/usr/sbin/denyhosts is in denyhosts 2.10-2.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 192 193 194 195 196 197 198 199 200 201 202 203 204 205 206 207 208 209 210 211 212 213 214 215 216 217 218 219 220 221 222 223 224 225 226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 251 252 | #!/usr/bin/python
import os
import platform
import sys
sys.path.insert(0, '/usr/share/denyhosts')
import DenyHosts.python_version
import getopt
from getopt import GetoptError
import traceback
from DenyHosts.util import die, setup_logging, is_true
from DenyHosts.lockfile import LockFile
from DenyHosts.prefs import Prefs
from DenyHosts.version import VERSION
from DenyHosts.deny_hosts import DenyHosts
from DenyHosts.denyfileutil import Purge, PurgeIP, Migrate, UpgradeTo099
from DenyHosts.constants import *
from DenyHosts.sync import Sync
#################################################################################
def usage():
print "Usage:"
print "%s [-f logfile | --file=logfile] [ -c configfile | --config=configfile] [-i | --ignore] [-n | --noemail] [--purge] [--purge-all] [--purgeip=ip] [--migrate] [--daemon] [--sync] [--version]" % sys.argv[0]
print
print
print " --config: The pathname of the configuration file"
print " --file: The name of log file to parse"
print " --ignore: Ignore last processed offset (start processing from beginning)"
print " --noemail: Do not send an email report"
print " --unlock: if lockfile exists, remove it and run as normal"
print " --migrate: migrate your HOSTS_DENY file so that it is suitable for --purge"
print " --purge: expire entries older than your PURGE_DENY setting"
print " --purge-all: expire all entries"
print " --purgeip: expire designated IP entry immediately"
print " --daemon: run DenyHosts in daemon mode"
print " --foreground: run DenyHosts in foreground mode"
print " --sync: run DenyHosts synchronization mode"
print " --version: Prints the version of DenyHosts and exits"
print
print "Note: multiple --file args can be processed. ",
print "If multiple files are provided, --ignore is implied"
print
print "Note: multiple --purgeip arguments can be processed. "
print
print "When run in --daemon mode the following flags are ignored:"
print " --file, --purge, --purge-all, --purgeip, --migrate, --sync, --verbose"
#################################################################################
#################################################################################
if __name__ == '__main__':
logfiles = []
purgeip_list = []
config_file = CONFIG_FILE
ignore_offset = 0
noemail = 0
verbose = 0
migrate = 0
purge = 0
purge_all = 0
sync_mode = 0
daemon = 0
foreground = 0
enable_debug = 0
purgeip = 0
upgrade099 = 0
unlock = 0
args = sys.argv[1:]
try:
(opts, getopts) = getopt.getopt(args, 'f:c:dinuvps?hV',
["file=", "ignore", "verbose", "debug",
"help", "noemail", "config=", "version",
"migrate", "purge", "purge-all", "purgeip", "daemon", "foreground",
"unlock", "sync", "upgrade099"])
except GetoptError:
print "\nInvalid command line option detected."
usage()
sys.exit(1)
for opt, arg in opts:
if opt in ('-h', '-?', '--help'):
usage()
sys.exit(0)
if opt in ('-f', '--file'):
logfiles.append(arg)
if opt in ('-i', '--ignore'):
ignore_offset = 1
if opt in ('-n', '--noemail'):
noemail = 1
if opt in ('-v', '--verbose'):
verbose = 1
if opt in ('-d', '--debug'):
enable_debug = 1
if opt in ('-c', '--config'):
config_file = arg
if opt in ('-m', '--migrate'):
migrate = 1
if opt in ('-p', '--purge'):
purge = 1
if opt in ('-s', '--sync'):
sync_mode = 1
if opt in ('-s', '--unlock'):
unlock = 1
if opt == '--daemon':
daemon = 1
if opt == '--foreground':
foreground = 1
if opt == '--purge-all':
purge_all = 1
if opt == '--purgeip':
purgeip_list.append(arg)
purgeip = 1
if opt == '--upgrade099':
upgrade099 = 1
if opt == '--version':
print "DenyHosts version:", VERSION
sys.exit(0)
