[{"data":1,"prerenderedAt":395},["ShallowReactive",2],{"Categories":3,"NavIndexCategoriesCountFooter":203,"content-\u002F2008\u002F07\u002F21\u002Fpatching-denyhosts-to-allow-correct-plugin-reporting\u002F":204},[4,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66,68,70,71,73,74,75,76,77,78,79,80,81,82,83,84,85,86,87,88,89,90,91,92,93,94,95,96,97,98,99,100,101,102,103,104,105,106,107,108,109,110,111,112,113,114,115,116,117,118,119,120,121,122,123,124,125,126,127,128,129,130,131,132,133,134,135,136,137,139,140,141,142,143,144,145,146,147,148,149,150,151,152,153,154,155,156,157,159,160,161,162,163,164,165,166,167,168,169,170,171,172,173,174,175,176,177,178,179,180,182,183,184,185,186,187,188,189,190,191,192,193,194,195,196,197,198,199,200,201,202],{"category":5},"System Administration",{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},"Software Development",{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":27},{"category":27},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":5},{"category":27},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":27},{"category":27},{"category":67},"Drones & RC",{"category":69},"DIY Projects",{"category":67},{"category":72},"Photography",{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":69},{"category":67},{"category":69},{"category":69},{"category":67},{"category":67},{"category":72},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":5},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":5},{"category":67},{"category":67},{"category":72},{"category":72},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":67},{"category":72},{"category":67},{"category":138},"3D Printing - Laser Cutting - CNC",{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":138},{"category":5},{"category":138},{"category":27},{"category":27},{"category":138},{"category":138},{"category":72},{"category":158},"Photography,3D Printing - Laser Cutting - CNC",{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":5},{"category":67},{"category":5},{"category":5},{"category":27},{"category":27},{"category":27},{"category":27},{"category":27},{"category":69},{"category":27},{"category":27},{"category":27},{"category":27},{"category":181},"Home Assistant",{"category":181},{"category":72},{"category":27},{"category":27},{"category":72},{"category":138},{"category":5},{"category":72},{"category":72},{"category":138},{"category":27},{"category":181},{"category":181},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},{"category":72},191,{"id":205,"title":206,"body":207,"category":5,"date":379,"description":380,"embedImage":381,"extension":382,"image":381,"intro":381,"meta":383,"navigation":384,"path":385,"seo":386,"series":381,"sitemap":387,"stem":388,"tags":389,"__hash__":394},"content\u002F2008\u002F07\u002F21\u002Fpatching-denyhosts-to-allow-correct-plugin-reporting.md","Patching denyhosts to allow correct plugin reporting",{"type":208,"value":209,"toc":376},"minimark",[210,224,232,241,244,247,262,265,268,271,274,277,280,283,294,297,303,306,309,312,315,318,324,342,345,352,358,361,364,367,370],[211,212,213,214],"p",{},"This is a copy of an article I have recently had published on ",[215,216,223],"a",{"href":217,"rel":218,"target":222},"http:\u002F\u002Fwww.debian-administration.org\u002Farticles\u002F608",[219,220,221],"nofollow","noopener","noreferer","_blank","www.debian-administration.org",[211,225,226,227,231],{},"Imagine you have denyhosts installed and it is adding new attackers to ",[228,229,230],"em",{},"\u002Fetc\u002Fhosts.deny",". Wouldn't it be great to inform the relevant people so that some action could be taken?  