Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 141708

Summary: SECURE_LOG macro has incorrect value in /etc/denyhosts.conf
Product: Gentoo Linux Reporter: Clark <Cgable2003>
Component: Current packagesAssignee: Gentoo Linux bug wranglers <bug-wranglers>
Status: RESOLVED NEEDINFO    
Severity: normal    
Priority: High    
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description Clark 2006-07-25 07:55:20 UTC 
In denyhosts version 2.5  the file /etc/denyhosts.conf has the line:
SECURE_LOG = /var/log/messages
It should read
SECURE_LOG = /var/log/pwdfail/current

This is easy for an experienced user to fix, but for a newbie, they probably couldn't fix this, and the package would be useless for them.
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2006-07-25 08:36:30 UTC 
Don't know what logger are you using, but there's no such thing like /var/log/pwdfail/current here w/ syslog-ng (hardened or not).
Comment 2 Clark 2006-07-26 06:49:10 UTC 
I have checked 3 gentoo boxes, they all have a file /var/log/pwdfail/current

Here are the contents from one server:

Jul 25 09:46:58 [sshd(pam_unix)] authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=192.168.200.98  user=root
Jul 25 09:47:01 [sshd] error: PAM: Authentication failure for root from 192.168.200.98
Jul 25 17:08:31 [sshd] Invalid user a from ::ffff:70.169.74.73
Jul 25 17:08:31 [sshd] Invalid user b from ::ffff:70.169.74.73
Jul 25 17:08:32 [sshd] Invalid user c from ::ffff:70.169.74.73
Jul 25 17:08:33 [sshd] Invalid user d from ::ffff:70.169.74.73

70.169.74.73 is somebody from Atlanta who was trying to hack into my machine. denyhost parsed this file, and added them to /etc/hosts.deny

:) I love denyhosts  :)