Introduction
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).Installation and Configuration
Download and install denyhosts
Go to http://pkgs.repoforge.org/denyhosts/ and download http://pkgs.repoforge.org/denyhosts/denyhosts-2.6-5.el6.rf.noarch.rpmwget http://pkgs.repoforge.org/denyhosts/denyhosts-2.6-5.el6.rf.noarch.rpm
Install package with following command.
rpm -ivh denyhosts-2.6-5.el6.rf.noarch.rpm
Configure known hosts or the network that do not rely on deny hosts. This means all the host on 192.168.1.0/24 boycott the hostdenys. If any host on 192.168.1.0/24 network types wrong password that host won't get blocked.
echo "SSHD: 192.168.1." >> /etc/hosts.allow
Restart the services with command below
/etc/init.d/denyhosts restartVerify the denyhosts is running
ps ax | grep denyhostSettings can be changed on /etc/denyhosts/denyhosts.cfg
PURGE_DENY = defines the deny_hosts entries to be purged after certain time.# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
# when DenyHosts is invoked with the --purge flag
#
# format is: i[dhwmy]
# Where 'i' is an integer (eg. 7)
# 'm' = minutes
# 'h' = hours
# 'd' = days
# 'w' = weeks
# 'y' = years
#
# never purge:
DENY_THRESHOLD_INVALID = 5
# DENY_THRESHOLD_INVALID: block each host after the number of failed login
# attempts has exceeded this value. This value applies to invalid
# user login attempts (eg. non-existent user accounts)
ADMIN_EMAIL=
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report
Verify current hosts.deny list
cat /etc/hosts.deny
Try ssh login with wrong password for 5 times
Now host entry can be seen on hosts.deny list
0 comments:
Post a Comment