Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
Denyhosts Cron Daemon Email [Solved]
View unanswered posts
View posts from last 24 hours

 
Reply to topic    Gentoo Forums Forum Index Networking & Security
View previous topic :: View next topic  
Author Message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Mon Jan 12, 2015 11:04 am    Post subject: Denyhosts Cron Daemon Email [Solved] Reply with quote

Hi All

I have Denyhosts running on a Gentoo machine, which appears to be working, I get regular notification on blocked hosts. I am getting the following email every 10 minutes to the root email account.

DenyHosts could not obtain lock (pid: 22818)
[Errno 17] File exists: '/var/run/denyhosts.pid'

Not sure how to fix it so the email stop coming through every 10 minutes and fills up the log file.

Thanks in Advance
_________________
Gentoo Newbie


Last edited by D0zer on Fri Jan 16, 2015 11:25 am; edited 1 time in total
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Jan 12, 2015 11:20 am    Post subject: Re: Denyhosts Cron Daemon Email Reply with quote

D0zer wrote:
Code:
DenyHosts could not obtain lock (pid: 22818)
[Errno 17] File exists: '/var/run/denyhosts.pid'

D0zer ... such an error suggest that the service is being started by some process (every 10 minutes) but that as there is already a denyhost running and so it can't create a lock/pidfile. So, how it it run?

best ... khay
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Mon Jan 12, 2015 12:02 pm    Post subject: Reply with quote

Thank's for the reply khay

I am running it as per the FAQ at http://denyhosts.sourceforge.net/faq.html#1_17

# Lauch daemon
/etc/init.d/denyhosts start

Would it be better to setup up Cron to run it every 10 mins ?

Thank again.
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Mon Jan 12, 2015 5:57 pm    Post subject: Reply with quote

D0zer wrote:
I am running it as per the FAQ at http://denyhosts.sourceforge.net/faq.html#1_17. Would it be better to setup up Cron to run it every 10 mins?

D0zer ... you're welcome. Its probably fine to run from /etc/init.d ... I don't think running it from cron will resolve the issue as my suspicion is that the problem is with the logrotate script provided. Can you confirm you're using logrotate?

best ... khay
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Tue Jan 13, 2015 12:34 pm    Post subject: Reply with quote

Hi khay

I checked on the server, I do see a logrotate.conf in the /etc folder.
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Jan 13, 2015 6:35 pm    Post subject: Reply with quote

D0zer wrote:
I checked on the server, I do see a logrotate.conf in the /etc folder.

D0zer ... ok, then can you check that /etc/logrotate.conf has 'weekly' set? Also can you check that /var/log/denyhosts is created (and rotated ... and at what interval)? I'll assume here the logrotation is working ... so you might replace /etc/logrotate.d/denyhosts with the following (make a backup elsewhere first):

Code:
/var/log/denyhosts {
    missingok
    notifempty
    create 0640 root root
    sharedscripts
    postrotate
    /etc/init.d/denyhosts reload > /dev/null 2>&1 || true
    endscript
}

Then add the following to /etc/init.d/denyhosts

Code:
extra_started_commands="reload"

reload() {
   checkconfig || return $?
   ebegin "Reloading ${SVCNAME}"
   start-stop-daemon --signal HUP --pidfile /var/run/denyhosts.pid
   eend $?
}

I'm not sure this will fix the issue, in fact I'm not 100% sure what is causing this to occur ever 10 minutes, but something seems to be restarting the service so lets assume that logrotate is at fault.

best ... khay
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Tue Jan 13, 2015 7:05 pm    Post subject: Reply with quote

Thanks Khay

For interest sake, the etc/logrotate.d/denyhosts file is as follows
Code:

/var/log/denyhosts {
   missingok
   notifempty
   create 0640 root root
   sharedscripts
   postrotate
      test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true
      test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true
   endscript
}


Could the line
Code:
test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true
      test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true
be causing this restart every 10 minutes do you think?

I have changed the files as recommended bellow and will provide feedback later.

Thanks for your help so far Khay
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Tue Jan 13, 2015 7:17 pm    Post subject: Reply with quote

Unfortunately the emails are still coming through after making bellow changes.

Code:
DenyHosts could not obtain lock (pid: 1991)
[Errno 17] File exists: '/var/run/denyhosts.pid'


If I understand denyhosts correctly it scans the log file every 10 minutes and blocks IPs that have multiple failed attempts to log in.

Is denyhosts a good script to use to block ip's with failed login attempts or is there a better alternative? Denyhosts does seem to be working, all the time I get notifications that IP's have been blocked.
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Tue Jan 13, 2015 7:35 pm    Post subject: Reply with quote

D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated? As I said I have no idea what is restarting it, when you say "it scans the log file every 10 minutes and blocks failed attempts" then this can only mean its the service itself is the cause of the error ... why, I don't know, perhaps something set in /etc/denyhosts.conf?

best ... khay
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Fri Jan 16, 2015 11:14 am    Post subject: Update Reply with quote

Hi Khay

Thank you for your assistance so far.
Quote:
D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated?
From what I can see in the logrotate.conf the rotation is weekly.

I had a look in /etc/crontab. The following entries are in there :
Code:
*/10  *  * * *  root    test -x /usr/sbin/run-crons && /usr/sbin/run-crons
*/10  *  * * *  root    /usr/bin/denyhosts.py -c /etc/denyhosts.conf


If I recall I was following http://www.gentoo-wiki.info/SSH/DenyHosts, instead of running it as a Dameon or a Crontab I am running it as both.

If denyhosts is started as /etc/init.d/denyhosts start and the crontab tries to run it every 10 min that would explain the error on the email from the crontab dameon if I understand correctly.
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6228
Location: Room 101

PostPosted: Fri Jan 16, 2015 11:19 am    Post subject: Re: Update Reply with quote

D0zer wrote:
I had a look in /etc/crontab. The following entries are in there :
Code:
*/10  *  * * *  root    test -x /usr/sbin/run-crons && /usr/sbin/run-crons
*/10  *  * * *  root    /usr/bin/denyhosts.py -c /etc/denyhosts.conf

If I recall I was following http://www.gentoo-wiki.info/SSH/DenyHosts, instead of running it as a Dameon or a Crontab I am running it as both. If denyhosts is started as /etc/init.d/denyhosts start and the crontab tries to run it every 10 min that would explain the error on the email from the crontab dameon if I understand correctly.

D0zer ... correct, you're running it from both /etc/init.d and cron ... hence the /var/run/denyhosts.pid error. I'm not sure what the best method of running denyhosts is (as I don't use it), but you can't run from both.

best ... khay
Back to top
View user's profile Send private message
D0zer
n00b
n00b


Joined: 28 Jul 2013
Posts: 46
Location: South Africa

PostPosted: Fri Jan 16, 2015 11:24 am    Post subject: [Solved] Reply with quote

Thank's for your help Khay. I might try both (just not together) and see which one works the best.
_________________
Gentoo Newbie
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Networking & Security All times are GMT
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum