Description of problem: I'm using stock denyhosts-2.6-10.fc9.noarch on Fedora F9. AFAIK, I did not change any settings from defaults. I see a bunch of these in /var/log/messages: Oct 25 15:04:32 nbecker sshd[13980]: Failed password for root from 210.214.136.95 port 58285 ssh2 I do not see any thing in /etc/hosts.deny about this, and I do not see anything in /var/log/denyhosts.log about this. denyhosts is running, and is updating via sync. I'm really wondering if the fedora f9 denyhosts that we all depend on actually even works at all? Here is the startup info: 2008-10-22 04:24:39,995 - denyhosts : INFO DenyHosts launched with the following args: 2008-10-22 04:24:39,995 - denyhosts : INFO /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf 2008-10-22 04:24:39,995 - prefs : INFO DenyHosts configuration settings: 2008-10-22 04:24:39,995 - prefs : INFO ADMIN_EMAIL: [root@localhost] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_INVALID: [864000] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_ROOT: [2160000] 2008-10-22 04:24:39,996 - prefs : INFO AGE_RESET_VALID: [432000] 2008-10-22 04:24:39,996 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2008-10-22 04:24:39,996 - prefs : INFO BLOCK_SERVICE: [sshd] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_PURGE: [3600] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_SLEEP: [30] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2008-10-22 04:24:39,998 - prefs : INFO FAILED_ENTRY_REGEX6: [None] Version-Release number of selected component (if applicable): How reproducible: Steps to Reproduce: 1. 2. 3. Actual results: Expected results: Additional info:
> I'm really wondering if the fedora f9 denyhosts that we all depend on actually > even works at all? Well, I can certainly verify that it indeed works as expected wherever I run it (including F9) and it works fine. We do test this software before releasing it, you know, and I just did a quick test on stock F9 and indeed it does work as expected,. Now, one odd thing you note is that the "Failed password" notice is in /var/log/messages. But denyhosts is configured to consult /var/log/secure, which is where Fedora puts such messages unless you have somehow modified your syslogging system, customized how sshd does logging, or done some other customization we can't account for. (The default rsyslog.conf has "authpriv.* /var/log/secure".) If you made such changes you want denyhosts to check some other log file, you are going to have to actually configure it to do so. See the SECURE_LOG setting in /etc/denyhosts.conf.
Also, is there any specific reason why you trimmed the logged configuration information before the line which actually matters here (SECURE_LOG)?
Sorry, my mistake - I meant /var/log/secure. I did not intentionally trim the logged configuration, let me try again: 2008-10-22 04:24:39,995 - denyhosts : INFO DenyHosts launched with the following args: 2008-10-22 04:24:39,995 - denyhosts : INFO /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf 2008-10-22 04:24:39,995 - prefs : INFO DenyHosts configuration settings: 2008-10-22 04:24:39,995 - prefs : INFO ADMIN_EMAIL: [root@localhost] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_INVALID: [864000] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2008-10-22 04:24:39,995 - prefs : INFO AGE_RESET_ROOT: [2160000] 2008-10-22 04:24:39,996 - prefs : INFO AGE_RESET_VALID: [432000] 2008-10-22 04:24:39,996 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2008-10-22 04:24:39,996 - prefs : INFO BLOCK_SERVICE: [sshd] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_PURGE: [3600] 2008-10-22 04:24:39,996 - prefs : INFO DAEMON_SLEEP: [30] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2008-10-22 04:24:39,997 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2008-10-22 04:24:39,997 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2008-10-22 04:24:39,998 - prefs : INFO FAILED_ENTRY_REGEX6: [None] 2
