Denyhosts on Ubuntu?

Discussion in 'HOWTO-Related Questions' started by Jcorrea920, May 12, 2006.

  1. Jcorrea920

    Jcorrea920 New Member

    Having trouble starting Denyhosts on Ubuntu 5.10 install went fine.

    Code:
    /usr/share/denyhosts# /etc/init.d/denyhosts start
    starting DenyHosts:    /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
    Can't read: /private/var/log/system.log
    [Errno 2] No such file or directory: '/private/var/log/system.log'
    Error deleting DenyHosts lock file: /var/run/denyhosts.pid
    [Errno 2] No such file or directory: '/var/run/denyhosts.pid'
    
    Any ideas. I've tried setting it to the Red Hat/Fedora settings but those don't work either.
     
  2. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Why does it say /private/var/log/system.log? Did you configure that somewhere?
     
  3. Jcorrea920

    Jcorrea920 New Member

    It comes standard with Denyhosts 2.4b

    I tried to get fancy and install the most current version of Denyhosts 2.4b.

    The Log file in denyhosts.cfg:

    Code:
    SECURE_LOG = /var/log/auth.log
    
    Could it be a permission fiasco or what?
     
  4. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in denyhosts.cfg (strip out the comments)?
     
  5. Jcorrea920

    Jcorrea920 New Member

    All Good!

    Falko,

    Apparently my denyhosts.cfg had:

    Code:
    #
    # Mac OS X (v10.3 or earlier):
    SECURE_LOG=/private/var/log/system.log
    #
    ########################################################################
    
    Should have been:

    Code:
    #
    # Mac OS X (v10.3 or earlier):
    # SECURE_LOG=/private/var/log/system.log
    #
    ########################################################################
    
    
    Running Ubuntu not Max OS X so there you are, started up like a charm.

    Jorge
     
  6. wr19026

    wr19026 New Member

    Cool, I had the same problem when installing 2.5 instead of 2.0 as used in the HowTo (perhaps a quick pdate of the HowTo is in order?)

    Anyway, here's a quick question: how do I upgrade my existing version; simple reinstall using the HowTo instructions and tweak them for 2.5?
     
  7. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Yes, that should work. :)
     
  8. Berry

    Berry New Member

    I also installed 2.5, but my error is
    Code:
    starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
    Can't read: /var/log/auth.log
    [Errno 2] No such file or directory: '/var/log/auth.log'
    Error deleting DenyHosts lock file: /var/run/denyhosts.pid
    [Errno 2] No such file or directory: '/var/run/denyhosts.pid'
    
    appearently there is no /var/log/auth.log on my Sarge. Any clues?? :confused:
     
  9. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's the output of
    Code:
    ls -la /var/log
    ?
     
