Use denyhosts to prevent SSH brute force attacks

Overview:Nowadays, the Internet is very insecure. Many people use some scanners to scan the ssh port and try to connect to the SSH port for brute force cracking. Therefore, we recommend that you use the VPs host space, set a complex SSH logon password as much as possible. For details about how to configure Secure SSH services, refer to the article "Configure Secure SSH service on a VPs host". How can I prevent such attacks, you can use the denyhosts software. denyhosts is a program written in Python. It will analyze the sshd log file, when repeated attacks are discovered, IP addresses are recorded in/etc/hosts. deny file to automatically block IP addresses.

Denyhosts Official Website: http://denyhosts.sourceforge.net

Purpose:Block unauthorized access to our SSH ports, resulting in excessive load

Environment:Centos5 for VPs host use

Installation:

I. Use the original code for Installation

1. Download and decompress the original file

wget http://downloads.sourceforge.net/denyhosts/DenyHosts-2.6.tar.gztar zxvf DenyHosts-2.6.tar.gzcd DenyHosts-2.6

2. installation, configuration, and startup

python setup.py install

By default, it is installed in the/usr/share/denyhosts/directory and the configuration file is modified in the corresponding directory.

cd /usr/share/denyhosts/cp denyhosts.cfg-dist denyhosts.cfgcp daemon-control-dist daemon-control

The default settings are applicable to the centos system environment. You can run the VI command to view denyhosts. cfg and daemon-control, which are described in detail.
Run the following command to start the denyhosts program:

chown root daemon-controlchmod 700 daemon-control./daemon-control start

If You Want To Enable Automatic startup of denyhosts after each restart, you also need to make the following settings:

cd /etc/init.dln -s /usr/share/denyhosts/daemon-control denyhostschkconfig --add denyhostschkconfig --level 2345 denyhosts on

Or modify the/etc/rc. Local file:

echo "/usr/share/denyhosts/daemon-control start" >> /etc/rc.local

Description of denyhosts configuration file denyhosts. cfg:

Secure_log =/var/log/secure # sshd log file, which is determined based on this file. The file names vary slightly in different operating systems. Hosts_deny =/etc/hosts. deny # control the user's login file purge_deny = 5 m # How long will it take to clear the blocked block_service = sshd # The service name deny_threshold_invalid = 1 # The number of times deny_threshold_valid = 10 # deny_threshold_root = 5 # Number of Root Login failures allowed hostname_lookup = No # whether domain name anti-solution daemon_log =/var/log/denyhosts # denyhosts Log File

For more information, see the built-in readme text file.

Ii. Use the yum command to install

1. Download and install epel rpm

cd /tmpwget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpmrpm -Uhv epel-release-5-3.noarch.rpm

2. Run the yum command to install denyhosts.

yum install denyhosts

Main configuration file/etc/denyhosts. cfg, you can check to make sure that the configuration is suitable for your environment
3. Add a system to start and run automatically

chkconfig --add denyhostschkconfig denyhosts on

To add an IP address or segment to the whitelist, run the following command to avoid blocking the IP address.

echo '208.85.151.*' >> /var/lib/denyhosts/allowed-hosts

In this way, 208.85.151. * is not restricted by this program. Set it according to your own environment.
4. Finally start the service

service denyhosts start

Reference file:

Https://boxpanel.blueboxgrp.com/public/the_vault/index.php/Installing_DenyHosts

Http://www.sofee.cn/blog/2006/10/22/51/