Red Hat Bugzilla – Bug 450222
Denyhosts purge command cannot find configuration file
Last modified: 2008-07-09 17:49:55 EDT
Description of problem:
The denyhosts --purge command removes any blocked IPs in /etc/hosts.deny older
than the PURGE_DENY variable set in /etc/denyhosts.conf. When I stop the
denyhosts service, and run the purge command, an error comes up:
[root@XXXXX XXXX]# /usr/bin/denyhosts.py --purge
Error reading file: denyhosts.cfg
[Errno 2] No such file or directory: 'denyhosts.cfg'
Should denyhosts be looking for denyhosts.conf, not denyhosts.cfg???
Version-Release number of selected component (if applicable):
Steps to Reproduce:
1. service denyhosts stop
2. denyhosts.py --purge
3. error message produced
successful purge command
Well, the default config file in the denyhosts executable is
/usr/share/denyhosts/denyhosts.cfg; Fedora uses /etc/denyhosts.conf but of
course you're welcome to use whatever config file you like.
I suppose it's theoretically possible to patch the denyhosts executable but
honestly I try to patch the upstream sources as little as I can get away with.
I don't really see this as a bug, but I'll give it some thought.
If Fedora has decided to actively change the default config to
/etc/denyhosts.conf (which is a reasonable action for how this distro organises
things), then ALL default aspects of denyhosts should point to this. This
particular config file is where the action happens, not a copy of the config
file pasted elsewhere. That is just confusing.
Well, Fedora hasn't decided to actively change the default config to
/etc/denyhosts.conf. In fact, the fact that it Fedora doesn't do that is the
reason you've opened this ticket. The initscripts and crontabs all specify a
config file location and don't rely on the default setting.
You are asking that we introduce a variance from the upstream sources. If you
installed the Fedora package, tossed the initscript and decided to roll your
own, you wouldn't be able to use existing documentation because Fedora would
have changed the behavior of the program.
I indicated that I would give this some thought, and I will do that. I will
consult other Fedora packagers and get their input. I have to balance your
valid concerns against the above valid concerns, and I promise I won't make a
snap judgment. Just give me some time to consider the options.
No rush at all in the decision making. I can work around the problem easily
enough meanwhile. I do not actually mind how the system works in the end, so
long as it is well thought out, logical and consistent. Thats what all software
aspires to. Following upstream closely is also very good in general.
I only started this bug as it appears there is a possibly inconsistency
(previously unnoticed??) as to where different software tools look for the
config file. However, it makes sense to have only one config file, and also for
the --purge command to work, as explained on the denyhosts website.
I did some work on denyhosts today.
Regarding your problem, inspection reveals that what you want to work wouldn't
work even if we hadn't used a different name for the configuration file, because
denyhosts.py only looks for the config file in the current directory.
I just patched it to default to /etc/denyhosts.conf. Given the mostly useless
default behavior I think there's a low possibility of anyone depending on it, so
I feel confident in pushing this to F9. Please do test and comment on the
update as appropriate.
denyhosts-2.6-10.fc9 has been submitted as an update for Fedora 9
denyhosts-2.6-10.fc9 has been pushed to the Fedora 9 testing repository. If problems still persist, please make note of it in this bug report.
If you want to test the update, you can install it with
su -c 'yum --enablerepo=updates-testing update denyhosts'. You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F9/FEDORA-2008-6008
I have installed and from updates-testing. The command "/usr/bin/denyhosts.py
--purge" now works as expected with the default /etc/denyhosts.conf.
Thanks for fixing this issue for Fedora. Perhaps this issue could be forwarded
upstream, so some easy upstream solution could be implemented.
Thanks for testing; don't forget to make a note in the update system so that
this can be pushed to the stable repository.
denyhosts-2.6-10.fc9 has been pushed to the Fedora 9 stable repository. If problems still persist, please make note of it in this bug report.