DenyHosts not Sync'ing

Support for security such as Firewalls and securing linux
SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/13 19:16:50

Hi,
I have used DenyHosts a number of times on various installations without a problem, however a new server just refuses to sync. All Internet connectivity is ok, except DenyHosts will not Sync with the RPC server. I have even copied the DenyHosts.conf file over from a working server with no luck...

I am getting the following error:-
2016-03-13 19:04:53,057 - sync : ERROR 'SYNC_PROXY_SERVER'
2016-03-13 19:04:53,057 - sync : ERROR Could not initiate xmlrpc connection

The affected server is a physical Centos 7 server. I have tried starting with the --debug flag to get more info, but the systemctl control doesn't like the extra parameter.
Has anyone else seen this with DenyHosts?

Thanks,
Steve

SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

Re: DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/14 13:31:57

Oh how I 'LOL'd"... The server is a new 1and1 hosted server... Which they sold me with pre-blacklisted IP! :roll:
When trying to relay mail I get a 554 error (Even from 1and1's own relays!) so I guess this is the problem, as I believe the DenyHosts server checks on connection.

SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

Re: DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/22 20:46:47

Ok, so I've finally got 1&1 to issue new server - Yeah not a new IP, but a whole new server!

Anyway, this IP isn't and never was blacklisted and is now relaying email fine, but I'm still getting the XMLRPC errors... Does anyone have any ideas how I can investigate this?

User avatar
TrevorH
Site Admin
Posts: 33202
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: DenyHosts not Sync'ing

Post by TrevorH » 2016/03/22 20:59:40

Do you have any outbound iptables rules? Or a firewall in front of your server that only allows certain ports out?
The future appears to be RHEL or Debian. I think I'm going Debian.
Info for USB installs on http://wiki.centos.org/HowTos/InstallFromUSBkey
CentOS 5 and 6 are deadest, do not use them.
Use the FAQ Luke

SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

Re: DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/23 11:37:42

TrevorH wrote:Do you have any outbound iptables rules? Or a firewall in front of your server that only allows certain ports out?
Outbound traffic is totally unrestricted Trevor, I can telnet to xmlrpc.denyhosts.net:9911 and get the following response:-

Trying 204.9.137.194...
Connected to xmlrpc.denyhosts.net


So it seems to be connecting, it just won sync. My VPS connects fine, I have even taken a direct copy of the denyhosts.conf file with no luck.... The only difference here is that the working server is CentOS 6 (x64) and the non-working is CentOS 7 (x64). Neither has SELinux running.

fwiffo
Posts: 5
Joined: 2016/03/30 19:38:25

Re: DenyHosts not Sync'ing

Post by fwiffo » 2016/03/30 19:45:35

i have the same issue too. you are probably on the same old version as i am:

Code: Select all

rpm -q denyhosts
denyhosts-2.9-4.el7.noarch
if you build from source, using their latest version, you wont have this issue.

https://github.com/denyhosts/denyhosts/releases

but it would be really nice if there was an updated rpm available out there somewhere, though i haven't been able to find it

giulix63
Posts: 1305
Joined: 2014/05/14 10:06:37
Location: UK

Re: DenyHosts not Sync'ing

Post by giulix63 » 2016/03/31 07:24:41

You need to report that to EPEL (epel7), asking for a version update, saying that the current version is no longer functional because it cannot sync with its master server and blah blah blah...
Root is evil: Do not use root (sudo) to run any of the commands specified in my posts unless explicitly indicated. Please, provide the necessary amount of context to understand your problem/question.

SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

Re: DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/31 12:14:19

fwiffo wrote:i have the same issue too. you are probably on the same old version as i am:

Code: Select all

rpm -q denyhosts
denyhosts-2.9-4.el7.noarch
if you build from source, using their latest version, you wont have this issue.

https://github.com/denyhosts/denyhosts/releases

but it would be really nice if there was an updated rpm available out there somewhere, though i haven't been able to find it
Awesome, thanks very much for the info! I'll give it a go. I just tried TCPDUMP on the EPEL version, and it doesn't even TRY to connect so I was going nowhere fast with that!

I'll report back when I have built from the source.

Cheers

SteveH0773
Posts: 7
Joined: 2016/03/13 14:16:21

Re: DenyHosts not Sync'ing

Post by SteveH0773 » 2016/03/31 14:24:01

SteveH0773 wrote:
fwiffo wrote:i have the same issue too. you are probably on the same old version as i am:

Code: Select all

rpm -q denyhosts
denyhosts-2.9-4.el7.noarch
if you build from source, using their latest version, you wont have this issue.

https://github.com/denyhosts/denyhosts/releases

but it would be really nice if there was an updated rpm available out there somewhere, though i haven't been able to find it
Awesome, thanks very much for the info! I'll give it a go. I just tried TCPDUMP on the EPEL version, and it doesn't even TRY to connect so I was going nowhere fast with that!

I'll report back when I have built from the source.

Cheers
Excellent, that works - Thanks fwiffo

I did have to change the sync.py file as that had an error in it, but now that is done all is working!

Thanks again

fwiffo
Posts: 5
Joined: 2016/03/30 19:38:25

Re: DenyHosts not Sync'ing

Post by fwiffo » 2016/04/14 12:54:07

could you describe your change to sync.py because i ended up rebuilding the rpm (download the source rpm) for centos7 and that seemed to be enough. maybe i missed something?

Post Reply