I just restarted denyhosts, here is the complete info: 2008-10-27 06:37:52,710 - denyhosts : INFO DenyHosts launched with the following args: 2008-10-27 06:37:52,730 - denyhosts : INFO /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf 2008-10-27 06:37:52,730 - prefs : INFO DenyHosts configuration settings: 2008-10-27 06:37:52,730 - prefs : INFO ADMIN_EMAIL: [root@localhost] 2008-10-27 06:37:52,730 - prefs : INFO AGE_RESET_INVALID: [864000] 2008-10-27 06:37:52,731 - prefs : INFO AGE_RESET_RESTRICTED: [2160000] 2008-10-27 06:37:52,731 - prefs : INFO AGE_RESET_ROOT: [2160000] 2008-10-27 06:37:52,731 - prefs : INFO AGE_RESET_VALID: [432000] 2008-10-27 06:37:52,731 - prefs : INFO ALLOWED_HOSTS_HOSTNAME_LOOKUP: [no] 2008-10-27 06:37:52,731 - prefs : INFO BLOCK_SERVICE: [sshd] 2008-10-27 06:37:52,731 - prefs : INFO DAEMON_LOG: [/var/log/denyhosts] 2008-10-27 06:37:52,731 - prefs : INFO DAEMON_LOG_MESSAGE_FORMAT: [%(asctime)s - %(name)-12s: %(levelname)-8s %(message)s] 2008-10-27 06:37:52,731 - prefs : INFO DAEMON_LOG_TIME_FORMAT: [None] 2008-10-27 06:37:52,732 - prefs : INFO DAEMON_PURGE: [3600] 2008-10-27 06:37:52,732 - prefs : INFO DAEMON_SLEEP: [30] 2008-10-27 06:37:52,732 - prefs : INFO DENY_THRESHOLD_INVALID: [5] 2008-10-27 06:37:52,732 - prefs : INFO DENY_THRESHOLD_RESTRICTED: [1] 2008-10-27 06:37:52,732 - prefs : INFO DENY_THRESHOLD_ROOT: [1] 2008-10-27 06:37:52,732 - prefs : INFO DENY_THRESHOLD_VALID: [10] 2008-10-27 06:37:52,732 - prefs : INFO FAILED_ENTRY_REGEX: [None] 2008-10-27 06:37:52,732 - prefs : INFO FAILED_ENTRY_REGEX2: [None] 2008-10-27 06:37:52,732 - prefs : INFO FAILED_ENTRY_REGEX3: [None] 2008-10-27 06:37:52,733 - prefs : INFO FAILED_ENTRY_REGEX4: [None] 2008-10-27 06:37:52,733 - prefs : INFO FAILED_ENTRY_REGEX5: [None] 2008-10-27 06:37:52,733 - prefs : INFO FAILED_ENTRY_REGEX6: [None] 2008-10-27 06:37:52,733 - prefs : INFO FAILED_ENTRY_REGEX7: [None] 2008-10-27 06:37:52,733 - prefs : INFO HOSTNAME_LOOKUP: [YES] 2008-10-27 06:37:52,733 - prefs : INFO HOSTS_DENY: [/etc/hosts.deny] 2008-10-27 06:37:52,733 - prefs : INFO LOCK_FILE: [/var/lock/subsys/denyhosts] 2008-10-27 06:37:52,733 - prefs : INFO PLUGIN_DENY: [None] 2008-10-27 06:37:52,734 - prefs : INFO PLUGIN_PURGE: [None] 2008-10-27 06:37:52,734 - prefs : INFO PURGE_DENY: [2419200] 2008-10-27 06:37:52,734 - prefs : INFO PURGE_THRESHOLD: [0] 2008-10-27 06:37:52,734 - prefs : INFO RESET_ON_SUCCESS: [no] 2008-10-27 06:37:52,734 - prefs : INFO SECURE_LOG: [/var/log/secure] 2008-10-27 06:37:52,734 - prefs : INFO SMTP_DATE_FORMAT: [%a, %d %b %Y %H:%M:%S %z] 2008-10-27 06:37:52,734 - prefs : INFO SMTP_FROM: [DenyHosts <nobody@localhost>] 2008-10-27 06:37:52,734 - prefs : INFO SMTP_HOST: [localhost] 2008-10-27 06:37:52,734 - prefs : INFO SMTP_PASSWORD: [None] 2008-10-27 06:37:52,735 - prefs : INFO SMTP_PORT: [25] 2008-10-27 06:37:52,735 - prefs : INFO SMTP_SUBJECT: [DenyHosts Report from nbecker] 2008-10-27 06:37:52,735 - prefs : INFO SMTP_USERNAME: [None] 2008-10-27 06:37:52,735 - prefs : INFO SSHD_FORMAT_REGEX: [None] 2008-10-27 06:37:52,735 - prefs : INFO SUCCESSFUL_ENTRY_REGEX: [None] 2008-10-27 06:37:52,736 - prefs : INFO SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS: [YES] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_DOWNLOAD: [yes] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_DOWNLOAD_RESILIENCY: [18000] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_DOWNLOAD_THRESHOLD: [3] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_INTERVAL: [3600] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_SERVER: [http://xmlrpc.denyhosts.net:9911] 2008-10-27 06:37:52,736 - prefs : INFO SYNC_UPLOAD: [yes] 2008-10-27 06:37:52,736 - prefs : INFO SYSLOG_REPORT: [no] 2008-10-27 06:37:52,736 - prefs : INFO WORK_DIR: [/var/lib/denyhosts] 2008-10-27 06:37:52,747 - denyhosts : INFO restricted: set([]) 2008-10-27 06:37:52,872 - denyhosts : INFO Processing log file (/var/log/secure) from offset (0) 2008-10-27 06:37:53,010 - denyhosts : INFO launching DenyHosts daemon (version 2.6)... 2008-10-27 06:37:53,013 - denyhosts : INFO DenyHosts daemon is now running, pid: 7808 2008-10-27 06:37:53,014 - denyhosts : INFO send daemon process a TERM signal to terminate cleanly 2008-10-27 06:37:53,015 - denyhosts : INFO eg. kill -TERM 7808 2008-10-27 06:37:53,132 - denyhosts : INFO monitoring log: /var/log/secure 2008-10-27 06:37:53,132 - denyhosts : INFO sync_time: 3600 2008-10-27 06:37:53,132 - denyhosts : INFO daemon_purge: 3600 2008-10-27 06:37:53,132 - denyhosts : INFO daemon_sleep: 30 2008-10-27 06:37:53,132 - denyhosts : INFO purge_sleep_ratio: 120 2008-10-27 06:37:53,133 - denyhosts : INFO sync_time: : 3600 2008-10-27 06:37:53,133 - denyhosts : INFO sync_sleep_ratio: 120
