Ubuntu
denyhosts package

  1. Bug #87898
  2. Comment #1

Comment 1 for bug 87898

Revision history for this message
Michael Sebastian (msebast2) wrote : denyhosts daemon does not start

Should this bug qualify as a high priority security fix since this is a security feature which is silently not working?

People are constantly trying to attack my open ssh port. I didn't notice this problem till several weeks after I set up the server. Like a fool I just assumed that denyhosts would work as well as it did on edgy. Hopefully no one has brute forced my password and covered up their tracks in the last two weeks.

I can verify that denyhosts was silently failing to work on a fresh install of feisty.
There were no messages indicating any problem in any of the log files.
The /var/lib/denyhosts directory was empty.
ps -ef | grep denyhosts showed nothing running.
sudo /etc/init.d/denyhosts start would look like it worked and some startup stuff appeared in /var/log/denyhosts but then the process silently died.

The end of /var/log/denyhosts was:
2007-06-06 07:05:23,193 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 07:05:23,193 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 07:05:23,203 - denyhosts : INFO restricted: set([])

Investigating further I tried running from the command line.

msebast@carter:/var/log$ denyhosts
DenyHosts could not obtain lock (pid: )
[Errno 13] Permission denied: '/var/run/denyhosts.pid'
msebast@carter:/var/log$ sudo /etc/init.d/denyhosts stop
msebast@carter:/var/log$ sudo denyhosts
Traceback (most recent call last):
  File "/usr/sbin/denyhosts", line 165, in <module>
    first_time, noemail, daemon)
  File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 78, in __init__
    self.get_denied_hosts()
  File "/usr/share/denyhosts/DenyHosts/deny_hosts.py", line 272, in get_denied_hosts
    for line in open(self.__prefs.get('HOSTS_DENY'), "r"):
IOError: [Errno 2] No such file or directory: '/etc/hosts.deny'

DenyHosts exited abnormally
msebast@carter:/var/log$ sudo touch /etc/hosts.deny
msebast@carter:/var/log$ sudo denyhosts
msebast@carter:/var/log$

So creating the hosts.deny file avoids the python error message.
It seems like the python error message should have gone to one of the /var/log files to make the problem more obvious.

After creating /etc/hosts.deny everything seems to be working.
The expected files show up in /var/lib/denyhosts
The end of /var/log/denyhosts is now:
2007-06-06 08:53:31,449 - prefs : INFO SYSLOG_REPORT: [no]
2007-06-06 08:53:31,449 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
2007-06-06 08:53:31,450 - denyhosts : INFO restricted: set([])
2007-06-06 08:53:31,461 - denyhosts : INFO Processing log file (/var/log/auth.log) from offset (15264)
2007-06-06 08:53:31,464 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
2007-06-06 08:53:31,482 - denyhosts : INFO DenyHosts daemon is now running, pid: 7663
2007-06-06 08:53:31,484 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
2007-06-06 08:53:31,485 - denyhosts : INFO eg. kill -TERM 7663
2007-06-06 08:53:31,485 - denyhosts : INFO monitoring log: /var/log/auth.log
2007-06-06 08:53:31,486 - denyhosts : INFO sync_time: 3600
2007-06-06 08:53:31,486 - denyhosts : INFO purging of /etc/hosts.deny is disabled
2007-06-06 08:53:31,487 - denyhosts : INFO denyhosts synchronization disabled

So I guess the work around is:
sudo touch /etc/hosts.deny

Regards,
Mike Sebastian