DenyHosts is a python script that parses sshd log files and looks for illegitimate activities. It can then (if sshd is using tcp-wrappers), block the source IP addresses by adding them to /etc/hosts.deny, effectively disabling these attacks. It can be run as a cron job or a daemon, or just run at the discression of the admin. Attached is an ebuild for version 0.9.0, the latest at this time. Also, I have only tested it on x86, although being python, it should work on other architectures as well. Attached as well is a patch which should configure it to be more compliant with a gentoo layout, as well as a gentoo initd script.
Created attachment 64139 [details] DenyHosts-0.9.0.ebuild
Created attachment 64140 [details, diff] DenyHosts-0.9.0-gentoo.patch
Created attachment 64141 [details] denyhosts.rc6
Wow... this guy develops fast... just today, it's jumped from 0.9.0 to 0.9.3... attaching new ebuild and patch files.
Created attachment 64143 [details] DenyHosts-0.9.3.ebuild
Created attachment 64144 [details] DenyHosts-0.9.3-gentoo.patch
The version is now up to 0.9.5, and the patch and ebuild for 0.9.3 will work when renamed.
Created attachment 64170 [details, diff] patch to denyhosts.rc6 to make it more compliant
Same ebuild/patch work for 0.9.6.
The patch no longer works with 0.9.7, also, if I remember right there's a GLEP that says the ebuild filenames shall be all lowercased.
Uhh... are you sure about that? I just copied DenyHosts-0.9.6.ebuild to DenyHosts-0.9.7.ebuild, and files/DenyHosts-0.9.6-gentoo.patch to files/DenyHosts-0.9.7-gentoo.patch and it installed fine... And the reasoning for the capital letters in the ebuild name is because as I understood it it was highly encouraged that your SRC_URI field look like this: SRC_URI="http://download.sourceforge.net/denyhosts/${P}.tar.gz" The package maintainer has been naming his distributed source files DenyHosts-x.y.z.tar.gz, so the naming seemed natural.
It worked for 0.9.9, the website says the current version is 1.0.0, but it is no where to be found at this time. Either way, I'd love to see this into the tree.
Created attachment 66525 [details] denyhosts-1.0.1.ebuild
Created attachment 66526 [details] denyhosts-1.0.1-gentoo.patch
Created attachment 66527 [details] denyhosts.init
I modified DenyHosts-0.9.3.ebuild ebuild and created denyhosts-1.0.1.ebuild. Changes: 1. Removed capital letters in the ebuild 2. Changed the init script I) fixed the dependency. the script needs sshd and logger in order it works properly II) I used start-stop-daemon to start the service (this is the gentoo way) This changes to the init script made the start script "daemon-control-dist" obsolete, so it will not be included anymore. 3. Made changes in the patch to comment out scripts=['denyhosts.py'] in the setup.py file. With that change only the python modules get installed with distutils. The executable is installed with newexe and will be renamed from denyhost.py to denyhosts 4. With the new patch I also changed the default ssh logfile in denyhosts.cfg-dist from /var/log/secure to /var/log/messages 5. I also changed the lock file from /var/lock/subsys/denyhosts to /var/run/denyhosts (this is the gentoo way) Comments welcome.
Please fix the following and reopen: * You can drop the KEYWORDS comment. * ${S}, ${FILESDIR} should be quoted. * No need to dodoc licences.
Created attachment 67135 [details] denyhosts-1.0.1.ebuild
Created attachment 67136 [details] denyhosts.init
Created attachment 67137 [details] denyhosts-1.0.1.ebuild
I made the proposed changes. I also changed the name of the configuration file from denyhosts.cfg to denyhosts.conf and I described a little more in the ebuild what the patch does.
Unfortunatelly I cannot reopen the bug because I am not the owner of this bug. Can someone else do that for me.
(In reply to comment #22) > Unfortunatelly I cannot reopen the bug because I am not the owner of this bug. > Can someone else do that for me. Done.
