Denyhosts installation and configuration

Http://moo1985.blog.51cto.com/401365/290662

Http://www.lllusion.com /? P = 437

Denyhosts is a program written in Python. It analyzes the sshd log file (/var/log/secure ), when a replay attack is detected, the IP address is recorded in/etc/hosts. deny file to achieve the automatic screen IP function.

Enter the topic.

1. Installation script
Requires that the Installation server be able to access the Internet and create a/workspace directory

########## ########################
#! /Bin/bash

Wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz
# Download Software

Tar-zxvf DenyHosts-2.6.tar.gz
# Decompress

Music DenyHosts-2.6 denyhost
# Change the name for convenience

CD denyhost/
# Enter the Directory

Yum install Python-y
# Installing Python

Python setup. py install
# Install denyhost, script

CD/usr/share/denyhosts/
# Enter the configuration directory

CP daemon-control-Dist daemon-control
# Change the configuration file name for convenience

CP denyhosts. cfg-Dist denyhosts. cfg
# Modifying the service file name

Chown root daemon-control
Chmod 700 daemon-control
# Improving the security level and modifying Permissions

Ln-S/usr/share/denyhosts/daemon-control/etc/init. d/denyhosts
# Create a startup service connection

Chkconfig denyhosts on
# Add a startup Item

CP denyhosts. cfg denyhosts. cfg. Bak
# Back up the configuration file to prepare for Configuration Modification

CAT/workspace/denyhost.txt & gt;/usr/share/denyhosts. cfg
# Import the configuration file content to the configuration file (my configuration file has been configured before installation !)

/Etc/init. d/denyhosts start
# Start the service

Echo install succeed!

2. Configuration File Content

CAT/workspace/denyhost.txt & gt;/usr/share/denyhosts. cfg
############ ######################

[[Email protected] workspace] # More denyhost.txt
Secure_log =/var/log/secure
# SSH log files

Hosts_deny =/etc/hosts. Deny
# Write the blocked IP address to hosts. Deny

Purge_deny = 5 m
# How long will it take to clear prohibited items? W indicates weeks, d Indicates days, h indicates hours, s indicates seconds, and M indicates minutes.

Block_service = sshd
# Blocked service name

Deny_threshold_invalid = 5
# Number of Logon failures of invalid users (not listed in/etc/passwd) and the number of Logon failures of invalid users are allowed.

Deny_threshold_valid = 5
# Number of Logon failures allowed for common users

Deny_threshold_root = 5
# Number of root logon failures allowed

Deny_threshold_restricted = 1
# Set the deny host to be written to this folder

Work_dir =/usr/share/denyhosts/Data
# Record the deny host or IP address to work_dir
Suspicious_login_report_allowed_hosts = Yes

Hostname_lookup = Yes
# Whether domain name resolution is performed

Lock_file =/var/lock/subsys/denyhosts
# Record the PID started by denyhots to lock_file. Make sure that the service is correctly started to prevent multiple services from being started at the same time.

Admin_email = [email protected]
# Set the Administrator email address
Smtp_host = localhost
Smtp_port = 25
Smtp_from = denyhosts <[email protected]>
Smtp_subject = denyhosts report

Age_reset_valid = 1d
# Time when the logon Failure count of a valid user is set to zero

Age_reset_root = 1d
# Time when the logon Failure count of the root user is zero

Age_reset_restricted = 5d
# Time when the user's logon Failure count is reset to 0 (/usr/share/denyhosts/data/restricted-usernames)

Age_reset_invalid = 10D
# Return time of Logon Failure count of invalid users

Daemon_log =/var/log/denyhosts
# Your own log files

Daemon_sleep = 30 s

Daemon_purge = 5 m
# This item is set to the same as purge_deny, which is also the time for clearing hosts. deniedssh users.

3. Others
############################# 3 ########## #####################

If you want to delete a disabled Host IP address and add it to the allowed host instance table, it is useless to delete it only in/etc/hosts. Deny. Enter the/var/lib/denyhosts directory and perform the following operations:

1. Stop the denyhosts service: $ sudo service denyhosts stop

2. Delete the Host IP address you want to cancel in/etc/hosts. Deny.

3. Edit all the files in the denyhosts working directory
$ Sudo grep 192.168.1.191/usr/share/denyhosts/data /*

Delete the lines of the Host IP address in the file one by one:
*/Usr/share/denyhosts/data/hosts
*/Usr/share/denyhosts/data/hosts-restricted
*/Usr/share/denyhosts/data/hosts-Root
*/Usr/share/denyhosts/data/hosts-valid
*/Usr/share/denyhosts/data/users-hosts
4. Add the Host IP address you want to allow
/Var/lib/denyhosts/allowed-hosts

VI/usr/share/denyhosts/data/allowed-hostsps
# We mustn't block localhost
127.0.0.1
192.168.1 .*

5. Start the denyhosts service: Service denyhosts start

 

Troubleshooting

# Service denyhost start
Starting denyhosts:/usr/bin/ENV Python/usr/bin/denyhosts. py -- daemon

-- Config =/usr/share/denyhosts. cfg
Python: Can't open file '/usr/bin/denyhosts. py': [errno 2] No such file or

Directory

CD/usr/share/denyhosts/
VI daemon-control
Denyhosts_bin = "/usr/bin/denyhosts. py"
Change
Denyhosts_bin = "/usr/local/bin/denyhosts. py"

CD/usr/local/lib/python2.7/Site-packages/
CP-RP denyhosts/usr/lib/python2.4/Site-packages/
/Etc/init. d/denyhosts restart