# This is generally expected to be in the environment, but there's no
# non-hackish way to get systemd to set it, so just hack it in here.
os.environ['HOSTNAME'] = platform.node()
prefs = Prefs(config_file)
first_time = 0
try:
os.makedirs(prefs.get('WORK_DIR'))
first_time = 1
except Exception, e:
if e[0] != 17:
print e
sys.exit(1)
setup_logging(prefs, enable_debug, verbose, daemon)
if not logfiles or daemon:
logfiles = [prefs.get('SECURE_LOG')]
elif len(logfiles) > 1:
ignore_offset = 1
if not prefs.get('ADMIN_EMAIL'): noemail = 1
lock_file = LockFile(prefs.get('LOCK_FILE'))
if unlock:
if os.path.isfile( prefs.get('LOCK_FILE') ):
lock_file.remove()
lock_file.create()
if upgrade099 and not (daemon or foreground):
if not prefs.get('PURGE_DENY'):
lock_file.remove()
die("You have supplied the --upgrade099 flag, however you have not set PURGE_DENY in your configuration file")
else:
u = UpgradeTo099(prefs.get("HOSTS_DENY"))
if migrate and not (daemon or foreground):
if not prefs.get('PURGE_DENY'):
lock_file.remove()
die("You have supplied the --migrate flag however you have not set PURGE_DENY in your configuration file.")
else:
m = Migrate(prefs.get("HOSTS_DENY"))
# clear out specific IP addresses
if purgeip and not daemon:
if len(purgeip_list) < 1:
lock_file.remove()
die("You have provided the --purgeip flag however you have not listed any IP addresses to purge.")
else:
try:
p = PurgeIP(prefs,
purgeip_list)
except Exception, e:
lock_file.remove()
die(str(e))
# Try to purge old records without any delay
if purge_all and not daemon:
purge_time = 1
try:
p = Purge(prefs, purge_time)
except Exception, e:
lock_file.remove()
die(str(e))
if purge and not (daemon or foreground):
purge_time = prefs.get('PURGE_DENY')
if not purge_time:
lock_file.remove()
die("You have provided the --purge flag however you have not set PURGE_DENY in your configuration file.")
else:
try:
p = Purge(prefs,
purge_time)
except Exception, e:
lock_file.remove()
die(str(e))
try:
for f in logfiles:
dh = DenyHosts(f, prefs, lock_file, ignore_offset,
first_time, noemail, daemon, foreground)
except KeyboardInterrupt:
pass
except SystemExit, e:
pass
except Exception, e:
traceback.print_exc(file=sys.stdout)
print "\nDenyHosts exited abnormally"
if sync_mode and not (daemon or foreground):
if not prefs.get('SYNC_SERVER'):
lock_file.remove()
die("You have provided the --sync flag however your configuration file is missing a value for SYNC_SERVER.")
sync_upload = is_true(prefs.get("SYNC_UPLOAD"))
sync_download = is_true(prefs.get("SYNC_DOWNLOAD"))
if not sync_upload and not sync_download:
lock_file.remove()
die("You have provided the --sync flag however your configuration file has SYNC_UPLOAD and SYNC_DOWNLOAD set to false.")
try:
sync = Sync(prefs)
if sync_upload:
timestamp = sync.send_new_hosts()
if sync_download:
new_hosts = sync.receive_new_hosts()
if new_hosts:
# MMR: What is 'info' here?
info("received new hosts: %s", str(new_hosts))
sync.get_denied_hosts()
sync.update_hosts_deny(new_hosts)
sync.xmlrpc_disconnect()
except Exception, e:
lock_file.remove()
die("Error synchronizing data", e)
# remove lock file on exit
lock_file.remove()
|