Unix Review: Tool of the month. http://www.unixreview.com/documents/s=9846/ur0508g/ur0508g.html
I've been using this ebuild on stable x86 for a few weeks now, at least. I rev-bumped it to denyhosts-1.0.2, but other than that I made no changes. It's working great for me. irasnyd@ping ~ $ emerge info Portage 2.0.51.22-r2 (default-linux/x86/2005.0, gcc-3.3.5-20050130, glibc-2.3.5-r1, 2.6.11-gentoo-r6 i686) ================================================================= System uname: 2.6.11-gentoo-r6 i686 AMD Duron(tm) Processor Gentoo Base System version 1.6.13 ccache version 2.3 [enabled] dev-lang/python: 2.3.5 sys-apps/sandbox: 1.2.12 sys-devel/autoconf: 2.13, 2.59-r6 sys-devel/automake: 1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6 sys-devel/binutils: 2.15.92.0.2-r10 sys-devel/libtool: 1.5.18-r1 virtual/os-headers: 2.6.11-r2 ACCEPT_KEYWORDS="x86" AUTOCLEAN="yes" CBUILD="i686-pc-linux-gnu" CFLAGS="-march=athlon -mmmx -m3dnow -O2 -fomit-frame-pointer -pipe" CHOST="i686-pc-linux-gnu" CONFIG_PROTECT="/etc /usr/kde/2/share/config /usr/kde/3/share/config /usr/share/config /var/qmail/alias /var/qmail/control /var/vpopmail/domains /var/vpopmail/etc" CONFIG_PROTECT_MASK="/etc/gconf /etc/terminfo /etc/env.d" CXXFLAGS="-march=athlon -mmmx -m3dnow -O2 -fomit-frame-pointer -pipe" DISTDIR="/usr/portage/distfiles" FEATURES="autoconfig ccache distlocks sandbox sfperms strict" GENTOO_MIRRORS="http://gentoo.ccccom.com ftp://gentoo.ccccom.com http://gentoo.gg3.net/" MAKEOPTS="-j2" PKGDIR="/usr/portage/packages" PORTAGE_TMPDIR="/var/tmp" PORTDIR="/usr/portage" PORTDIR_OVERLAY="/usr/local/portage" SYNC="rsync://rsync.namerica.gentoo.org/gentoo-portage" USE="x86 alsa apache2 berkdb crypt fbcon fbdev gd gdbm gettext gif gpm imap ipalias ipv6 java javascript jpeg libwww maildir memlimit mmx mysql ncurses nptl pam pdflib perl png python readline slang spell sse ssl tcpd threads tiff truetype usb xml xml2 userland_GNU kernel_linux elibc_glibc" Unset: ASFLAGS, CTARGET, LANG, LC_ALL, LDFLAGS, LINGUAS
> I've been using this ebuild on stable x86 for a few weeks now, at least. I > rev-bumped it to denyhosts-1.0.2, but other than that I made no changes. Ditto. Using on both ~x86 and x86 since 8/1. Have been version bumping the newest revisions of the ebuilds. Thanks!
A few things: * Is ">dev-lang/python-2.3" really correct? This means that python-2.3 is no good but python-2.3-r1 is fine... * I don't think you need the dodir before the keepdir. * ${FILESDIR} is missing quotes in src_install.
> * Is ">dev-lang/python-2.3" really correct? This means that python-2.3 is no > good but python-2.3-r1 is fine... Should probably be >=, but 2.3.4-r1 is the earliest version in portage. I think it is nitpicking > * I don't think you need the dodir before the keepdir. > * ${FILESDIR} is missing quotes in src_install. Good catches.
Yup, it's nit picking. That's part of my job. Gotta remove all the nits before it can be tagged as reviewed, it'll make things easier for whoever takes the bug. Another nit: too many blank lines between variables!
