1

So I recently setup denyhosts for my personal server, and it's working fine, except for the fact that it seems to be processing every single cron session, rather than just external accesses.

End result is that /var/log/auth.log is full of entries such as:

Feb 26 06:31:01 webhost CRON[11899]: pam_unix(cron:session): session opened for user root by (uid=0)
Feb 26 06:31:01 webhost CRON[11899]: pam_unix(cron:session): session closed for user root

Is there a way to have denyhosts either ignore these, or at least not log them? They just fill up the log file and make it harder to spot items of interest, especially since I have a cron-task that needs to run very frequently.

I'm using the default configuration as provided by apt-get install denyhosts on Ubuntu Server 16.04.

Haravikk
  • 267
  • 4
  • 12
  • 1
    Those messages have nothing to do with denyhosts. They are perfectly normal logging of cron sessions. If you don't like them, you could add a rsyslog fragment to suppress them? – Zoredache Mar 03 '17 at 23:13
  • @Zoredache *facepalms* I never even thought; I just assumed it was a file `denyhosts` itself created, didn't realise it actually just read it. So I've added a file to `/etc/rsyslog.d` with the following rule `:programname, isequal, "CRON" ~`. Now, is it worth posting an answer, or should I close the issue? – Haravikk Mar 05 '17 at 08:16
  • Yes, you should consider self posting that as an answer. – Zoredache Mar 05 '17 at 08:56

1 Answers1

0

So as Zoredache correctly pointed out, the cron-related messages in /var/log/auth.log have nothing to do with denyhosts itself (which merely monitors the log).

To prevent these messages from being logged my solution was to create a file /etc/rsyslog.d/10-cron.conf with the following contents:

:programname, isequal, "CRON" ~

This prevents the cron-related messages from being logged entirely. If you'd prefer to log them elsewhere, then replace the tilde (~) with a path to a log file (e.g- /var/log/cron.log).

Haravikk
  • 267
  • 4
  • 12