Denyhosts on Ubuntu?

Discussion in 'HOWTO-Related Questions' started by Jcorrea920, May 12, 2006.

  1. Jcorrea920

    Jcorrea920 New Member

    Having trouble starting Denyhosts on Ubuntu 5.10 install went fine.

    Code:
    /usr/share/denyhosts# /etc/init.d/denyhosts start
    starting DenyHosts:    /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
    Can't read: /private/var/log/system.log
    [Errno 2] No such file or directory: '/private/var/log/system.log'
    Error deleting DenyHosts lock file: /var/run/denyhosts.pid
    [Errno 2] No such file or directory: '/var/run/denyhosts.pid'
    
    Any ideas. I've tried setting it to the Red Hat/Fedora settings but those don't work either.
     
  2. falko

    falko Super Moderator

    Why does it say /private/var/log/system.log? Did you configure that somewhere?
     
  3. Jcorrea920

    Jcorrea920 New Member

    It comes standard with Denyhosts 2.4b

    I tried to get fancy and install the most current version of Denyhosts 2.4b.

    The Log file in denyhosts.cfg:

    Code:
    SECURE_LOG = /var/log/auth.log
    
    Could it be a permission fiasco or what?
     
  4. falko

    falko Super Moderator

    What's in denyhosts.cfg (strip out the comments)?
     
  5. Jcorrea920

    Jcorrea920 New Member

    All Good!

    Falko,

    Apparently my denyhosts.cfg had:

    Code:
    #
    # Mac OS X (v10.3 or earlier):
    SECURE_LOG=/private/var/log/system.log
    #
    ########################################################################
    
    Should have been:

    Code:
    #
    # Mac OS X (v10.3 or earlier):
    # SECURE_LOG=/private/var/log/system.log
    #
    ########################################################################
    
    
    Running Ubuntu not Max OS X so there you are, started up like a charm.

    Jorge
     
  6. wr19026

    wr19026 New Member

    Cool, I had the same problem when installing 2.5 instead of 2.0 as used in the HowTo (perhaps a quick pdate of the HowTo is in order?)

    Anyway, here's a quick question: how do I upgrade my existing version; simple reinstall using the HowTo instructions and tweak them for 2.5?
     
  7. falko

    falko Super Moderator

    Yes, that should work. :)
     
  8. Berry

    Berry New Member

    I also installed 2.5, but my error is
    Code:
    starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
    Can't read: /var/log/auth.log
    [Errno 2] No such file or directory: '/var/log/auth.log'
    Error deleting DenyHosts lock file: /var/run/denyhosts.pid
    [Errno 2] No such file or directory: '/var/run/denyhosts.pid'
    
    appearently there is no /var/log/auth.log on my Sarge. Any clues?? :confused:
     
  9. falko

    falko Super Moderator

    What's the output of
    Code:
    ls -la /var/log
    ?
     
  10. Berry

    Berry New Member

    Code:
    drwxr-xr-x   2 root        root    1024 Nov 26 02:42 apache2
    -rw-r--r--   1 root        root   18670 Nov 24 09:38 aptitude
    -rw-r--r--   1 root        root     456 Nov 14 02:42 aptitude.1.gz
    -rw-r--r--   1 root        root       0 Oct 23 17:18 boot.log
    -rw-rw-r--   1 root        utmp       0 Nov 14 02:42 btmp
    -rw-rw-r--   1 root        utmp       0 Oct 19 10:20 btmp.1
    -rw-r--r--   1 root        root  346528 Nov 27 11:30 cron
    -rw-r--r--   1 root        root   12978 Nov 24 17:01 denyhosts
    -rw-r--r--   1 root        root      68 Nov 24 15:56 dmesg
    drwxr-s---   2 Debian-exim adm     1024 Nov 22 13:46 exim4
    -rw-r--r--   1 root        root     600 Nov 13 16:59 fontconfig.log
    drwxr-xr-x   2 root        root    1024 Nov 27 01:32 httpd
    -rw-r--r--   1 root        root   29029 Nov 24 13:07 ispconfig_install.log
    drwxr-xr-x   2 root        root    1024 Oct 19 10:20 ksymoops
    -rw-rw-r--   1 root        utmp 3504584 Nov 27 11:19 lastlog
    -rw-r--r--   1 root        root       0 Nov 26 03:57 lp-acct
    -rw-r--r--   1 root        root       0 Nov 21 15:14 lp-acct.0
    -rw-r--r--   1 root        root       0 Nov 26 03:57 lp-errs
    -rw-r--r--   1 root        root       0 Nov 21 15:14 lp-errs.0
    -rw-r--r--   1 root        root  256507 Nov 27 02:42 maillog
    -rw-r--r--   1 root        root       0 Nov 26 02:42 messages
    -rw-r--r--   1 root        root   30538 Nov 26 02:42 messages.1.gz
    -rw-r--r--   1 root        root   15217 Nov 19 02:43 messages.2.gz
    -rw-r--r--   1 root        root   10077 Nov 14 02:42 messages.3.gz
    drwxr-s---   2 mysql       adm     1024 Nov 27 02:42 mysql
    -rw-r-----   1 root        adm        0 Nov 27 02:42 mysql.err
    -rw-r-----   1 root        adm       20 Nov 27 02:42 mysql.err.1.gz
    -rw-r-----   1 root        adm       20 Nov 26 02:42 mysql.err.2.gz
    -rw-r-----   1 root        adm       20 Nov 25 02:42 mysql.err.3.gz
    -rw-r-----   1 root        adm       20 Nov 24 02:42 mysql.err.4.gz
    -rw-r-----   1 root        adm       20 Nov 23 02:42 mysql.err.5.gz
    -rw-r-----   1 root        adm       20 Nov 22 02:42 mysql.err.6.gz
    -rw-r-----   1 root        adm       20 Nov 21 02:42 mysql.err.7.gz
    -rw-r-----   1 mysql       adm        0 Nov 27 02:42 mysql.log
    -rw-r-----   1 mysql       adm       20 Nov 27 02:42 mysql.log.1.gz
    -rw-r-----   1 mysql       adm       20 Nov 26 02:42 mysql.log.2.gz
    -rw-r-----   1 mysql       adm       20 Nov 25 02:42 mysql.log.3.gz
    -rw-r-----   1 mysql       adm       20 Nov 24 02:42 mysql.log.4.gz
    -rw-r-----   1 mysql       adm       20 Nov 23 02:42 mysql.log.5.gz
    -rw-r-----   1 mysql       adm       20 Nov 22 02:42 mysql.log.6.gz
    -rw-r-----   1 mysql       adm       20 Nov 21 02:42 mysql.log.7.gz
    drwxr-xr-x   2 root        root    1024 Oct  1  2004 news
    -rw-r--r--   1 root        root   10151 Nov 24 16:38 secure
    -rw-r--r--   1 root        root       0 Oct 23 17:18 spooler
    -rw-rw-r--   1 root        utmp  138624 Nov 27 11:19 wtmp
    -rw-rw-r--   1 root        utmp   34560 Nov 14 00:49 wtmp.1
    -rw-r--r--   1 root        root       0 Nov 26 23:59 xferlog
    
     
  11. falko

    falko Super Moderator

    There's no /var/log/auth.log, and apparently /var/run is also missing. Did you maybe delete them? Because they exist on a standard Debian installation.
     
  12. Berry

    Berry New Member

    I'm using VPS (Virtuozzo virtual server) system and my Sarge was preinstalled, I just continued "perfect sarge howto" with packages installs...

    What could/should I do?
     
  13. falko

    falko Super Moderator

    What's in /etc/syslog.conf?
     
  14. Berry

    Berry New Member

    Code:
    daemon.*;*.=notice;*.=warn;\
    *.info;mail.none;authpriv.none;cron.none                -/var/log/messages
    authpriv.*                                              -/var/log/secure
    mail.*                                                  -/var/log/maillog
    cron.*                                                  -/var/log/cron
    *.emerg                                                 *
    uucp,news.crit                                          -/var/log/spooler
    local7.*                                                -/var/log/boot.log
    
     
  15. falko

    falko Super Moderator

    Ok, your system is logging to /var/log/secure instead of /var/log/auth.log.
     
  16. Berry

    Berry New Member

    Code:
    daemon.*;*.=notice;*.=warn;\
    *.info;mail.none;authpriv.none;cron.none                -/var/log/messages
    authpriv.*                                              -/var/log/secure
    mail.*                                                  -/var/log/maillog
    cron.*                                                  -/var/log/cron
    *.emerg                                                 *
    uucp,news.crit                                          -/var/log/spooler
    local7.*                                                -/var/log/boot.log
    my /var/log/secure doesn't contain logs of SSH connections, all lines are like :

    Dec 5 13:55:25 localhost proftpd[23679] .....

    any clues how/where to look for log of SSH connects as DenyHosts has blocked 3 IP's and I want to investigate why
     
  17. falko

    falko Super Moderator

    You could add
    Code:
    auth,authpriv.*                 /var/log/auth.log
    to /etc/syslog.conf and run
    Code:
    /etc/init.d/sysklogd restart
    The login attempts should then be logged in /var/log/auth.log.
     

Share This Page