The Ubuntu package configures DenyHosts to run in daemon mode, so it is running as root. You could however change this and have cron execute DenyHosts periodically.

Actually, the only hurdle that I see to running this as a different user is the need to have read access to the /var/log/secure.x log files. Since these are usually rolled by the log roller, I wonder if they are deleted and re-created or just overwritten. If overwritten, then it would just be a matter of setting the permissions once (and possibly “touching” as many revisions as will need)… don’t know.

To get around the write to host.deny, one can actually use a different deny file.

Yes it is true the script runs as root. It pretty much has to at some point in order to update /etc/hosts.deny.

I certainly didn’t perform a security review of the code, but I did skim it out of curiosity to see how it works. I’m perfectly fine with running it, as it exists in the official Ubuntu and Debian package repositories. So I’m relying on those communities to have vetted it. It has also been around since at least 2005 or so and is a pretty well known tool.

Since I have installed it, it has blocked 31 attacks in just a few weeks. I’m very grateful for it.

Anyways, I get concerned with scripts that have to run as root (yeah, I know technically, this could be run as a different user, but that could take quite a bit of work to figure out). Have you reviewed this code just to make sure it is “legit”?

I don’t know Python, so just wondering if you’ve taken a look at it. I know, I know, I’m a worry-wort. LOL.