no way to compare when less than two revisions
Differences
This shows you the differences between two versions of the page.
— | denyhosts [2015/06/01 22:06] (current) – created - external edit 127.0.0.1 | ||
---|---|---|---|
Line 1: | Line 1: | ||
+ | ====== Denyhosts ====== | ||
+ | * [[Security]] | ||
+ | |||
+ | Denyhosts is a shell script that looks for SSH dictionary login attempts, and blocks the IP addresses of the abusers. | ||
+ | |||
+ | ==== Setup ==== | ||
+ | |||
+ | Configuration is in ''/ | ||
+ | |||
+ | === Cron Job === | ||
+ | |||
+ | To run as a cron job every 10 minutes, add this to fcrontab: | ||
+ | |||
+ | < | ||
+ | */10 * * * * / | ||
+ | </ | ||
+ | |||
+ | Optionally, you can run it as a daemon with it's own init script. | ||
+ | |||
+ | === Gentoo === | ||
+ | |||
+ | For Gentoo, using syslog-ng, authentication attempts are logged to ''/ | ||
+ | |||
+ | Some changes to the default configuration: | ||
+ | |||
+ | < | ||
+ | SYSLOG_REPORT=YES | ||
+ | </ | ||
+ | |||
+ | === CentOS === | ||
+ | |||
+ | You can run DenyHosts as a daemon in CentOS. | ||
+ | |||
+ | < | ||
+ | |||
+ | === tcp_wrappers === | ||
+ | |||
+ | Be sure to add any IP addresses to ''/ | ||
+ | |||
+ | < | ||
+ | ALL: 1.2.3.4 | ||
+ | </ | ||
+ | |||
+ | === FreeBSD === | ||
+ | |||
+ | < | ||
+ | echo denyhosts_enable=" | ||
+ | echo sshd : / | ||
+ | echo sshd : ALL : allow >> / | ||
+ | touch / | ||
+ | echo syslogd_flags=" | ||
+ | / | ||
+ | </ | ||
+ | |||
+ | === Sample Configuration === | ||
+ | |||
+ | This configuration will block all services that use tcp_wrappers, | ||
+ | |||
+ | < | ||
+ | ############ | ||
+ | SECURE_LOG = / | ||
+ | HOSTS_DENY = / | ||
+ | PURGE_DENY = | ||
+ | BLOCK_SERVICE = ALL | ||
+ | DENY_THRESHOLD_INVALID = 5 | ||
+ | DENY_THRESHOLD_VALID = 5 | ||
+ | DENY_THRESHOLD_ROOT = 1 | ||
+ | DENY_THRESHOLD_RESTRICTED = 1 | ||
+ | WORK_DIR = / | ||
+ | SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES | ||
+ | HOSTNAME_LOOKUP=NO | ||
+ | LOCK_FILE = / | ||
+ | ############ | ||
+ | ADMIN_EMAIL = | ||
+ | SMTP_HOST = localhost | ||
+ | SMTP_PORT = 25 | ||
+ | SMTP_FROM = DenyHosts < | ||
+ | SMTP_SUBJECT = DenyHosts Report | ||
+ | SYSLOG_REPORT=YES | ||
+ | AGE_RESET_VALID=5d | ||
+ | AGE_RESET_ROOT=25d | ||
+ | AGE_RESET_RESTRICTED=25d | ||
+ | AGE_RESET_INVALID=10d | ||
+ | RESET_ON_SUCCESS = yes | ||
+ | ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ########## | ||
+ | DAEMON_LOG = / | ||
+ | DAEMON_SLEEP = 30s | ||
+ | DAEMON_PURGE = 1h | ||
+ | </ |