With the right plugin that is possible, but there is a problem with the default reporting that we'll explain here.",[211,233,234,235,240],{},"That's what ",[215,236,239],{"href":237,"rel":238,"target":222},"http:\u002F\u002Fpanthersoftware.com\u002Farticles\u002Fview\u002F5\u002Fautomatically-report-all-ssh-brute-force-attacks-to-isps",[219,220,221],"Automatically Report all SSH Brute Force Attacks to ISPs"," is all about. It grabs the IP, does some whois\u002Flookup magic and sends off some e-mails.",[211,242,243],{},"So I installed it and left it running. This morning I find that one IP has hit and been correctly sent (and a reply received thanking me for the info and informing that the host has been closed down). Great! But - what's this - another 58 IPs were also reported to the plugin - causing a further 127 mails to go out. What's going on?",[211,245,246],{},"###Finding the bug",[211,248,249,250,255,256,261],{},"First hit - the ",[215,251,254],{"href":252,"rel":253,"target":222},"http:\u002F\u002Fwww.debian.org\u002FBugs\u002F",[219,220,221],"Debian Bug Tracker",". Here we find ",[215,257,260],{"href":258,"rel":259,"target":222},"http:\u002F\u002Fbugs.debian.org\u002Fcgi-bin\u002Fbugreport.cgi?bug=430449",[219,220,221],"bug #430449"," - over a year old but the correct symptom.",[211,263,264],{},"Having filed a follow-up I took a look at the code of denyhosts itself - and found a suspicious looking call to the deny plugin.",[211,266,267],{},"Finally - a trawl through the upstream bug tracker to find the same issue there.",[211,269,270],{},"###Patching the system",[211,272,273],{},"OK - so - it's a bug, and its an upstream bug. That's good - it means that we can have a hope of a fix. But - we need to fix our own system in the meantime.",[211,275,276],{},"You could just edit the python file directly - but - what if you have several systems running this version of denyhosts?",[211,278,279],{},"Let's build a Debian package containing the fix.",[211,281,282],{},"####Step 1 - grab the source",[284,285,290],"pre",{"className":286,"code":288,"language":289},[287],"language-text","apt-get source denyhosts\n","text",[291,292,288],"code",{"__ignoreMap":293},"",[211,295,296],{},"####Step 2 - make sure we have the build dependencies",[284,298,301],{"className":299,"code":300,"language":289},[287],"apt-get build-dep denyhosts\n",[291,302,300],{"__ignoreMap":293},[211,304,305],{},"####Step 3 - Patch the source",[211,307,308],{},"Make the code changes you want",[211,310,311],{},"####Step 4 - Update changelog file for version",[211,313,314],{},"You need to update the version so that new versions\u002Fsecurity updates etc will still work. The version is stored in debian\u002Fchangelog as the first line.",[211,316,317],{},"I added:",[284,319,322],{"className":320,"code":321,"language":289},[287],"denyhosts (2.6-1etch1chris1) stable; urgency=low\n\n  * Local build for fix to 430449\n\n-- Chris Searle <chris@example.org>  Thu, 17 Jul 2008 11:06:15 +0200\n",[291,323,321],{"__ignoreMap":293},[211,325,326,329,330,333,334,337,338,341],{},[228,327,328],{},"2.6-1etch1chris1"," is a later version than ",[228,331,332],{},"2.6-1etch1"," (the current version) and an earlier version than ",[228,335,336],{},"2.6-1etch2"," or ",[228,339,340],{},"2.6-2"," which are the likely next version numbers.",[211,343,344],{},"####Step 5 - Build",[211,346,347,348,351],{},"In the root of the package directory structure that was created by the call to ",[291,349,350],{},"apt-get source"," run the following:",[284,353,356],{"className":354,"code":355,"language":289},[287],"dpkg-buildpackage -uc -us -rfakeroot\n",[291,357,355],{"__ignoreMap":293},[211,359,360],{},"The -uc and -us are to prevent signing - we are not the package maintainer.",[211,362,363],{},"The -rfakeroot allows us to run as non-root.",[211,365,366],{},"####Step 6 - Install",[211,368,369],{},"There should be a new .deb file one directory up - mine is called denyhosts_2.6-1etch1chris1_all.deb",[284,371,374],{"className":372,"code":373,"language":289},[287],"dpkg -i denyhosts_2.6-1etch1chris1_all.deb\n",[291,375,373],{"__ignoreMap":293},{"title":293,"searchDepth":377,"depth":377,"links":378},2,[],"2008-07-21 12:16:40 +0200","This is a copy of an article I have recently had published on www.debian-administration.org",null,"md",{},true,"\u002F2008\u002F07\u002F21\u002Fpatching-denyhosts-to-allow-correct-plugin-reporting",{"title":206,"description":380},{"loc":385},"2008\u002F07\u002F21\u002Fpatching-denyhosts-to-allow-correct-plugin-reporting",[390,391,392,393],"debian","denyhosts","abuse","dpkg-buildpackage","GNNMps8zhpXz0WxtgFscULizy-pbRRYSVuZa-9y1MUM",1775293014690]