====== Denyhosts ======

  * [[Security]]

Denyhosts is a shell script that looks for SSH dictionary login attempts, and blocks the IP addresses of the abusers.

==== Setup ====

Configuration is in ''/etc/denyhosts.cfg''

=== Cron Job ===

To run as a cron job every 10 minutes, add this to fcrontab:

<code>
*/10 * * * * /usr/bin/denyhosts.py -c /etc/denyhosts.conf
</code>

Optionally, you can run it as a daemon with it's own init script.  The settings for the poller are in the configuration file.  Defaults are to check every 30 seconds.

=== Gentoo ===

For Gentoo, using syslog-ng, authentication attempts are logged to ''/var/log/messages''

Some changes to the default configuration:

<code>
SYSLOG_REPORT=YES
</code>

=== CentOS ===

You can run DenyHosts as a daemon in CentOS.  Edit ''daemon-control'', and fix the default locations for the ''denyhosts.cfg'' file as well as the path to ''python''.  Set the file as executable plus accessible only by root, then copy it to ''/etc/init.d/denyhosts'' and finally set it as a service.

<code>chkconfig denyhosts on</code>

=== tcp_wrappers ===

Be sure to add any IP addresses to ''/etc/hosts.allow'' that you want whitelisted.

<code>
ALL: 1.2.3.4
</code>

=== FreeBSD ===

<code>
echo denyhosts_enable="YES" >> /etc/rc.conf
echo sshd : /etc/hosts.deniedssh : deny >> /etc/hosts.allow
echo sshd : ALL : allow >> /etc/hosts.allow
touch /etc/hosts.deniedssh
echo syslogd_flags="-c" >> /etc/rc.conf
/usr/local/etc/rc.d/denyhosts start
</code>

=== Sample Configuration ===

This configuration will block all services that use tcp_wrappers, and will send an email report everytime new entries are added.

<code>
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 
BLOCK_SERVICE = ALL
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 5
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /var/run/denyhosts.pid
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = 
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@digitaltrike.com>
SMTP_SUBJECT = DenyHosts Report
SYSLOG_REPORT=YES
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
RESET_ON_SUCCESS = yes
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
</code>