karloff
Routinier
Moin Moin
Hab nen komisches Problem mit denyhost laut dem rc-status ist die anwendung gecrasht aber wenn ich mir die logs ansehen sieht es anders aus, ich werd aus der ganzen Sache nicht schlau, vielleicht einer von euch?
System: Gentoo
rc-status:
cat /var/log/denyhost
Vorallem zieht er sich noch weiter aktuelle Daten über geblockte IP's
Daher versteh ich das ganze nicht so wieso laut rc das ganze gecrasht ist.
Im kernel log oder dergleichen ist auch nix verdächtiges drin, hab die auth auch schon entlehrt weil er damals nicht starten wollte weil durch zahllose attacken zu viel drin stand.
Jemand von Euch ne Idee?
Hier noch mal gerade aktuell aus dem Syslog, er scheint seine Arbeit zu tun, aber verstehen tu ich ganze trotzdem nicht
syslog:
Hab nen komisches Problem mit denyhost laut dem rc-status ist die anwendung gecrasht aber wenn ich mir die logs ansehen sieht es anders aus, ich werd aus der ganzen Sache nicht schlau, vielleicht einer von euch?
System: Gentoo
Code:
Linux ******* 2.6.25-hardened-r8 #1 SMP Fri Oct 17 09:12:35 CEST 2008 i686 Intel(R) Pentium(R) 4 CPU 1.60GHz GenuineIntel GNU/Linux
rc-status:
Code:
* Caching service dependencies ... [ ok ]
Runlevel: default
dbus [ started ]
net.eth0 [ started ]
boinc [ started ]
syslog-ng [ started ]
webmin [ started ]
sshd [ started ]
hald [ started ]
denyhosts [ crashed ]
gpm [ started ]
ivman [ started ]
proftpd [ started ]
local [ started ]
Runlevel: UNASSIGNED
udev-postmount [ started ]
cat /var/log/denyhost
Code:
Oct 21 16:11:43 - denyhosts : INFO DenyHosts launched with the following args:
Oct 21 16:11:43 - denyhosts : INFO /usr/bin/denyhosts --daemon -c /etc/denyhosts.conf
Oct 21 16:11:43 - prefs : INFO DenyHosts configuration settings:
Oct 21 16:11:43 - prefs : INFO ADMIN_EMAIL: [None]
Oct 21 16:11:43 - prefs : INFO AGE_RESET_INVALID: [864000]
Oct 21 16:11:43 - prefs : INFO AGE_RESET_RESTRICTED: [2160000]
Oct 21 16:11:43 - prefs : INFO AGE_RESET_ROOT: [2160000]
Oct 21 16:11:43 - prefs : INFO AGE_RESET_VALID: [432000]
Oct 21 16:11:43 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no]
Oct 21 16:11:43 - prefs : INFO BLOCK_SERVICE: [sshd]
Oct 21 16:11:43 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts]
Oct 21 16:11:43 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(m essage)s]
Oct 21 16:11:43 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [%b %d %H:%M:%S]
Oct 21 16:11:43 - prefs : INFO DAEMON_PURGE: [3600]
Oct 21 16:11:43 - prefs : INFO DAEMON_SLEEP: [30]
Oct 21 16:11:43 - prefs : INFO DENY_THRESHOLD_INVALID: [2]
Oct 21 16:11:43 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1]
Oct 21 16:11:43 - prefs : INFO DENY_THRESHOLD_ROOT: [1]
Oct 21 16:11:43 - prefs : INFO DENY_THRESHOLD_VALID: [3]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX2: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX3: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX4: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX5: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX6: [None]
Oct 21 16:11:43 - prefs : INFO FAILED_ENTRY_REGEX7: [None]
Oct 21 16:11:43 - prefs : INFO HOSTNAME_LOOKUP: [NO]
Oct 21 16:11:43 - prefs : INFO HOSTS_DENY: [/etc/hosts.blocked]
Oct 21 16:11:43 - prefs : INFO LOCK_FILE: [/var/run/denyhosts.pid]
Oct 21 16:11:43 - prefs : INFO PLUGIN_DENY: [None]
Oct 21 16:11:43 - prefs : INFO PLUGIN_PURGE: [None]
Oct 21 16:11:43 - prefs : INFO PURGE_DENY: [3600]