Created attachment 67695 [details] denyhosts-1.0.2.ebuild
Created attachment 67696 [details] denyhosts-gentoo.patch
(In reply to comment #27) > A few things: > > * Is ">dev-lang/python-2.3" really correct? This means that python-2.3 is no > good but python-2.3-r1 is fine... > * I don't think you need the dodir before the keepdir. > * ${FILESDIR} is missing quotes in src_install. OK I made these changes. I also changed the following: 1. I quoted $S in src_unpack 2. I changed the name of the pach since that gentoo-specific patch will work on all 1.0.* versions of denyhosts I am happy that you are so nitpicking, that improves my ebuild-writing skills. Comments are always welcome.
Latest ebuild does not put anything in /etc/init.d : --snip-- copying build/lib/DenyHosts/regex.py -> /var/tmp/portage/denyhosts-1.0.2/image/usr/lib/python2.4/site-packages/DenyHosts copying build/lib/DenyHosts/allowedhosts.py -> /var/tmp/portage/denyhosts-1.0.2/image/usr/lib/python2.4/site-packages/DenyHosts cp: cannot stat `/usr/local/portage/net-misc/denyhosts/files/denyhosts.init': No such file or directory install: cannot stat `/var/tmp/portage/denyhosts-1.0.2/temp/denyhosts': No such file or directory --snip--
(In reply to comment #33) > Latest ebuild does not put anything in /etc/init.d : > > --snip-- > copying build/lib/DenyHosts/regex.py > -> /var/tmp/portage/denyhosts-1.0.2/image/usr/lib/python2.4/site-packages/DenyHosts > copying build/lib/DenyHosts/allowedhosts.py > -> /var/tmp/portage/denyhosts-1.0.2/image/usr/lib/python2.4/site-packages/DenyHosts > cp: cannot stat `/usr/local/portage/net-misc/denyhosts/files/denyhosts.init': > No such file or directory > install: cannot stat `/var/tmp/portage/denyhosts-1.0.2/temp/denyhosts': No such > file or directory > --snip-- did you actually download the denyhost.init file (see attachment above) and put it into the files directory?
(In reply to comment #34) Sorry, I missed it, hidden among the older attachments. My bad
Is this ebuild ready for stable now? With the continuous ssh attacks this becomes quite necessary...
(In reply to comment #36) > Is this ebuild ready for stable now? With the continuous ssh attacks this > becomes quite necessary... I am running it more than a month stable on a production system. Works flawlessly.
Created attachment 69978 [details] denyhosts-1.1.2.ebuild New ebuild for new denyhosts version.
Created attachment 69979 [details] denyhosts-gentoo.patch New patch that works with version 1.1.2.
Glad to find this ebuild here. Dumb question: what category would you put this under PORTAGE_OVERLAY ?
(In reply to comment #40) > Glad to find this ebuild here. > > Dumb question: what category would you put this under PORTAGE_OVERLAY ? > In app-admin/denyhosts I suggest.
As a note, the pkg_postinst() information has a typo: In the original version I submitted of the ebuild, I had kept the main script's name as /usr/bin/denyhosts.py. However, people have subsequently changed that file's name to /usr/bin/denyhosts. But, the postinst information still has the ".py" listed in the instructions for cron mode. Thanks to the people who made that hack I threw together more gentoo-ified.
Created attachment 70069 [details] denyhosts-1.1.2.ebuild Fixed the typo at the end of the ebuild. Thanks goes to you for the initial ebuild.
With the latest ebuild, the init script never returns: # /etc/init.d/denyhosts start * Starting DenyHosts daemon ... I can manually put it in the background. Another problem was that I had no hosts.deny file - maybe the ebuild can do "touch /etc/hosts.deny" if the file doesn't exist during the install?
Ignore previous comment about starting - it returns... eventually... just a bit slow.
Created attachment 70081 [details] denyhosts-1.1.2.ebuild This ebuild creates an empty /etc/hosts.deny file if none exists.
Created attachment 70084 [details] denyhosts-1.1.2.ebuild This is the newest denyhost ebuild. Please use this one.
OK, this latest ebuild was a flawless install and the init script is much faster. Excellent.
I've added this to portage. Thanks for all the contributions.