Tip of the Day

Q: I’ve seen a lot of the following in my DenyHosts log. What the heck is this?

ERROR    regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing 'host' group

A: Ah, yes, DenyHosts. This is a Python script that examines your system logs for failed SSH login attempts. It will add the IP addresses of offending systems to your system’s hosts.deny file, more or less blacklisting them. While this alone probably won’t stop a determined attacker, it will at least stop automated dictionary attacks from cluttering up your system log.

As for the error message, it seems to be complaining that one of the regular expressions that DenyHosts uses to analyze the system logs is missing a little something. Fortunately, you can redefine any of these regexes by appending the appropriate line to your denyhosts.cfg file. For example, to redefine the regex that’s causing this message, you could add a line like this:

FAILED_ENTRY_REGEX7=User (?P<user>.*?) from (::ffff:)?(?P<host>\d{1,3}\.\d{1,3}\.\d{1,3}\.\d{1,3}) not allowed because not listed in AllowUsers

Related Posts Plugin for WordPress, Blogger...

2 thoughts on “Tip of the Day”

  1. I just find it irritating to Google on an error message (or other problem) and find nothing but one endlessly replicated, unanswered Usenet message posing the same question. So if I can spare at least one other person that experience, then I will consider this a successful post.

Comments are closed.