no way to compare when less than two revisions

Differences

This shows you the differences between two versions of the page.


denyhosts [2015/06/01 22:06] (current) – created - external edit 127.0.0.1
Line 1: Line 1:
 +====== Denyhosts ======
  
 +  * [[Security]]
 +
 +Denyhosts is a shell script that looks for SSH dictionary login attempts, and blocks the IP addresses of the abusers.
 +
 +==== Setup ====
 +
 +Configuration is in ''/etc/denyhosts.cfg''
 +
 +=== Cron Job ===
 +
 +To run as a cron job every 10 minutes, add this to fcrontab:
 +
 +<code>
 +*/10 * * * * /usr/bin/denyhosts.py -c /etc/denyhosts.conf
 +</code>
 +
 +Optionally, you can run it as a daemon with it's own init script.  The settings for the poller are in the configuration file.  Defaults are to check every 30 seconds.
 +
 +=== Gentoo ===
 +
 +For Gentoo, using syslog-ng, authentication attempts are logged to ''/var/log/messages''
 +
 +Some changes to the default configuration:
 +
 +<code>
 +SYSLOG_REPORT=YES
 +</code>
 +
 +=== CentOS ===
 +
 +You can run DenyHosts as a daemon in CentOS.  Edit ''daemon-control'', and fix the default locations for the ''denyhosts.cfg'' file as well as the path to ''python'' Set the file as executable plus accessible only by root, then copy it to ''/etc/init.d/denyhosts'' and finally set it as a service.
 +
 +<code>chkconfig denyhosts on</code>
 +
 +=== tcp_wrappers ===
 +
 +Be sure to add any IP addresses to ''/etc/hosts.allow'' that you want whitelisted.
 +
 +<code>
 +ALL: 1.2.3.4
 +</code>
 +
 +=== FreeBSD ===
 +
 +<code>
 +echo denyhosts_enable="YES" >> /etc/rc.conf
 +echo sshd : /etc/hosts.deniedssh : deny >> /etc/hosts.allow
 +echo sshd : ALL : allow >> /etc/hosts.allow
 +touch /etc/hosts.deniedssh
 +echo syslogd_flags="-c" >> /etc/rc.conf
 +/usr/local/etc/rc.d/denyhosts start
 +</code>
 +
 +=== Sample Configuration ===
 +
 +This configuration will block all services that use tcp_wrappers, and will send an email report everytime new entries are added.
 +
 +<code>
 +############ THESE SETTINGS ARE REQUIRED ############
 +SECURE_LOG = /var/log/secure
 +HOSTS_DENY = /etc/hosts.deny
 +PURGE_DENY = 
 +BLOCK_SERVICE = ALL
 +DENY_THRESHOLD_INVALID = 5
 +DENY_THRESHOLD_VALID = 5
 +DENY_THRESHOLD_ROOT = 1
 +DENY_THRESHOLD_RESTRICTED = 1
 +WORK_DIR = /var/lib/denyhosts
 +SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
 +HOSTNAME_LOOKUP=NO
 +LOCK_FILE = /var/run/denyhosts.pid
 +############ THESE SETTINGS ARE OPTIONAL ############
 +ADMIN_EMAIL = 
 +SMTP_HOST = localhost
 +SMTP_PORT = 25
 +SMTP_FROM = DenyHosts <[email protected]>
 +SMTP_SUBJECT = DenyHosts Report
 +SYSLOG_REPORT=YES
 +AGE_RESET_VALID=5d
 +AGE_RESET_ROOT=25d
 +AGE_RESET_RESTRICTED=25d
 +AGE_RESET_INVALID=10d
 +RESET_ON_SUCCESS = yes
 +######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
 +DAEMON_LOG = /var/log/denyhosts
 +DAEMON_SLEEP = 30s
 +DAEMON_PURGE = 1h
 +</code>

Trace:

Navigation
QR Code
QR Code denyhosts (generated for current page)