denyhosts package causing problems

Should this bug qualify as a high priority security fix since this is a security feature which is silently not working?

People are constantly trying to attack my open ssh port. I didn't notice this problem till several weeks after I set up the server. Like a fool I just assumed that denyhosts would work as well as it did on edgy. Hopefully no one has brute forced my password and covered up their tracks in the last two weeks.

I can verify that denyhosts was silently failing to work on a fresh install of feisty.
There were no messages indicating any problem in any of the log files.
The /var/lib/denyhosts directory was empty.
ps -ef | grep denyhosts showed nothing running.
sudo /etc/init.d/denyhosts start would look like it worked and some startup stuff appeared in /var/log/denyhosts but then the process silently died.

The end of /var/log/denyhosts was:
2007-06-06 07:05:23,193 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 07:05:23,193 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 07:05:23,203 - denyhosts : INFO restricted: set([])

Investigating further I tried running from the command line.

msebast@carter:/var/log$ denyhosts
DenyHosts could not obtain lock (pid: )
[Errno 13] Permission denied: '/var/run/denyhosts.pid'
msebast@carter:/var/log$ sudo /etc/init.d/denyhosts stop
msebast@carter:/var/log$ sudo denyhosts
Traceback (most recent call last):
  File "/usr/sbin/denyhosts", line 165, in <module>
    first_time, noemail, daemon)
  File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 78, in __init__
    self.get_denied_hosts()
  File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 272, in get_denied_hosts
    for line in open(self.__prefs.get('HOSTS_DENY'), "r"):
IOError: [Errno 2] No such file or directory: '/etc/hosts.deny'

DenyHosts exited abnormally
msebast@carter:/var/log$ sudo touch /etc/hosts.deny
msebast@carter:/var/log$ sudo denyhosts
msebast@carter:/var/log$

So creating the hosts.deny file avoids the python error message.
It seems like the python error message should have gone to one of the /var/log files to make the problem more obvious.

After creating /etc/hosts.deny everything seems to be working.
The expected files show up in /var/lib/denyhosts
The end of /var/log/denyhosts is now:
2007-06-06 08:53:31,449 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 08:53:31,449 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 08:53:31,450 - denyhosts : INFO restricted: set([])
2007-06-06 08:53:31,461 - denyhosts : INFO Processing log file (/var/log/auth.log) from offset (15264)
2007-06-06 08:53:31,464 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
2007-06-06 08:53:31,482 - denyhosts : INFO DenyHosts daemon is now running, pid: 7663
2007-06-06 08:53:31,484 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
2007-06-06 08:53:31,485 - denyhosts : INFO eg. kill -TERM 7663
2007-06-06 08:53:31,485 - denyhosts : INFO monitoring log: /var/log/auth.log
2007-06-06 08:53:31,486 - denyhosts : INFO sync_time: 3600
2007-06-06 08:53:31,486 - denyhosts : INFO purgin...

This problem only happened for me on feisty.
denyhosts installed and started working just fine on both Gutsy and Hardy.

Denyhosts won't start for me on hardy

root@blah:~# /usr/sbin/denyhosts
Could not find environment variable: HOSTNAME
root@blah:~# /etc/init.d/denyhosts start
 * Starting DenyHosts denyhosts
   ...done.
root@blah:~# ps aux | grep denyhosts
root@blah:~#

Ices,
Do you have the /etc/hosts.deny file on your system?

yes...

root@blah:~# cat /etc/hosts.deny
# /etc/hosts.deny: list of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access(5) and hosts_options(5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# daemon name. Remember that you can only use the keyword "ALL" and IP
# addresses (NOT host or domain names) for the portmapper, as well as for
# rpc.mountd (the NFS mount daemon). See portmap(8) and rpc.mountd(8)
# for further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# address.

