I had some trouble configuring denyhost on my Mac OS X 10.6 (user) machine as the instructions on the website @ http://www.denyhosts.net/faq.html#macos were wrong. Here is the correct configuration for denyhosts.cfg:
denyhosts.cfg # Mac OS X (v10.4 or greater - # also refer to: http://www.denyhosts.net/faq.html#macos # SECURE_LOG = /private/var/log/asl.log # SSHD_FORMAT_REGEX=.* \[Sender sshd\] \[PID \d*\] \[Message .* PAM: (?P.*?)\].*? # Mac OS X (v10.6 or greater - # - reversion to standard log format. No need to do log regex parsing. SECURE_LOG = /var/log/secure.log # zip down a bit to the bottom: #this work_dir worked for me, it's where the python install script added it: WORK_DIR = /usr/share/denyhosts/data #this lock_file worked for me although I had to create the directory: LOCK_FILE = /var/lock/subsys/denyhosts
and then for the file [daemon-control]:
############################################### #### Edit these to suit your configuration #### ############################################### DENYHOSTS_BIN = "/usr/local/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" PYTHON_BIN = "/usr/bin/env python"
Hope this helps! This is only really necessary if your Mac is on the internet with a static IP and not behind a firewall or NAT router. 99.9% of home machines are ok because they are hidden behind NAT routers, it's mostly academic machines that are in danger.
There's also some configuration to get the daemon to auto-start when the Mac boots up. I haven't gotten that worked out 100%. When I do, I'll post instructions here.
Feel free to login using your facebook or other credentials to leave comments.
denyhosts works! Check out this log:
Jun 12 13:54:57 kyoto sshd[83867]: Invalid user lcc from 208.70.77.236
Jun 12 13:54:58 kyoto sshd[83869]: Invalid user shift from 208.70.77.236
Jun 12 13:55:06 kyoto sshd[83877]: Invalid user operator from 208.70.77.236
Jun 12 13:55:07 kyoto sshd[83883]: Invalid user bin from 208.70.77.236
Jun 12 13:55:09 kyoto sshd[83887]: Invalid user webmaster from 208.70.77.236
Jun 12 13:55:11 kyoto sshd[83891]: Invalid user deng from 208.70.77.236
Jun 12 13:55:13 kyoto sshd[83897]: refused connect from 208.70.77.236
Jun 13 09:47:13 kyoto sshd[1509]: refused connect from 123.13.201.202
Jun 13 11:40:05 kyoto loginwindow[64]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Jun 13 11:40:05 kyoto _spotlight[3161]: audit warning: soft /var/audit
Jun 13 11:40:05 kyoto _spotlight[3162]: audit warning: allsoft
Jun 13 11:40:05 kyoto _spotlight[3164]: audit warning: closefile /var/audit/20110612041251.20110613154005
Jun 13 14:47:51 kyoto loginwindow[64]: in pam_sm_authenticate(): Failed to determine Kerberos principal name.
Jun 13 14:47:51 kyoto karen[5949]: audit warning: allsoft
Jun 13 14:47:51 kyoto karen[5951]: audit warning: closefile /var/audit/20110613154005.20110613184751
Jun 13 14:47:51 kyoto karen[5950]: audit warning: soft /var/audit
Jun 13 18:24:08 kyoto sshd[9357]: refused connect from 202.143.145.37
Jun 14 07:03:21 kyoto sshd[20446]: Did not receive identification string from 200.58.203.85
Jun 14 07:14:58 kyoto sshd[20605]: Did not receive identification string from 200.58.203.85
Jun 14 11:27:23 kyoto sshd[24294]: refused connect from 60.216.12.25
After I installed it, I've gone to zilch hacker attacks. Yay!
Now if only I can find a good spam filter for MovableTYpe so that I can allow anonymous comments again. :-(
Here are additional config instructions for denyhost on Mac OS 10.6:
http://think.random-stuff.org/posts/denyhosts-on-mac-os-x
http://heath.hrsoftworks.net/archives/000263.html