|
Author: el_kab0ng
Date: 20-03-01 16:34
When running Portsentry with LogChecker in tow, I seem to be getting a weird error when the application tries to write to the "ignore" file...
I might be asking too soon about this, but I figured I'd just throw it out there to see if anyone else has had the same problems:
Mar 19 21:32:15 the portsentry[16447]: attackalert: ERROR: cannot open ignore
+file. Blocking host anyway.
I'm not real sure which file it's trying to open/write to.... anyone got any ideas?
|
|
Reply To This Message
|
|
Author: Dan Langille
Date: 20-03-01 22:27
probably one of the /usr/local/etc/logcheck.* files. Check the permissions. I bet they've changed from the default. logcheck doesn't write to the ignore files. It reads from them. All mine are chmo 600, except logcheck.sh, which is 700. They are chown root:wheel.
|
|
Reply To This Message
|
|
Author: el_kab0ng
Date: 21-03-01 16:21
-rw------- 1 root wheel 998 Mar 18 15:55 logcheck.hacking
-rw------- 1 root wheel 1258 Mar 18 15:55 logcheck.ignore
-rwx------ 1 root wheel 10650 Mar 18 16:01 logcheck.sh
-rw------- 1 root wheel 368 Mar 18 15:55 logcheck.violations
-rw------- 1 root wheel 32 Mar 18 15:55 logcheck.violations.ignore
and yet I still get the "cannot open ignore file, blocking host anyway."
I've had to symlink hosts.deny to hosts.allow due to compilation errors, but that doesn't seem to matter.
|
|
Reply To This Message
|
|
