Install denyhosts under Debian to prevent SSH brute force cracking configuration

DenyHosts is a very useful anti-SSH brute force software that feels simpler and more effective than fail2ban.
Installing denyhosts under Debian is very simple. Direct APT installation can. (The strong place of Debian is what bird thing he can apt-get install)
The screened IP is recorded in the/etc/hosts.deny file and can be viewed at any time.

1, the elimination of SSH login records, to prevent the installation of shielding themselves.

echo "" >/var/log/auth.log

2. Installation DenyHosts

Apt-get Install DenyHosts

2. Edit denyhosts configuration file vi/etc/denyhosts.conf

Secure_log =/var/log/auth.log #SSH日志
Purge_deny = 30m #过多久后清除已阻止IP
Hosts_deny =/etc/hosts.deny #将阻止IP写入到hosts. DENY
Block_service = sshd #禁止的服务名

Deny_threshold_invalid = 1 #允许无效用户登录失败的次数
Deny_threshold_valid = 3 #允许普通用户登录失败的次数
Deny_threshold_root = 3 #允许root登录失败的次数
deny_threshold_restricted = 1 #设定 Deny host writes to the folder
Work_dir =/var/lib/denyhosts #将deny的host或ip纪录到Work_dir中

Suspicious_login_report_allowed_hosts=yes #如果为YES, all IP addresses in $work_dir/allowed-host will be considered suspicious, if set to No, All the results in the allowd-hosts attempt to log in will not send a warning message! All IP addresses that are not in the $work_dir/allowed-host face will send a warning!
Hostname_lookup=no #是否做域名反解, whether to resolve the IP address to the host name.
Lock_file =/var/run/denyhosts.pid #定义PID文件的位置 to ensure that only one denyhost process is running at the same time

############ these SETTINGS ARE OPTIONAL ########### #这里的设置是可选的

Admin_email = Root@localhost #当有人试图登录发送邮件. The premise is that this machine must be able to send mail to the line!
Smtp_host = localhost #指定smtp服务器
Smtp_port = #指定SMTP端口号
Smtp_from = DenyHosts #指定发件人
Smtp_subject = DenyHosts #指定邮件主题
AGE_RESET_VALID=5D #多长时间后, the number of user login failures is set to 0, this refers to the user defined in the/etc/passwd, if not, will never be placed 0

age_reset_root=25d #多长时间后, the number of ROOT login failures is 0, and if not set, 0 will never be placed
age_reset_restricted=25d #在 the user defined by the $WORK _dir/hosts-restricted time, the number of failed times counter is set to 0
age_reset_invalid=10d #无效用户 (user not in/etc/passwd) number of failed count counters, how long to be set to 0
Reset_on_success = yes #当某个IP使用某个用户登录成功后, the number of user failures that the IP corresponds to will be set to 0

Daemon_log =/var/log/denyhosts #当denyhost运行在守护进程模式的时候, location of log file storage
Daemon_sleep = 30s #轮询查看SSHD日志的间隔
Daemon_purge = 1h #多长时间清空 The IP address in the $HOSTS _deny, this setting will be invalid if Purge_deny is empty
In fact, the default configuration I think enough, to modify the ROOT of the number of failures, the default is 1, generally modified to 3-5 on the line, Deny_threshold_root = 3
Hostname_lookup=no Turn off reverse parsing, Purge_deny = 30m Block 30 minutes!
3, restart/etc/init.d/denyhosts restart
4. Set power-on self-starter
# vi/etc/rc.local
Add the following command
/usr/share/denyhosts/daemon-control start

Note: If you have a lot of previous logon failures, it is best to clear the SSH login record before installing denyhosts
echo "" >/var/log/auth.log, or it may be sealed after the completion of the installation.
If you have been blocked by yourself, you can use the following methods to unlock yourself.

1. Close DenyHosts Service

/etc/init.d/denyhosts stop

2. Empty the login log of the system

echo "" >/var/log/auth.log

3. Into the/var/lib/denyhosts directory, the directory of all the contents of the file is emptied (this is denyhosts own log directory)
4. Run Vi/etc/hosts.deny to remove its own IP.

5. Restart DenyHosts

/etc/init.d/denyhosts restart

The CentOS is much simpler.

RPM-UVH http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
Yum Install DenyHosts

Chkconfig--add denyhosts
Chkconfig denyhosts on

Service denyhosts Restart