Overview:Nowadays, the Internet is very insecure. Many people use some scanners to scan the ssh port and try to connect to the SSH port for brute force cracking. Therefore, we recommend that you use the VPs host space, set a complex SSH logon password as much as possible. For details about how to configure Secure SSH services, refer to the article "Configure Secure SSH service on a VPs host". How can I prevent such attacks, you can use the denyhosts software. denyhosts is a program written in Python. It will analyze the sshd log file, when repeated attacks are discovered, IP addresses are recorded in/etc/hosts. deny file to automatically block IP addresses.
Denyhosts Official Website: http://denyhosts.sourceforge.net
Purpose:Block unauthorized access to our SSH ports, resulting in excessive load
Environment:Centos5 for VPs host use
Installation:
I. Use the original code for Installation
1. Download and decompress the original file
wget http://downloads.sourceforge.net/denyhosts/DenyHosts-2.6.tar.gztar zxvf DenyHosts-2.6.tar.gzcd DenyHosts-2.6
2. installation, configuration, and startup
python setup.py install
By default, it is installed in the/usr/share/denyhosts/directory and the configuration file is modified in the corresponding directory.
cd /usr/share/denyhosts/cp denyhosts.cfg-dist denyhosts.cfgcp daemon-control-dist daemon-control
The default settings are applicable to the centos system environment. You can run the VI command to view denyhosts. cfg and daemon-control, which are described in detail.
Run the following command to start the denyhosts program:
chown root daemon-controlchmod 700 daemon-control./daemon-control start
If You Want To Enable Automatic startup of denyhosts after each restart, you also need to make the following settings:
cd /etc/init.dln -s /usr/share/denyhosts/daemon-control denyhostschkconfig --add denyhostschkconfig --level 2345 denyhosts on
Or modify the/etc/rc. Local file:
echo "/usr/share/denyhosts/daemon-control start" >> /etc/rc.local
Description of denyhosts configuration file denyhosts. cfg:
Secure_log =/var/log/secure # sshd log file, which is determined based on this file. The file names vary slightly in different operating systems. Hosts_deny =/etc/hosts. deny # control the user's login file purge_deny = 5 m # How long will it take to clear the blocked block_service = sshd # The service name deny_threshold_invalid = 1 # The number of times deny_threshold_valid = 10 # deny_threshold_root = 5 # Number of Root Login failures allowed hostname_lookup = No # whether domain name anti-solution daemon_log =/var/log/denyhosts # denyhosts Log File
For more information, see the built-in readme text file.
Ii. Use the yum command to install
1. Download and install epel rpm
cd /tmpwget http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-3.noarch.rpmrpm -Uhv epel-release-5-3.noarch.rpm
2. Run the yum command to install denyhosts.
yum install denyhosts
Main configuration file/etc/denyhosts. cfg, you can check to make sure that the configuration is suitable for your environment
3. Add a system to start and run automatically
chkconfig --add denyhostschkconfig denyhosts on
To add an IP address or segment to the whitelist, run the following command to avoid blocking the IP address.
echo '208.85.151.*' >> /var/lib/denyhosts/allowed-hosts
In this way, 208.85.151. * is not restricted by this program. Set it according to your own environment.
4. Finally start the service
service denyhosts start
Reference file:
Https://boxpanel.blueboxgrp.com/public/the_vault/index.php/Installing_DenyHosts
Http://www.sofee.cn/blog/2006/10/22/51/