# Denyhosts Cron Daemon Email [Solved]

## D0zer

Hi All

I have Denyhosts running on a Gentoo machine, which appears to be working, I get regular notification on blocked hosts. I am getting the following email every 10 minutes to the root email account.

DenyHosts could not obtain lock (pid: 22818)

[Errno 17] File exists: '/var/run/denyhosts.pid'

Not sure how to fix it so the email stop coming through every 10 minutes and fills up the log file.

Thanks in Advance

----------

## khayyam

 *D0zer wrote:*   

> 
> 
> ```
> DenyHosts could not obtain lock (pid: 22818)
> 
> ...

 

D0zer ... such an error suggest that the service is being started by some process (every 10 minutes) but that as there is already a denyhost running and so it can't create a lock/pidfile. So, how it it run?

best ... khay

----------

## D0zer

Thank's for the reply khay

I am running it as per the FAQ at http://denyhosts.sourceforge.net/faq.html#1_17

# Lauch daemon

/etc/init.d/denyhosts start

Would it be better to setup up Cron to run it every 10 mins ?

Thank again.

----------

## khayyam

 *D0zer wrote:*   

> I am running it as per the FAQ at http://denyhosts.sourceforge.net/faq.html#1_17. Would it be better to setup up Cron to run it every 10 mins?

 

D0zer ... you're welcome. Its probably fine to run from /etc/init.d ... I don't think running it from cron will resolve the issue as my suspicion is that the problem is with the logrotate script provided. Can you confirm you're using logrotate?

best ... khay

----------

## D0zer

Hi khay

I checked on the server, I do see a logrotate.conf in the /etc folder.

----------

## khayyam

 *D0zer wrote:*   

> I checked on the server, I do see a logrotate.conf in the /etc folder.

 

D0zer ... ok, then can you check that /etc/logrotate.conf has 'weekly' set? Also can you check that /var/log/denyhosts is created (and rotated ... and at what interval)? I'll assume here the logrotation is working ... so you might replace /etc/logrotate.d/denyhosts with the following (make a backup elsewhere first):

```
/var/log/denyhosts {

    missingok

    notifempty

    create 0640 root root

    sharedscripts

    postrotate

    /etc/init.d/denyhosts reload > /dev/null 2>&1 || true

    endscript

}
```

Then add the following to /etc/init.d/denyhosts

```
extra_started_commands="reload"

reload() {

   checkconfig || return $?

   ebegin "Reloading ${SVCNAME}"

   start-stop-daemon --signal HUP --pidfile /var/run/denyhosts.pid

   eend $?

}
```

I'm not sure this will fix the issue, in fact I'm not 100% sure what is causing this to occur ever 10 minutes, but something seems to be restarting the service so lets assume that logrotate is at fault.

best ... khay

----------

## D0zer

Thanks Khay

For interest sake, the etc/logrotate.d/denyhosts file is as follows

```

/var/log/denyhosts {

   missingok

   notifempty

   create 0640 root root

   sharedscripts

   postrotate

      test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true

      test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true

   endscript

}

```

Could the line 

```
test -e /run/openrc/softlevel && /etc/init.d/denyhosts restart 1>/dev/null || true

      test -e /run/systemd/system && systemctl restart denyhosts >/dev/null || true
```

 be causing this restart every 10 minutes  do you think?

I have changed the files as recommended bellow and will provide feedback later.

Thanks for your help so far Khay

----------

## D0zer

Unfortunately the emails are still coming through after making bellow changes. 

```
DenyHosts could not obtain lock (pid: 1991)

[Errno 17] File exists: '/var/run/denyhosts.pid'
```

If I understand denyhosts correctly it scans the log file every 10 minutes and blocks IPs that have multiple failed attempts to log in.

Is denyhosts a good script to use to block ip's with failed login attempts or is there a better alternative? Denyhosts does seem to be working, all the time I get notifications that IP's have been blocked.

----------

## khayyam

D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated? As I said I have no idea what is restarting it, when you say "it scans the log file every 10 minutes and blocks failed attempts" then this can only mean its the service itself is the cause of the error ... why, I don't know, perhaps something set in /etc/denyhosts.conf?

best ... khay

----------

## D0zer

Hi Khay

Thank you for your assistance so far.

 *Quote:*   

> D0zer ... I asked if 'weekly' is set in /etc/logrotate.conf ... and are logs generated/rotated?

  From what I can see in the logrotate.conf the rotation is weekly.

I had a look in /etc/crontab. The following entries are in there :

```
*/10  *  * * *  root    test -x /usr/sbin/run-crons && /usr/sbin/run-crons

*/10  *  * * *  root    /usr/bin/denyhosts.py -c /etc/denyhosts.conf

```

If I recall I was following http://www.gentoo-wiki.info/SSH/DenyHosts, instead of running it as a Dameon or a Crontab I am running it as both.

If denyhosts is started as /etc/init.d/denyhosts start and the crontab tries to run it every 10 min that would explain the error on the email from the crontab dameon if I understand correctly.

----------

## khayyam

 *D0zer wrote:*   

> I had a look in /etc/crontab. The following entries are in there :
> 
> ```
> */10  *  * * *  root    test -x /usr/sbin/run-crons && /usr/sbin/run-crons
> 
> ...

 

D0zer ... correct, you're running it from both /etc/init.d and cron ... hence the /var/run/denyhosts.pid error. I'm not sure what the best method of running denyhosts is (as I don't use it), but you can't run from both.

best ... khay

----------

## D0zer

Thank's for your help Khay. I might try both (just not together) and see which one works the best.

----------

