Should this bug qualify as a high priority security fix since this is a security feature which is silently not working?
People are constantly trying to attack my open ssh port. I didn't notice this problem till several weeks after I set up the server. Like a fool I just assumed that denyhosts would work as well as it did on edgy. Hopefully no one has brute forced my password and covered up their tracks in the last two weeks.
I can verify that denyhosts was silently failing to work on a fresh install of feisty.
There were no messages indicating any problem in any of the log files.
The /var/lib/denyhosts directory was empty.
ps -ef | grep denyhosts showed nothing running.
sudo /etc/init.d/denyhosts start would look like it worked and some startup stuff appeared in /var/log/denyhosts but then the process silently died.
The end of /var/log/denyhosts was:
2007-06-06 07:05:23,193 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 07:05:23,193 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 07:05:23,203 - denyhosts : INFO restricted: set([])
Investigating further I tried running from the command line.
msebast@carter:/var/log$ denyhosts
DenyHosts could not obtain lock (pid: )
[Errno 13] Permission denied: '/var/run/denyhosts.pid'
msebast@carter:/var/log$ sudo /etc/init.d/denyhosts stop
msebast@carter:/var/log$ sudo denyhosts
Traceback (most recent call last):
File "/usr/sbin/denyhosts", line 165, in <module>
first_time, noemail, daemon)
File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 78, in __init__
self.get_denied_hosts()
File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 272, in get_denied_hosts
for line in open(self.__prefs.get('HOSTS_DENY'), "r"):
IOError: [Errno 2] No such file or directory: '/etc/hosts.deny'
So creating the hosts.deny file avoids the python error message.
It seems like the python error message should have gone to one of the /var/log files to make the problem more obvious.
After creating /etc/hosts.deny everything seems to be working.
The expected files show up in /var/lib/denyhosts
The end of /var/log/denyhosts is now:
2007-06-06 08:53:31,449 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 08:53:31,449 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 08:53:31,450 - denyhosts : INFO restricted: set([])
2007-06-06 08:53:31,461 - denyhosts : INFO Processing log file (/var/log/auth.log) from offset (15264)
2007-06-06 08:53:31,464 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
2007-06-06 08:53:31,482 - denyhosts : INFO DenyHosts daemon is now running, pid: 7663
2007-06-06 08:53:31,484 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
2007-06-06 08:53:31,485 - denyhosts : INFO eg. kill -TERM 7663
2007-06-06 08:53:31,485 - denyhosts : INFO monitoring log: /var/log/auth.log
2007-06-06 08:53:31,486 - denyhosts : INFO sync_time: 3600
2007-06-06 08:53:31,486 - denyhosts : INFO purging of /etc/hosts.deny is disabled
2007-06-06 08:53:31,487 - denyhosts : INFO denyhosts synchronization disabled
So I guess the work around is:
sudo touch /etc/hosts.deny
Should this bug qualify as a high priority security fix since this is a security feature which is silently not working?
People are constantly trying to attack my open ssh port. I didn't notice this problem till several weeks after I set up the server. Like a fool I just assumed that denyhosts would work as well as it did on edgy. Hopefully no one has brute forced my password and covered up their tracks in the last two weeks.
I can verify that denyhosts was silently failing to work on a fresh install of feisty. d/denyhosts start would look like it worked and some startup stuff appeared in /var/log/denyhosts but then the process silently died.
There were no messages indicating any problem in any of the log files.
The /var/lib/denyhosts directory was empty.
ps -ef | grep denyhosts showed nothing running.
sudo /etc/init.
The end of /var/log/denyhosts was: denyhosts]
2007-06-06 07:05:23,193 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 07:05:23,193 - prefs : INFO WORK_DIR: [/var/lib/
2007-06-06 07:05:23,203 - denyhosts : INFO restricted: set([])
Investigating further I tried running from the command line.
msebast@ carter: /var/log$ denyhosts denyhosts. pid' carter: /var/log$ sudo /etc/init. d/denyhosts stop carter: /var/log$ sudo denyhosts denyhosts" , line 165, in <module> denyhosts/ DenyHosts/ deny_hosts. py", line 78, in __init__ get_denied_ hosts() denyhosts/ DenyHosts/ deny_hosts. py", line 272, in get_denied_hosts __prefs. get('HOSTS_ DENY'), "r"):
DenyHosts could not obtain lock (pid: )
[Errno 13] Permission denied: '/var/run/
msebast@
msebast@
Traceback (most recent call last):
File "/usr/sbin/
first_time, noemail, daemon)
File "/usr/share/
self.
File "/usr/share/
for line in open(self.
IOError: [Errno 2] No such file or directory: '/etc/hosts.deny'
DenyHosts exited abnormally carter: /var/log$ sudo touch /etc/hosts.deny carter: /var/log$ sudo denyhosts carter: /var/log$
msebast@
msebast@
msebast@
So creating the hosts.deny file avoids the python error message.
It seems like the python error message should have gone to one of the /var/log files to make the problem more obvious.
After creating /etc/hosts.deny everything seems to be working. denyhosts]
The expected files show up in /var/lib/denyhosts
The end of /var/log/denyhosts is now:
2007-06-06 08:53:31,449 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 08:53:31,449 - prefs : INFO WORK_DIR: [/var/lib/
2007-06-06 08:53:31,450 - denyhosts : INFO restricted: set([])
2007-06-06 08:53:31,461 - denyhosts : INFO Processing log file (/var/log/auth.log) from offset (15264)
2007-06-06 08:53:31,464 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
2007-06-06 08:53:31,482 - denyhosts : INFO DenyHosts daemon is now running, pid: 7663
2007-06-06 08:53:31,484 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
2007-06-06 08:53:31,485 - denyhosts : INFO eg. kill -TERM 7663
2007-06-06 08:53:31,485 - denyhosts : INFO monitoring log: /var/log/auth.log
2007-06-06 08:53:31,486 - denyhosts : INFO sync_time: 3600
2007-06-06 08:53:31,486 - denyhosts : INFO purging of /etc/hosts.deny is disabled
2007-06-06 08:53:31,487 - denyhosts : INFO denyhosts synchronization disabled
So I guess the work around is:
sudo touch /etc/hosts.deny
Regards,
Mike Sebastian