Core, centos) and other log files. When the same IP address is found to be used for multiple SSH password attempts, the IP address will be recorded in the/etc/hosts. deny file to automatically block this
IP address.
Denyhosts Official Website
For: http://denyhosts.sourceforge.net
I. Check installation requirements
First check whether sshd supports
Tcpwrap. denyhost can be installed only when tcpwrap is supported.
LDD/usr/sbin/sshd | grep wrap
Check again
Python version. Python or later versions can be directly installed.
Python-V
Ii. Install denyhost
Starting from
Download from sourceforge.net
Wget
Http://umn.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
Into
Extract the row and enter the source directory.
Tar-xzvf DenyHosts-2.6.tar.gz
CD DenyHosts-2.6
Executive
Install Python scripts,
Python setup. py install
The script is automatically installed to/usr/share.
/Denyhosts
Library files are automatically installed in/usr/lib/python2.3/Site-packages
/Denyhosts
Install denyhosts. py to/usr/bin
Yes
Modify the following parts: 1,/usr/share/denyhosts/daemon-controlPYTHON_BIN =
"/Usr/bin/ENV Python"
Change
Python_bin =
"/Usr/local/Python-2.4/bin/Python"
#! /Usr/bin/ENV Python
Change
Is #! /Usr/local/Python-2.4/bin/Python
Denyhosts_bin =
"/Usr/bin/denyhosts. py"
Change to denyhosts_bin =
"/Usr/local/Python-2.4/bin/denyhosts. py"
2. CP
-RP/usr/local/Python-2.4/lib/python2.4/Site-packages/denyhosts/
/Usr/local/Python-2.4/lib/python2.4/
3,
III:
Set the Startup Script
CD/usr/share/denyhosts/
Copy template files
CP
Daemon-control-Dist daemon-control
Set the user and permission of the Startup Script
Chown root
Daemon-control
Chmod 700 daemon-control
Generate the main configuration file of the denyhost
The header is # And then imported to denyhost. cfg)
Grep-V "^ #" denyhosts. cfg-Dist>
Denyhosts. cfg
Edit the denyhost. cfg file and modify it as needed.
---------------- Denyhosts. cfg ------------------------
Secure_log =/var/log/secure
Purge_deny =
2 h
# After a long time, this parameter will also be affected by daemon_purge =, for example, daemon_purge = 1 h, that is
1 h. Set to purge_deny> daemon_purge
Deny_threshold_invalid
= 1
# Number of Logon failures allowed for invalid users (not listed in/etc/passwd)
Deny_threshold_valid
= 5
# Number of Logon failures allowed for valid (common) Users
Deny_threshold_root =
3
# Number of root logon failures allowed
Hostname_lookup = No
#
Domain Name anti-resolution?
Daemon_purge = 1 h
# How long does it take to execute a preset cleanup, such:
---------------- Denyhosts. cfg ------------------------
Set
Add the denyhost STARTUP script to Automatic startup
Echo '/usr/share/denyhosts/daemon-control
Start '>/etc/rc. d/rc. Local
Start the denyhost Process
/Usr/share/denyhosts/daemon-control
Start
You can see that denyhost is running.
PS-Ef | grep deny
Use SSH to connect to another machine.
After the wrong password is entered several times in a row, it will be automatically blocked and cannot be connected to the log file recorded by the SSH connection within a certain period of time.
Tail/var/log/secure-F
Denyhost
Log Files
Tail/var/log/denyhosts-F
Denyhost records the IP addresses of malicious connections to the hosts. deny file.
Clear the file after a certain time (the time set in denyhost. cfg)
VI/etc/hosts. Deny
Others:
Age_reset_valid = 5d
Age_reset_root = 25D
Age_reset_restricted = 25D
Age_reset_invalid = 10D
Use
How long will the logon Failure count be reset to 0?
Reset_on_success = Yes
If an IP address is successfully logged on, the logon count fails.
Whether to reset to 0
Except that an IP address is not blocked.
Additionally, as of v1.0.3, a valid
Hostname can also be placed in the allowed-hosts
File. For each
Hostname appearing in this file, the IP address
Will be
Resolved and any SSH connections that match either this hostname or this
Resolved IP address will not be blocked
To reset a blocked IP Address:
To
Force a reset of your blocked IP address you can stop the DH daemon.
Search for your IP address in all of the files in work_dir (Login T
Allowed_hosts), edit those files and remove the line containing your IP
Address. Start DH.
I wrote a script to reset the blocked IP address.
========================================================== ========================================================== ========
#! /Bin/sh
Echook
()
{
Echo-ne "/033 [40C ["
Echo-ne "/033 [32 m"
Echo-ne
"/033 [1C OK"
Echo-ne "/033 [39 m"
Echo-ne "/033 [1C]/n"
}
Echo
-E "shutting down denyhost :"
/Usr/share/denyhosts/daemon-control
Stop #>/dev/null 2> & 1
Echook
Echo ""
Echo ""
Echo
-E "input the IP which you want to reset:/C"
Read IP
Path =/usr/share/denyhosts/data/
Files = $ (/bin/ls
$ PATH | grep ^ hosts | grep-v tmp)
For I in $ files
Do
Sed "/$ IP/D"
$ PATH $ I> $ PATH $ I. tmp
Cat $ PATH $ I. tmp> $ PATH $ I
Sed "/$ IP/D"
/Etc/hosts. Deny>/etc/hosts. Deny. tmp1
CAT/etc/hosts. Deny. tmp1
>/Etc/hosts. Deny
Rm $ PATH $ I. tmp
Done
Echo "restting IP: $ IP"
# Echo
"Starting up denyhost :"
/Usr/share/denyhosts/daemon-control start
Echook
========================================================== ========================================================== ========
| 2009-05-20 11:14:23, 091-prefs: info block_service: [sshd FTP ] 2009-05-20 11:14:23, 091-prefs: info daemon_log: [/Var/log/denyhosts] 11:14:23, 091-prefs: info Daemon_log_message_format: [% (asctime) S-% (name)-12 s: % (Levelname)-8 S % (Message) S] 2009-05-20 11:14:23, 091-prefs: info daemon_log_time_format: [none] 2009-05-20 11:14:23, 092-prefs: info daemon_purge: [3600] |
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
