29521]: Invalid user pauline from 189.53.205.211
  131. Jan 29 03:48:16 BERMEJO-BSD sshd[29523]: Invalid user cruz from 189.53.205.211
  132. Jan 29 03:48:20 BERMEJO-BSD sshd[29525]: Invalid user cruz from 189.53.205.211
  133. Jan 29 03:48:23 BERMEJO-BSD sshd[29527]: Invalid user cruz from 189.53.205.211
  134. Jan 29 03:48:26 BERMEJO-BSD sshd[29529]: Invalid user cruz from 189.53.205.211
  135. Jan 29 03:48:29 BERMEJO-BSD sshd[29531]: Invalid user cruz from 189.53.205.211
  136. Jan 29 03:48:32 BERMEJO-BSD sshd[29533]: Invalid user cruz from 189.53.205.211
  137. Jan 29 03:48:34 BERMEJO-BSD sshd[29535]: Invalid user cruz from 189.53.205.211
  138. Jan 29 03:48:37 BERMEJO-BSD sshd[29537]: Invalid user cruz from 189.53.205.211
  139. Jan 29 03:48:40 BERMEJO-BSD sshd[29539]: Invalid user cruz from 189.53.205.211
  140. Jan 29 03:48:43 BERMEJO-BSD sshd[29541]: Invalid user cruz from 189.53.205.211
  141.  
  142.  
  143. As you can see the date in log is after denyhosts block him, logrotate rotate log some times afeter black 189.53.205.211 ip
  144.  
  145.  
  146.  
  147.  
  148. # cat /etc/hosts.deniedssh
  149. # DenyHosts: Fri Jan 22 20:14:11 2010 | sshd: 62.172.75.110 : deny
  150. sshd: 62.172.75.110 : deny
  151. # DenyHosts: Fri Jan 22 23:52:13 2010 | sshd: 210.212.98.238 : deny
  152. sshd: 210.212.98.238 : deny
  153. # DenyHosts: Sat Jan 23 09:26:48 2010 | sshd: 85.17.200.206 : deny
  154. sshd: 85.17.200.206 : deny
  155. # DenyHosts: Sat Jan 23 11:29:49 2010 | sshd: 61.47.34.67 : deny
  156. sshd: 61.47.34.67 : deny
  157. # DenyHosts: Sat Jan 23 20:54:24 2010 | sshd: 218.6.19.8 : deny
  158. sshd: 218.6.19.8 : deny
  159. # DenyHosts: Mon Jan 25 14:49:25 2010 | sshd: 210.214.136.103 : deny
  160. sshd: 210.214.136.103 : deny
  161. # DenyHosts: Tue Jan 26 10:17:20 2010 | sshd: 78.157.32.5 : deny
  162. sshd: 78.157.32.5 : deny
  163. # DenyHosts: Tue Jan 26 12:59:52 2010 | sshd: 83.103.117.49 : deny
  164. sshd: 83.103.117.49 : deny
  165. # DenyHosts: Tue Jan 26 13:23:23 2010 | sshd: 85.37.38.220 : deny
  166. sshd: 85.37.38.220 : deny
  167. # DenyHosts: Tue Jan 26 20:34:21 2010 | sshd: 88.191.100.101 : deny
  168. sshd: 88.191.100.101 : deny
  169. # DenyHosts: Wed Jan 27 07:14:22 2010 | sshd: 174.120.208.50 : deny
  170. sshd: 174.120.208.50 : deny
  171. # DenyHosts: Wed Jan 27 07:27:52 2010 | sshd: 202.151.42.15 : deny
  172. sshd: 202.151.42.15 : deny
  173. # DenyHosts: Wed Jan 27 12:00:54 2010 | sshd: 213.34.207.198 : deny
  174. sshd: 213.34.207.198 : deny
  175. # DenyHosts: Thu Jan 28 15:30:55 2010 | sshd: 222.68.194.69 : deny
  176. sshd: 222.68.194.69 : deny
  177. # DenyHosts: Thu Jan 28 16:05:26 2010 | sshd: 85.114.141.30 : deny
  178. sshd: 85.114.141.30 : deny
  179. # DenyHosts: Thu Jan 28 16:45:30 2010 | sshd: 222.169.224.226 : deny
  180. sshd: 222.169.224.226 : deny
  181. # DenyHosts: Thu Jan 28 17:43:04 2010 | sshd: 59.37.54.38 : deny
  182. sshd: 59.37.54.38 : deny
  183. # DenyHosts: Fri Jan 29 00:52:07 2010 | sshd: 189.53.205.211 : deny
  184. sshd: 189.53.205.211 : deny
  185.  
  186.  
  187. Same hour of denied as denyhosts log
  188.  
  189.  
  190.  
  191.  
  192. # cat /etc/rc.conf
  193.  
  194. ....
  195. # MetaServer Inetd
  196. inetd_enable="YES"
  197.  
  198. # Servidor SSH
  199. # Mediante Inetd
  200. sshd_enable="NO"
  201. ....
  202.  
  203.  
  204. # cat /etc/inetd.conf
  205.  
  206. ssh stream tcp nowait root /usr/sbin/sshd sshd -i -4
  207.  
  208.  
  209.  
  210. Anybody can help me in disover why denyhosts is not working fine???
  211.  
  212. Thank you!
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!