The pfSense Store

Author Topic: Finish my Denyhosts package [$20]  (Read 20898 times)

0 Members and 1 Guest are viewing this topic.

Offline thetoaster

  • Newbie
  • *
  • Posts: 2
  • Karma: +0/-0
    • View Profile
Re: Finish my Denyhosts package [$20]
« Reply #30 on: September 22, 2009, 06:49:21 am »
I am getting errors on startup.
I followed the setup in 2nd posting exactly.

Code: [Select]
# /usr/local/etc/rc.d/denyhosts.sh start
Traceback (most recent call last):
  File "/usr/local/bin/denyhosts.py", line 5, in <module>
    import DenyHosts.python_version
ImportError: No module named DenyHosts.python_version

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
  • Karma: +0/-0
    • View Profile
    • TomSchaefer.org
Re: Finish my Denyhosts package [$20]
« Reply #31 on: September 30, 2009, 09:23:45 am »
Were you able to correct the issue, or is this a problem with the script?
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here

Offline newmember

  • Jr. Member
  • **
  • Posts: 29
  • Karma: +0/-0
    • View Profile
Re: Finish my Denyhosts package [$20]
« Reply #32 on: November 16, 2009, 12:43:40 am »
What exactly does this package block?
I want to create a rdr for a server in my DMZ, will this package block all hosts in denyhosts hitting my WAN NIC even though its being redirected to an internal host?
Can I create white and black lists?
Does this package report back to denyhosts with new attack information?

OK I see that this is blocking all traffic from the denyhosts lists.
$ pfctl -s all | grep ssh
block drop in log quick proto tcp from <sshlockout> to any port = ssh label "sshlockout"
Should this only block port 22?


Thanks

I'm not sure if this would have been some help.
http://www.mail-archive.com/denyhosts-user@lists.sourceforge.net/msg00360.html
« Last Edit: November 16, 2009, 01:06:12 am by newmember »

Offline xternal

  • Newbie
  • *
  • Posts: 21
  • Karma: +1/-0
    • View Profile
Re: Finish my Denyhosts package [$20]
« Reply #33 on: December 09, 2009, 07:37:01 am »
I got this working, what i had to do was remove the most current version of python (2.5_51 or what ever it is), and install this exact version

http://forum.pfsense.org/index.php/topic,18948.msg100099.html#msg100099

Then i followed these instructions at the top of the thread to get it load.


 
Quote
$ cp /usr/local/share/denyhosts/denyhosts.cfg-dist /usr/local/etc/denyhosts.conf

Then edit /usr/local/etc/denyhosts.conf to set the parameters:

  SECURE_LOG = /var/log/system.log
  BLOCK_SERVICE  = sshd

DenyHosts should  work after that.

However, it still doesnt "work". It loads properly now and runs, but it does not monitor the system.log at all. It says its doing it, but when i test with incorrect logins it does nothing. This seems to be a common issue for others who have it running on pfsense.
« Last Edit: December 09, 2009, 07:39:49 am by xternal »

Offline mcrane

  • Sr. Member
  • ****
  • Posts: 495
  • Karma: +0/-0
    • View Profile
Re: Finish my Denyhosts package [$20]
« Reply #34 on: December 17, 2009, 05:11:32 pm »
I don't like python much if I ever get time to work on this I will write an alternative php script that could run from my 'PHP Service' pfsense package.

Offline tommyboy180

  • Global Moderator
  • Hero Member
  • *****
  • Posts: 976
  • Karma: +0/-0
    • View Profile
    • TomSchaefer.org
Re: Finish my Denyhosts package [$20]
« Reply #35 on: February 10, 2010, 07:46:31 pm »
We can move this to the completed Bounty section. Payment has been made.

Thank you again Mcrane for your work. I had fun working with you.
-Tom Schaefer
SuperMicro 1U 2X Intel pro/1000 Dual Core Intel 2.2 Ghz - 2 Gig RAM
TomSchaefer.org/pfsense
Please support Countryblock | IP-Blocklist | File Browser | Strikeback Here