# Trying to install denyhosts for FreeBSD 11.2



## prospectbox (Feb 12, 2019)

Friends,

I'm just a couple of days new to FreeBSD via DigitalOcean and this is my very first post after joining these forums.  Glad to meet you all!

(forgive me, this is a long question)

I'm reading various websites about FreeBSD best practices and part of that is securing the server.  I have installed Denyhosts on Linux before and have it set it up to start again after reboot.  I've been trying to do the same on my new FreeBSD droplet.

First Attempt:

I tried to do that same thing as I did on linux: copy the DenyHosts-2.6.tar file on my machine, untar it, run the Denyhosts-2.6/setup.py script, then follow the instructions in README.txt for configuring the service.  All went well and it worked.

I was not able to get the service working with /etc/rc.conf to restart after reboot.  I ended up with a /usr/local/etc/rc.d/denyhosts file like (please ignore the debug echo message):


```
#!/bin/sh

# PROVIDE: denyhosts
# REQUIRE: LOGIN
# KEYWORD: shutdown

. /etc/rc.subr

name="denyhosts"
rcvar="denyhosts_enable"

load_rc_config ${name}

command_interpreter="/usr/local/bin/python2.7"
command="/usr/local/sbin/denyhosts"

: ${denyhosts_enable="NO"}
: ${denyhosts_pidfile="/var/run/denyhosts.pid"}

echo "/usr/local/etc/rc.d/denyhosts (name) (command) (parameter) : (${name}) (${command}) (${1})"
## $command $1

command_args="$1"

run_rc_command "$1"
```

It seems that `run_rc_command` wants to handle start, stop, etc.  Denyhosts has a Python script for this, and I couldn't get these service commands to work... which lead me to:

Second Attempt:

There's a very brief howto here: (http://www.xfiles.dk/guide-on-how-to-install-denyhosts-on-freebsd/) which installs Denyhosts via ports and seemed much simpler.  So I did a `sudo portsnap fetch` followed by `sudo portsnap extract`, then changed directory to `/usr/ports/security/denyhosts`.  Finally, per the howto, I ran `sudo make install clean BATCH=yes`, but am now facing an error I can't figure out:


```
...
====> Compressing man pages (compress-man)
===> Staging rc.d startup script(s)
===>  Installing for denyhosts-2.6_7
===>  Checking if denyhosts is already installed
===>   Registering installation for denyhosts-2.6_7
Installing denyhosts-2.6_7...
pkg-static: Fail to create temporary file: /usr/local/lib/python2.7/site-packages/DenyHosts-2.6-py2.7.egg-info/.PKG-INFO.0q1huG3bKw1P:Not a directory
cp: /usr/local/etc/denyhosts.conf.sample: No such file or directory
pkg-static: POST-INSTALL script failed
*** Error code 70

Stop.
make: stopped in /usr/ports/security/denyhosts
```

I was hoping someone with FreeBSD 11.2 having experience setting up Denyhosts might be able to point me to the best way to install/configure this software.  I know "ports" is the official way, but I seemed very close with my first attempt.

Thanks in advance!


----------



## bjs (Feb 12, 2019)

I have no experience with DigitalOcean or Deny Hosts but just a thought (and I could be completely off base here), did you remove everything from the first attempt at the install before you tried using ports???? The only reason I ask is because of the first error message from the port build:



prospectbox said:


> pkg-static: Fail to create temporary file: /usr/local/lib/python2.7/site-packages/DenyHosts-2.6-py2.7.egg-info/.PKG-INFO.0q1huG3bKw1P:Not a directory



I have run across this error when the file is already present... Even though when building from ports it checks for a pervious install, when manually installed there is no record of the install in the database that tracks such things...

Check and see if that file is already present on the system, if it is, delete it and try to install it from ports again...


----------



## prospectbox (Feb 12, 2019)

Cheers!, you're my first reply.  

... and that fixed it!  I just rebooted and it came up as a running service.  Perfect!

I think I must have tried ports before I knew to run the `portsnap` commands.  I was fumbling with this for two days before finding portsnap.

It really was as easy as the HowTo link instructions once I removed the existing ports attempt.

Thank you sir!


----------



## bjs (Feb 13, 2019)

Glad I could help and that you got it running...


----------



## Max212 (Feb 13, 2019)

Did you try to check sshguard?
To my knowledge from FreeBSD12 there is built in tool called blacklistd which protects against bruteforce attacks on SSH.


----------



## SirDice (Feb 13, 2019)

prospectbox said:


> I've been trying to do the same on my new FreeBSD droplet.


security/denyhosts


----------



## unAmygdala (Feb 24, 2019)

SirDice said:


> security/denyhosts


Rather cryptic there, Sir Dice.  I understand security/denyhosts is still good.


----------