My denyhosts is doing the same thing. it seems to hang when it does a sync. After that nothing gets blocked and nothing gets logged but the PID still exists. If I run it from the command line I get the following error: [root@cyclops ~]# denyhosts.py -c /etc/denyhosts.conf --sync Error synchronizing data name 'info' is not defined denyhosts 2.6-10 on fedora 9.
Unfortunately issues with the sync server are completely out of (my, Fedora's, your) control. The server isn't even open source so we have no way to debug it. Fedora does not ship with any interaction with the sync server defined by default, and I don't recommend that people enable it. If you do, I certainly can't do much to help you other than direct you to upstream. Interaction with the sync server is via simple xmlrpc but errors on the remote end are reported back in a way that makes them look like they occurred locally, so you can see all sorts of things include mysql errors even there's no mysql use in the local denyhosts daemon. In any case, thank you from mentioning sync, because I see that SYNC_SERVER is defined in the above traces and since its not in the default Fedora configuration, the statement in the initial report about no settings having been modified is obviously not correct. It is becoming difficult for me to figure out what's actually true here. If sync had been mentioned earlier things would have made much more sense. In any case, I too see that message, but only the first time I run that command. Can you try again with -d and look for additional error output near the end? I see something about sync-timestamp which I will investigate.
OK, the word from upstream is that running --sync directly from the command line is simply broken in 2.6; this should be fixed with 2.7 when it comes out. However, that's merely an unrelated bug. All I can ask is that folks who see hangs and such when sync is enabled turn on debugging (see /etc/sysconfig/denyhosts) and try to get me a proper log from where the sync process starts until the hang so that I can pass it upstream. But I have to reiterate that Fedora can't really help with issues involving sync.
Well, upstream patched me a patch for the --sync thing. It really should be in a different ticket since its not at all related, but I did commit the patch and made a scratch build: http://koji.fedoraproject.org/koji/taskinfo?taskID=921550 This seems to work for me. I'm not sure that the issue is sufficiently significant to warrant an update and there are additional changes there which are in the F10 package but not the F9 one. If you want to test it out, feel free.
This has affected me as well.. I pasted several debug logs on an upstream bug report but haven't seen any response. https://sourceforge.net/tracker2/?func=detail&aid=1892802&group_id=131204&atid=720419
All I can do at this point is to reiterate that I do not recommend that anyone use sync. Perhaps if we had an open source sync server we could debug these issues from both ends, but that's not happening. If there is truly no debug output generated when the daemon hangs (or exits) then the only thing I can suggest without digging into the code and inserting more debugging output is to run the whole thing under strace until it hangs. But that would consume a tonne of disk space and still might not actually show anything useful. I suppose I can patch the default config file to recommend not uncommenting the SYNC_SERVER line and add some explanatory language to README.Fedora, but that's hardly worth issuing an update over.
Well, of the two unrelated issues raised in this ticket, one has been fixed in rawhide and the other isn't fixable on Fedora's end. The rawhide package has added language strongly discouraging the use of sync. At this point, that's all I can do.