# You may wish to enable this to ensure any programs that don't
# validate looked up hostnames still leave understandable logs. In past
# versions of Debian this has been the default.
# ALL: PARANOID

but this is obviously not working...

root@blah:~# grep -i failed /var/log/auth.log |grep sshd | wc -l
1592

Hi,

I had a similar problem.
I solved replacing the line

 SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]

with

SMTP_SUBJECT = DenyHosts Report from $HOSTNAME

Hoping it helps...

The SMTP_SUBJECT modification above for denyhosts.conf worked for me.

Thanks electron257

Is this symptom still reproducible in 8.10 alpha?

no idea> From: <email address hidden>> To: <email address hidden>> Date: Sat, 20 Sep 2008 22:53:12 +0000> Subject: [Bug 87898] Re: denyhosts package causing problems> > Is this symptom still reproducible in 8.10 alpha?> > ** Changed in: denyhosts (Ubuntu)> Importance: Undecided => Medium> Status: New => Incomplete> > -- > denyhosts package causing problems> https://bugs.launchpad.net/bugs/87898> You received this bug notification because you are a direct subscriber> of the bug.
_________________________________________________________________
See how Windows connects the people, information, and fun that are part of your life.
http://clk.atdmt.com/MRT/go/msnnkwxp1020093175mrt/direct/01/

Is this bug still a problem for you?

I suspect there are really two separate problems.

The missing /etc/hosts.deny seems to have been fixed in Gutsy and Hardy.

I never had an issue with SMTP_SUBJECT (probably because I don't use the email feature?)

Regards,
Michael Sebastian

--- On Mon, 2/23/09, Johnathon <email address hidden> wrote:
From: Johnathon <email address hidden>
Subject: [Bug 87898] Re: denyhosts package causing problems
To: <email address hidden>
Date: Monday, February 23, 2009, 1:30 PM

Is this bug still a problem for you?

--
denyhosts package causing problems
https://bugs.launchpad.net/bugs/87898
You received this bug notification because you are a direct subscriber
of the bug.

We'd like to figure out what's causing this bug for you, but we haven't heard back from you in a while. Could you please provide the requested information? Thanks!

Err.. Ralph, there isn't a pending question on this bug, as far as I can see?

Maybe this bug should be closed?

The cause of the original bug was a missing /etc/hosts.deny file.

This was a Fiesty bug.
I've already confirmed that it is fixed in Hardy and Gutsy.
Does anyone still care about Fiesty bugs?

1 year after the original bug report Sol Jerome came along with an unrelated issue.
If there is still a problem with SMTP_SUBJECT then it should really have it's own bug.

We are closing this bug report because it lacks the information we need to investigate the problem, as described in the previous comments. Please reopen it if you can give us the missing information, and don't hesitate to submit bug reports in the future. To reopen the bug report you can click on the current status, under the Status column, and change the Status back to "New". Thanks again!

Thank you for taking the time to report this bug and helping to make Ubuntu better. My apologies as I should not have marked this Invalid. The issue that you reported is one that should be reproducible with the live environment of the Desktop CD of the development release - Maverick Meerkat. It would help us greatly if you could test with it so we can work on getting it fixed in the next release of Ubuntu. You can find out more about the development release at http://www.ubuntu.com/testing/ . Thanks again and we appreciate your help.

This is not incomplete. All requested information has been provided.
This is not invalid. It was a real bug in Feisty.

It is obsolete. Does anyone really care about a problem in Feisty?
I'm sure Feisty is no longer supported.

I've already confimed:
> The missing /etc/hosts.deny seems to have been fixed in Gutsy and Hardy.

I don't see any reason to confirm the fix on every new Ubuntu release. I think
it is safe to assume the fix is permanent.

Why is this bug from 2007 still open?
Is anyone going to update the Fiesty package to fix the problem?
Can someone please close this?

Thanks.

I've marked invalid. If one of the core triagers see it, they can mark "Won't Fix". Safe to leave this one as invalid now, unless this particular bug re-occurs, please file a new one.