Linux Operating System - Debian, Ubuntu, Fedora, Gentoo, Arch

DenyHosts

Submitted by ggarron on Mon, 01/29/2007 - 22:35

Whenever you need to left open the port 22 for ssh you machine from every where,but want to prevent Dictionary attacks, you can use DenyHosts to stay protected

First thing you need as DenyHost runs as a python script, is to be sure you python installed.

On Ubuntu or debian

apt-get install python wget

then get DenyHosts itself from its page.

here,
or if using Debian or Ubuntu you can just enter:

apt-get install denyhosts

and go directly to edit the configuration file, if you want to have it from the source, follow to the next step.

tar xvzf DenyHosts-2.6.tar.gz

cd DenyHosts-2.6

python setup.py install

Now, you should configure to fit your needs, first copy the conf file example

cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg

Now edit the denyhosts.cfg

vi /usr/share/denyhosts/denyhosts.cfg

and make sure you have this two options how your distro of Linux needs

    SECURE_LOG = /var/log/auth.log

    LOCK_FILE = /var/run/denyhosts.pid

The above example is for Debian / Ubuntu, etc.

Here you have how should be for some of other Linux distributions

# Redhat or Fedora Core:
#SECURE_LOG = /var/log/secure
#
# Mandrake, FreeBSD or OpenBSD:
#SECURE_LOG = /var/log/auth.log
#
# SuSE:
#SECURE_LOG = /var/log/messages

Now make it possible for DenyHosts to run as a daemon

cd /usr/share/denyhosts
cp daemon-control-dist daemon-control
vi daemon-control

Make sure this is like your distro needs

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"

PYTHON_BIN      = "/usr/bin/env python"

for Ubuntu / Debian you should change the

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts.pid"

Make sure the root owns the daemon-control file, and the permissions are 700

chown root:root daemon-control

chmod 700 daemon-control

Now lets creat the link for the daemon-control script

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
/etc/init.d/denyhosts start

In RedHat Distributions you should do.

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig --add denyhosts && chkconfig denyhosts on
service denyhosts start

Add new comment

Submitted by Optical Migrane (not verified) on Thu, 02/12/2009 - 01:18. #

I think it is very useful for deny hosts....but actually to say i didnt understand much....anyways all the best..
OpticalMigrane

Submitted by Anthony Hildoer (not verified) on Mon, 07/21/2008 - 16:52. #

I have automated the install of DenyHost. Get the script here: http://www.hildoersystems.com/index.php/tutorials/security/36-security-t...

Submitted by Anonymous (not verified) on Fri, 04/11/2008 - 10:08. #

Thank's.... is very good and simple....

Submitted by xLaM (not verified) on Thu, 05/17/2007 - 07:41. #

Thak's for tutorial.

Submitted by Amadsss (not verified) on Thu, 01/15/2009 - 04:58. #

DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.

Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.

An email report can be sent to a system admin.

[Edited because of spam]