View previous topic :: View next topic |
Author |
Message |
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Mon Jan 12, 2015 11:04 am Post subject: Denyhosts Cron Daemon Email [Solved] |
|
|
Hi All
I have Denyhosts running on a Gentoo machine, which appears to be working, I get regular notification on blocked hosts. I am getting the following email every 10 minutes to the root email account.
DenyHosts could not obtain lock (pid: 22818)
[Errno 17] File exists: '/var/run/denyhosts.pid'
Not sure how to fix it so the email stop coming through every 10 minutes and fills up the log file.
Thanks in Advance _________________ Gentoo Newbie
Last edited by D0zer on Fri Jan 16, 2015 11:25 am; edited 1 time in total |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Jan 12, 2015 11:20 am Post subject: Re: Denyhosts Cron Daemon Email |
|
|
D0zer wrote: | Code: | DenyHosts could not obtain lock (pid: 22818)
[Errno 17] File exists: '/var/run/denyhosts.pid' |
|
D0zer ... such an error suggest that the service is being started by some process (every 10 minutes) but that as there is already a denyhost running and so it can't create a lock/pidfile. So, how it it run?
best ... khay |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Mon Jan 12, 2015 12:02 pm Post subject: |
|
|
Thank's for the reply khay
I am running it as per the FAQ at http://denyhosts.sourceforge.net/faq.html#1_17
# Lauch daemon
/etc/init.d/denyhosts start
Would it be better to setup up Cron to run it every 10 mins ?
Thank again. _________________ Gentoo Newbie |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Mon Jan 12, 2015 5:57 pm Post subject: |
|
|
D0zer ... you're welcome. Its probably fine to run from /etc/init.d ... I don't think running it from cron will resolve the issue as my suspicion is that the problem is with the logrotate script provided. Can you confirm you're using logrotate?
best ... khay |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Tue Jan 13, 2015 12:34 pm Post subject: |
|
|
Hi khay
I checked on the server, I do see a logrotate.conf in the /etc folder. _________________ Gentoo Newbie |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Jan 13, 2015 6:35 pm Post subject: |
|
|
D0zer wrote: | I checked on the server, I do see a logrotate.conf in the /etc folder. |
D0zer ... ok, then can you check that /etc/logrotate.conf has 'weekly' set? Also can you check that /var/log/denyhosts is created (and rotated ... and at what interval)? I'll assume here the logrotation is working ... so you might replace /etc/logrotate.d/denyhosts with the following (make a backup elsewhere first):
Code: | /var/log/denyhosts {
missingok
notifempty
create 0640 root root
sharedscripts
postrotate
/etc/init.d/denyhosts reload > /dev/null 2>&1 || true
endscript
} |
Then add the following to /etc/init.d/denyhosts
Code: | extra_started_commands="reload"
reload() {
checkconfig || return $?
ebegin "Reloading ${SVCNAME}"
start-stop-daemon --signal HUP --pidfile /var/run/denyhosts.pid
eend $?
} |
I'm not sure this will fix the issue, in fact I'm not 100% sure what is causing this to occur ever 10 minutes, but something seems to be restarting the service so lets assume that logrotate is at fault.
best ... khay |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Tue Jan 13, 2015 7:05 pm Post subject: |
|
|
Thanks Khay
For interest sake, the etc/logrotate.d/denyhosts file is as follows
Code: |
/var/log/denyhosts {
missingok
notifempty
create 0640 root root
sharedscripts
postrotate
test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true
test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true
endscript
}
|
Could the line Code: | test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true
test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true | be causing this restart every 10 minutes do you think?
I have changed the files as recommended bellow and will provide feedback later.
Thanks for your help so far Khay _________________ Gentoo Newbie |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Tue Jan 13, 2015 7:17 pm Post subject: |
|
|
Unfortunately the emails are still coming through after making bellow changes.
Code: | DenyHosts could not obtain lock (pid: 1991)
[Errno 17] File exists: '/var/run/denyhosts.pid' |
If I understand denyhosts correctly it scans the log file every 10 minutes and blocks IPs that have multiple failed attempts to log in.
Is denyhosts a good script to use to block ip's with failed login attempts or is there a better alternative? Denyhosts does seem to be working, all the time I get notifications that IP's have been blocked. _________________ Gentoo Newbie |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Tue Jan 13, 2015 7:35 pm Post subject: |
|
|
D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated? As I said I have no idea what is restarting it, when you say "it scans the log file every 10 minutes and blocks failed attempts" then this can only mean its the service itself is the cause of the error ... why, I don't know, perhaps something set in /etc/denyhosts.conf?
best ... khay |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Fri Jan 16, 2015 11:14 am Post subject: Update |
|
|
Hi Khay
Thank you for your assistance so far.
Quote: | D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated? | From what I can see in the logrotate.conf the rotation is weekly.
I had a look in /etc/crontab. The following entries are in there :
Code: | */10 * * * * root test -x /usr/sbin/run-crons && /usr/sbin/run-crons
*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf
|
If I recall I was following http://www.gentoo-wiki.info/SSH/DenyHosts, instead of running it as a Dameon or a Crontab I am running it as both.
If denyhosts is started as /etc/init.d/denyhosts start and the crontab tries to run it every 10 min that would explain the error on the email from the crontab dameon if I understand correctly. _________________ Gentoo Newbie |
|
Back to top |
|
|
khayyam Watchman
Joined: 07 Jun 2012 Posts: 6227 Location: Room 101
|
Posted: Fri Jan 16, 2015 11:19 am Post subject: Re: Update |
|
|
D0zer wrote: | I had a look in /etc/crontab. The following entries are in there :
Code: | */10 * * * * root test -x /usr/sbin/run-crons && /usr/sbin/run-crons
*/10 * * * * root /usr/bin/denyhosts.py -c /etc/denyhosts.conf |
If I recall I was following http://www.gentoo-wiki.info/SSH/DenyHosts, instead of running it as a Dameon or a Crontab I am running it as both. If denyhosts is started as /etc/init.d/denyhosts start and the crontab tries to run it every 10 min that would explain the error on the email from the crontab dameon if I understand correctly. |
D0zer ... correct, you're running it from both /etc/init.d and cron ... hence the /var/run/denyhosts.pid error. I'm not sure what the best method of running denyhosts is (as I don't use it), but you can't run from both.
best ... khay |
|
Back to top |
|
|
D0zer n00b
Joined: 28 Jul 2013 Posts: 46 Location: South Africa
|
Posted: Fri Jan 16, 2015 11:24 am Post subject: [Solved] |
|
|
Thank's for your help Khay. I might try both (just not together) and see which one works the best. _________________ Gentoo Newbie |
|
Back to top |
|
|
|