Denyhosts Not Logging To /var/log/messages

hello

yesterday i setup denyhosts on a suse10 box, everything seemed to go fine except for the last 25 hours as of this post nothing is being logged into /var/log/messages. Niether successfull or un-successfull attempts are getting logged, in fact absolutley nothing has been logged.

SECURE_LOG setting in denyhosts.cfg

Quote:

#
# SuSE:
SECURE_LOG = /var/log/messages
#
[/b]

it doesnt seem right that nothing at all is being logged (or not being logged )
if anyone could provide some insight that would be great.

btw; i followed these intructions for the install.
http://www.howtoforge.com/preventing_ssh_d..._with_denyhosts

Thank You!

i use denyhosts as well. i used the same tutorial. i'm running it on suse 10.1 though. i have had no problems.

have you made sure that denyhosts service is running?

also, ruduce your login attemps in sshd.conf to 3 instead of the default 5-6.

i take it you have checked your hostdeny file and nothing is in there?



one note. even though denyhosts works for me using port 22 as my ssh port...what really cuts down on the hack attemps is changing your port number to something else like 9922. i ran mine like this for awhile and the hack atemps completely stopped.

Quote:

i use denyhosts as well. i used the same tutorial. i'm running it on suse 10.1 though. i have had no problems.

have you made sure that denyhosts service is running?

also, ruduce your login attemps in sshd.conf to 3 instead of the default 5-6.

i take it you have checked your hostdeny file and nothing is in there?
one note. even though denyhosts works for me using port 22 as my ssh port...what really cuts down on the hack attemps is changing your port number to something else like 9922. i ran mine like this for awhile and the hack atemps completely stopped.
[/b]

hmmm, like the reply option quotes right away ......anyway.

heathenx......thanks for the reply !

denyhosts service was not running this morning, so i did "chkconfig denyhosts on" and the service has been runnning all day. Still nothing logged. But the server did sync to download more ips' from denyhosts.net (859 new ips') and that was before i turned the service on. :blink:

"MaxAuthTries" is at 2, i did do some tweaking in "sshd_config" file previously before installing denyhotst. As well as changing the port to ssh, im wondering whats best, iv'e read to set the port as low as the low 1000's, and as high as 60000. it would be nice to know which ports are best

i'm pretty sure i dont have two instances of denyhosts running, iv'e been up and down the FAQ at the denyhosts site.

btw: that 859 new ips' downloaded, are they supposed to automatically be added to "hosts.deny"?

thanks for the help !!
red

Quote:

btw: that 859 new ips' downloaded, are they supposed to automatically be added to "hosts.deny"? [/b]

good question. i don't know. i don't get a blacklist of ip's denyhosts.net. i just manage the half a dozen ip's that get logged when attempting tp crack into my box.

Quote:

As well as changing the port to ssh, im wondering whats best, iv'e read to set the port as low as the low 1000's, and as high as 60000. it would be nice to know which ports are best.[/b]

9922 is easy for me to remember. personally, i don't think it matters much.

i will tell you this much. i emailed the owner of denyhosts (http://denyhosts.sourceforge.net/) and asked several questions. he responded right away. if you have specific denyhost questions...who better to ask?

Quote:

good question. i don't know. i don't get a blacklist of ip's denyhosts.net. i just manage the half a dozen ip's that get logged when attempting tp crack into my box. [/b]

yea, maybe i can turn of the sync process for now........859 ip's might cover my **** for a while

Quote:

9922 is easy for me to remember. personally, i don't think it matters much.[/b]

ok...cool

Quote:

i will tell you this much. i emailed the owner of denyhosts (http://denyhosts.sourceforge.net/) and asked several questions. he responded right away. if you have specific denyhost questions...who better to ask?[/b]

emailed him today, i'll post back with whatever the solution was, if any.

Heathen - Thanks for the replies !

Red

you're welcome.

i'm sorry i haven't been much help. lately i have been busy in the evenings and i haven't been posting from my desktop/server with denyhosts running. for all i know denyhosts stopped working for me and i'm under the illusion that it works great...ha.