  10. Berry

    Berry New Member

    Code:
    drwxr-xr-x   2 root        root    1024 Nov 26 02:42 apache2
    -rw-r--r--   1 root        root   18670 Nov 24 09:38 aptitude
    -rw-r--r--   1 root        root     456 Nov 14 02:42 aptitude.1.gz
    -rw-r--r--   1 root        root       0 Oct 23 17:18 boot.log
    -rw-rw-r--   1 root        utmp       0 Nov 14 02:42 btmp
    -rw-rw-r--   1 root        utmp       0 Oct 19 10:20 btmp.1
    -rw-r--r--   1 root        root  346528 Nov 27 11:30 cron
    -rw-r--r--   1 root        root   12978 Nov 24 17:01 denyhosts
    -rw-r--r--   1 root        root      68 Nov 24 15:56 dmesg
    drwxr-s---   2 Debian-exim adm     1024 Nov 22 13:46 exim4
    -rw-r--r--   1 root        root     600 Nov 13 16:59 fontconfig.log
    drwxr-xr-x   2 root        root    1024 Nov 27 01:32 httpd
    -rw-r--r--   1 root        root   29029 Nov 24 13:07 ispconfig_install.log
    drwxr-xr-x   2 root        root    1024 Oct 19 10:20 ksymoops
    -rw-rw-r--   1 root        utmp 3504584 Nov 27 11:19 lastlog
    -rw-r--r--   1 root        root       0 Nov 26 03:57 lp-acct
    -rw-r--r--   1 root        root       0 Nov 21 15:14 lp-acct.0
    -rw-r--r--   1 root        root       0 Nov 26 03:57 lp-errs
    -rw-r--r--   1 root        root       0 Nov 21 15:14 lp-errs.0
    -rw-r--r--   1 root        root  256507 Nov 27 02:42 maillog
    -rw-r--r--   1 root        root       0 Nov 26 02:42 messages
    -rw-r--r--   1 root        root   30538 Nov 26 02:42 messages.1.gz
    -rw-r--r--   1 root        root   15217 Nov 19 02:43 messages.2.gz
    -rw-r--r--   1 root        root   10077 Nov 14 02:42 messages.3.gz
    drwxr-s---   2 mysql       adm     1024 Nov 27 02:42 mysql
    -rw-r-----   1 root        adm        0 Nov 27 02:42 mysql.err
    -rw-r-----   1 root        adm       20 Nov 27 02:42 mysql.err.1.gz
    -rw-r-----   1 root        adm       20 Nov 26 02:42 mysql.err.2.gz
    -rw-r-----   1 root        adm       20 Nov 25 02:42 mysql.err.3.gz
    -rw-r-----   1 root        adm       20 Nov 24 02:42 mysql.err.4.gz
    -rw-r-----   1 root        adm       20 Nov 23 02:42 mysql.err.5.gz
    -rw-r-----   1 root        adm       20 Nov 22 02:42 mysql.err.6.gz
    -rw-r-----   1 root        adm       20 Nov 21 02:42 mysql.err.7.gz
    -rw-r-----   1 mysql       adm        0 Nov 27 02:42 mysql.log
    -rw-r-----   1 mysql       adm       20 Nov 27 02:42 mysql.log.1.gz
    -rw-r-----   1 mysql       adm       20 Nov 26 02:42 mysql.log.2.gz
    -rw-r-----   1 mysql       adm       20 Nov 25 02:42 mysql.log.3.gz
    -rw-r-----   1 mysql       adm       20 Nov 24 02:42 mysql.log.4.gz
    -rw-r-----   1 mysql       adm       20 Nov 23 02:42 mysql.log.5.gz
    -rw-r-----   1 mysql       adm       20 Nov 22 02:42 mysql.log.6.gz
    -rw-r-----   1 mysql       adm       20 Nov 21 02:42 mysql.log.7.gz
    drwxr-xr-x   2 root        root    1024 Oct  1  2004 news
    -rw-r--r--   1 root        root   10151 Nov 24 16:38 secure
    -rw-r--r--   1 root        root       0 Oct 23 17:18 spooler
    -rw-rw-r--   1 root        utmp  138624 Nov 27 11:19 wtmp
    -rw-rw-r--   1 root        utmp   34560 Nov 14 00:49 wtmp.1
    -rw-r--r--   1 root        root       0 Nov 26 23:59 xferlog
    
     
  11. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    There's no /var/log/auth.log, and apparently /var/run is also missing. Did you maybe delete them? Because they exist on a standard Debian installation.
     
  12. Berry

    Berry New Member

    I'm using VPS (Virtuozzo virtual server) system and my Sarge was preinstalled, I just continued "perfect sarge howto" with packages installs...

    What could/should I do?
     
  13. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    What's in /etc/syslog.conf?
     
  14. Berry

    Berry New Member

    Code:
    daemon.*;*.=notice;*.=warn;\
    *.info;mail.none;authpriv.none;cron.none                -/var/log/messages
    authpriv.*                                              -/var/log/secure
    mail.*                                                  -/var/log/maillog
    cron.*                                                  -/var/log/cron
    *.emerg                                                 *
    uucp,news.crit                                          -/var/log/spooler
    local7.*                                                -/var/log/boot.log
    
     
  15. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    Ok, your system is logging to /var/log/secure instead of /var/log/auth.log.
     
  16. Berry

    Berry New Member

    Code:
    daemon.*;*.=notice;*.=warn;\
    *.info;mail.none;authpriv.none;cron.none                -/var/log/messages
    authpriv.*                                              -/var/log/secure
    mail.*                                                  -/var/log/maillog
    cron.*                                                  -/var/log/cron
    *.emerg                                                 *
    uucp,news.crit                                          -/var/log/spooler
    local7.*                                                -/var/log/boot.log
    my /var/log/secure doesn't contain logs of SSH connections, all lines are like :

    Dec 5 13:55:25 localhost proftpd[23679] .....

    any clues how/where to look for log of SSH connects as DenyHosts has blocked 3 IP's and I want to investigate why
     
  17. falko

    falko Super Moderator Howtoforge Staff Moderator HowtoForge Supporter ISPConfig Developer

    You could add
    Code:
    auth,authpriv.*                 /var/log/auth.log
    to /etc/syslog.conf and run
    Code:
    /etc/init.d/sysklogd restart
    The login attempts should then be logged in /var/log/auth.log.
     

Share This Page