Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 236756

Summary: app-admin/denyhosts - default denyhosts.conf assumes Gentoo uses app-admin/syslog-ng
Product: Gentoo Linux Reporter: sfullenwider
Component: Current packagesAssignee: Thomas Anderson (tanderson) (RETIRED) <tanderson>
Status: RESOLVED WONTFIX    
Severity: normal CC: darkside, jer
Priority: High Keywords: NeedPatch
Version: unspecified   
Hardware: All   
OS: Linux   
Whiteboard:
Package list:
Runtime testing required: ---

Description sfullenwider 2008-09-04 22:37:23 UTC 
I have not made any interesting changes to my sshd configuration about where it should post invalid user login attempts.  They end up in /var/log/syslog

denyhosts.conf has this in it:
# Gentoo/SuSE:
#SECURE_LOG = /var/log/messages

Nothing about invalid user login attempts is in my /var/log/messages

it is in /var/log/auth.log and in /var/log/syslog

if /var/log/messages is not the default place for Gentoo it should not be marked as such.


Reproducible: Always
Comment 1 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2008-09-05 04:32:43 UTC 
Isn't the point of a config file to allow you to specify such things? such as where to log? I'm not seeing a bug here.

What is the whole path to denyhosts.conf and what package does it belong too? You can find out with 'equery b denyhosts.conf' or similar.

thanks.
Comment 2 sfullenwider 2008-09-05 17:24:42 UTC 
app-admin/denyhosts

The handbook does not explicitly state to use syslog-ng.  However in the code section on 9.a. it says 'emerge syslog-ng' which is why I have been using syslog-ng.  I suspect that the vast majority of people who do not do fancy things or even know that there are multiple syslog daemons to choose from have done the same.  What would be nice, really, I think is to have a comment in there for where each syslog daemon available, or at least the top 3 ones, happens to log the login attempts.  Or another possibility is to check to see which one happens to be running or installed and then change the config accordingly.

But to just imply that Gentoo logs to X is not ideal.  

It's not the end of the world, but a minor improvement that could easily be done.
Comment 3 Jeroen Roovers (RETIRED) gentoo-dev 2008-09-08 03:00:37 UTC 
src-install() has:
     newins denyhosts.cfg-dist denyhosts.conf

In other words, you should probably ask UPSTREAM to change the file.
Comment 4 sfullenwider 2008-09-08 04:54:01 UTC 
(In reply to comment #3)
> src-install() has:
>      newins denyhosts.cfg-dist denyhosts.conf
> 
> In other words, you should probably ask UPSTREAM to change the file.
> 

Or you could patch it as it's Gentoo specific.
Comment 5 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2009-08-01 20:28:41 UTC 
assigning to maintainer
Comment 6 Jeremy Olexa (darkside) (RETIRED) archtester gentoo-dev Security 2010-04-27 15:58:07 UTC 
Hi,
I think the (gentoo)default config is fine here. There are a number of different things going on that makes it near impossible to set examples of defaults. eg. You can define where the logs go in openssh, or the syslogger (syslog-ng, metalog, etc). Given that the handbook suggests to install syslog-ng, I think the default (gentoo)denyhosts.conf is appropriate.

http://sources.gentoo.org/viewcvs.py/gentoo-x86/app-admin/denyhosts/files/denyhosts-2.6-gentoo.patch?rev=1.1&view=markup "SECURE_LOG = /var/log/messages"