DenyHosts is a script intended to be run by Linux system administrators to help mitigate SSH server attacks.
Download source code from Sourceforge page and put it in the ~/src folder. Then, untar and install:
# cd ~/src # tar -zxf DenyHosts-2.6.tar.gz # cd DenyHosts-2.6 # python setup.py install
After installing, copy the sample files for the service control script and configuration files:
# cd ~/src # cp daemon-control-dist /etc/init.d/denyhosts # cp denyhosts.cfg-dist /etc/denyhosts.conf
Now, edit the service script and modify the following options of the service file /etc/init.d/denyhosts to be like this:
DENYHOSTS_BIN = "/usr/local/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/denyhosts.pid" DENYHOSTS_CFG = "/etc/denyhosts.conf"
NOTE: If you are installing on Centos, all you need to change is the DENYHOSTS_CFG option.
Then, open the configuration file /etc/denyhosts.conf and edit the following options:
SECURE_LOG = /var/log/auth.log LOCK_FILE = /var/denyhosts.pid DAEMON_LOG = /var/log/denyhosts.log
Optionally, you can edit the default threshold settings and set them to whatever you want:
####################################################################### # # DENY_THRESHOLD_INVALID: block each host after the number of failed login # attempts has exceeded this value. This value applies to invalid # user login attempts (eg. non-existent user accounts) # DENY_THRESHOLD_INVALID = 5 # ####################################################################### ####################################################################### # # DENY_THRESHOLD_VALID: block each host after the number of failed # login attempts has exceeded this value. This value applies to valid # user login attempts (eg. user accounts that exist in /etc/passwd) except # for the "root" user # DENY_THRESHOLD_VALID = 10 # ####################################################################### ####################################################################### # # DENY_THRESHOLD_ROOT: block each host after the number of failed # login attempts has exceeded this value. This value applies to # "root" user login attempts only. # DENY_THRESHOLD_ROOT = 1 # ####################################################################### ####################################################################### # # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed # login attempts has exceeded this value. This value applies to # usernames that appear in the WORK_DIR/restricted-usernames file only. # DENY_THRESHOLD_RESTRICTED = 1 # #######################################################################
It is recommended to keep the default threshold values for root and restricted users.
Finally, make the service run at boot:
# update-rc.d denyhosts defaults
If you are installing on Centos, run:
# chkconfig --add denyhosts
IMPORTANT: Make sure you add some IPs to the /etc/hosts.allow file before starting the
service.
Once you add your allowed IPs to /etc/hosts.allow, start the service:
# service denyhosts start