Configuring denyhost on Mac OSX 10.6

| | Comments (2)

I had some trouble configuring denyhost on my Mac OS X 10.6 (user) machine as the instructions on the website @ http://www.denyhosts.net/faq.html#macos were wrong. Here is the correct configuration for denyhosts.cfg:

denyhosts.cfg

# Mac OS X (v10.4 or greater - 
#   also refer to:   http://www.denyhosts.net/faq.html#macos
# SECURE_LOG = /private/var/log/asl.log
# SSHD_FORMAT_REGEX=.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM: (?P.*?)\].*?

# Mac OS X (v10.6 or greater - 
#   - reversion to standard log format. No need to do log regex parsing.
SECURE_LOG = /var/log/secure.log


# zip down a bit to the bottom:

#this work_dir worked for me, it's where the python install script added it:

WORK_DIR = /usr/share/denyhosts/data

#this lock_file worked for me although I had to create the directory:

LOCK_FILE = /var/lock/subsys/denyhosts

and then for the file [daemon-control]:

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN   = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"

PYTHON_BIN      = "/usr/bin/env python"

Hope this helps! This is only really necessary if your Mac is on the internet with a static IP and not behind a firewall or NAT router. 99.9% of home machines are ok because they are hidden behind NAT routers, it's mostly academic machines that are in danger.

There's also some configuration to get the daemon to auto-start when the Mac boots up. I haven't gotten that worked out 100%. When I do, I'll post instructions here. Feel free to login using your facebook or other credentials to leave comments.

2 Comments

denyhosts works! Check out this log:

Jun 12 13:54:57 kyoto sshd[83867]: Invalid user lcc from 208.70.77.236
Jun 12 13:54:58 kyoto sshd[83869]: Invalid user shift from 208.70.77.236
Jun 12 13:55:06 kyoto sshd[83877]: Invalid user operator from 208.70.77.236
Jun 12 13:55:07 kyoto sshd[83883]: Invalid user bin from 208.70.77.236
Jun 12 13:55:09 kyoto sshd[83887]: Invalid user webmaster from 208.70.77.236
Jun 12 13:55:11 kyoto sshd[83891]: Invalid user deng from 208.70.77.236
Jun 12 13:55:13 kyoto sshd[83897]: refused connect from 208.70.77.236
Jun 13 09:47:13 kyoto sshd[1509]: refused connect from 123.13.201.202
Jun 13 11:40:05 kyoto loginwindow[64]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Jun 13 11:40:05 kyoto _spotlight[3161]: audit warning: soft /var/audit
Jun 13 11:40:05 kyoto _spotlight[3162]: audit warning: allsoft
Jun 13 11:40:05 kyoto _spotlight[3164]: audit warning: closefile /var/audit/20110612041251.20110613154005
Jun 13 14:47:51 kyoto loginwindow[64]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Jun 13 14:47:51 kyoto karen[5949]: audit warning: allsoft
Jun 13 14:47:51 kyoto karen[5951]: audit warning: closefile /var/audit/20110613154005.20110613184751
Jun 13 14:47:51 kyoto karen[5950]: audit warning: soft /var/audit
Jun 13 18:24:08 kyoto sshd[9357]: refused connect from 202.143.145.37
Jun 14 07:03:21 kyoto sshd[20446]: Did not receive identification string from 200.58.203.85
Jun 14 07:14:58 kyoto sshd[20605]: Did not receive identification string from 200.58.203.85
Jun 14 11:27:23 kyoto sshd[24294]: refused connect from 60.216.12.25

After I installed it, I've gone to zilch hacker attacks. Yay!

Now if only I can find a good spam filter for MovableTYpe so that I can allow anonymous comments again. :-(

Here are additional config instructions for denyhost on Mac OS 10.6:


http://think.random-stuff.org/posts/denyhosts-on-mac-os-x

http://heath.hrsoftworks.net/archives/000263.html

Leave a comment

New!: You can sign in using your Facebook, Google, OpenID, mixi, Yahoo, MovableType, or other third-party authentication system.


Type the characters you see in the picture above.

Monthly Archives

Sponsored Links

Powered by Movable Type 5.11

Sponsored by

 

Search

Sponsored Links

About this Entry

This page contains a single entry by Karen Nakamura published on June 11, 2011 11:53 PM.

Hacker attacks as well! was the previous entry in this blog.

Intel SSD in my Mac Book Pro -- superfast speed is the next entry in this blog.

Find recent content on the main index or look in the archives to find all content.

September 2013

Sun Mon Tue Wed Thu Fri Sat
1 2 3 4 5 6 7
8 9 10 11 12 13 14
15 16 17 18 19 20 21
22 23 24 25 26 27 28
29 30