Oct 21 16:11:43 - prefs : INFO PURGE_THRESHOLD: [0]
Oct 21 16:11:43 - prefs : INFO RESET_ON_SUCCESS: [yes]
Oct 21 16:11:43 - prefs : INFO SECURE_LOG: [/var/log/auth.log]
Oct 21 16:11:43 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z]
Oct 21 16:11:43 - prefs : INFO SMTP_PASSWORD: [None]
Oct 21 16:11:43 - prefs : INFO SMTP_USERNAME: [None]
Oct 21 16:11:43 - prefs : INFO SSHD_FORMAT_REGEX: [None]
Oct 21 16:11:43 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None]
Oct 21 16:11:43 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES]
Oct 21 16:11:43 - prefs : INFO SYNC_DOWNLOAD: [yes]
Oct 21 16:11:43 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000]
Oct 21 16:11:43 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3]
Oct 21 16:11:43 - prefs : INFO SYNC_INTERVAL: [3600]
Oct 21 16:11:43 - prefs : INFO SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911]
Oct 21 16:11:43 - prefs : INFO SYNC_UPLOAD: [yes]
Oct 21 16:11:43 - prefs : INFO SYSLOG_REPORT: [YES]
Oct 21 16:11:43 - prefs : INFO WORK_DIR: [/var/lib/denyhosts]
Oct 21 16:11:43 - denyhosts : INFO restricted: set([])
Oct 21 16:11:43 - denyhosts : INFO launching DenyHosts daemon (version 2.6)...
Oct 21 16:11:43 - denyhosts : INFO DenyHosts daemon is now running, pid: 32142
Oct 21 16:11:43 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly
Oct 21 16:11:43 - denyhosts : INFO eg. kill -TERM 32142
Oct 21 16:11:43 - denyhosts : INFO monitoring log: /var/log/auth.log
Oct 21 16:11:43 - denyhosts : INFO sync_time: 3600
Oct 21 16:11:43 - denyhosts : INFO daemon_purge: 3600
Oct 21 16:11:43 - denyhosts : INFO daemon_sleep: 30
Oct 21 16:11:43 - denyhosts : INFO purge_sleep_ratio: 120
Oct 21 16:11:43 - denyhosts : INFO sync_time: : 3600
Oct 21 16:11:43 - denyhosts : INFO sync_sleep_ratio: 120
Vorallem zieht er sich noch weiter aktuelle Daten über geblockte IP's
Daher versteh ich das ganze nicht so wieso laut rc das ganze gecrasht ist.
Im kernel log oder dergleichen ist auch nix verdächtiges drin, hab die auth auch schon entlehrt weil er damals nicht starten wollte weil durch zahllose attacken zu viel drin stand.
Jemand von Euch ne Idee?
Hier noch mal gerade aktuell aus dem Syslog, er scheint seine Arbeit zu tun, aber verstehen tu ich ganze trotzdem nicht
syslog:
Code:
[...]
Oct 21 16:28:53 ******* proftpd[32162]: localhost (213.23.85.34[213.23.85.34]) - FTP session opened.
Oct 21 16:33:12 ******* sshd[32172]: Invalid user fluffy from 211.76.96.236
Oct 21 16:33:18 ******* sshd[32179]: Invalid user admin from 211.76.96.236
Oct 21 16:33:21 ******* sshd[32186]: Invalid user test from 211.76.96.236
Oct 21 16:33:24 ******* sshd[32193]: Invalid user guest from 211.76.96.236
Oct 21 16:33:28 ******* sshd[32200]: Invalid user webmaster from 211.76.96.236
Oct 21 16:33:34 ******* sshd[32214]: Invalid user oracle from 211.76.96.236
Oct 21 16:33:38 ******* sshd[32221]: Invalid user library from 211.76.96.236
Oct 21 16:33:41 ******* sshd[32228]: Invalid user info from 211.76.96.236
Oct 21 16:33:44 ******* denyhosts: Added the following hosts to /etc/hosts.blocked - 211.76.96.236
Oct 21 16:33:45 ******* sshd[32235]: Invalid user shell from 211.76.96.236
Oct 21 16:33:46 ******* sshd[32242]: refused connect from 211-76-96-236.ebix.net.tw
Oct 21 16:34:10 ******* proftpd[32245]: localhost (213.23.85.34[213.23.85.34]) - FTP session opened.
Oct 21 14:35:18 ******* -- MARK --
[...]
Zuletzt bearbeitet: