Http://moo1985.blog.51cto.com/401365/290662
Http://www.lllusion.com /? P = 437
Denyhosts is a program written in Python. It analyzes the sshd log file (/var/log/secure ), when a replay attack is detected, the IP address is recorded in/etc/hosts. deny file to achieve the automatic screen IP function.
Enter the topic.
1. Installation script
Requires that the Installation server be able to access the Internet and create a/workspace directory
########## ########################
#! /Bin/bash
Wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz
# Download Software
Tar-zxvf DenyHosts-2.6.tar.gz
# Decompress
Music DenyHosts-2.6 denyhost
# Change the name for convenience
CD denyhost/
# Enter the Directory
Yum install Python-y
# Installing Python
Python setup. py install
# Install denyhost, script
CD/usr/share/denyhosts/
# Enter the configuration directory
CP daemon-control-Dist daemon-control
# Change the configuration file name for convenience
CP denyhosts. cfg-Dist denyhosts. cfg
# Modifying the service file name
Chown root daemon-control
Chmod 700 daemon-control
# Improving the security level and modifying Permissions
Ln-S/usr/share/denyhosts/daemon-control/etc/init. d/denyhosts
# Create a startup service connection
Chkconfig denyhosts on
# Add a startup Item
CP denyhosts. cfg denyhosts. cfg. Bak
# Back up the configuration file to prepare for Configuration Modification
CAT/workspace/denyhost.txt & gt;/usr/share/denyhosts. cfg
# Import the configuration file content to the configuration file (my configuration file has been configured before installation !)
/Etc/init. d/denyhosts start
# Start the service
Echo install succeed!
2. Configuration File Content
CAT/workspace/denyhost.txt & gt;/usr/share/denyhosts. cfg
############ ######################
[[Email protected] workspace] # More denyhost.txt
Secure_log =/var/log/secure
# SSH log files
Hosts_deny =/etc/hosts. Deny
# Write the blocked IP address to hosts. Deny
Purge_deny = 5 m
# How long will it take to clear prohibited items? W indicates weeks, d Indicates days, h indicates hours, s indicates seconds, and M indicates minutes.
Block_service = sshd
# Blocked service name
Deny_threshold_invalid = 5
# Number of Logon failures of invalid users (not listed in/etc/passwd) and the number of Logon failures of invalid users are allowed.
Deny_threshold_valid = 5
# Number of Logon failures allowed for common users
Deny_threshold_root = 5
# Number of root logon failures allowed
Deny_threshold_restricted = 1
# Set the deny host to be written to this folder
Work_dir =/usr/share/denyhosts/Data
# Record the deny host or IP address to work_dir
Suspicious_login_report_allowed_hosts = Yes
Hostname_lookup = Yes
# Whether domain name resolution is performed
Lock_file =/var/lock/subsys/denyhosts
# Record the PID started by denyhots to lock_file. Make sure that the service is correctly started to prevent multiple services from being started at the same time.
Admin_email = [email protected]
# Set the Administrator email address
Smtp_host = localhost
Smtp_port = 25
Smtp_from = denyhosts <[email protected]>
Smtp_subject = denyhosts report
Age_reset_valid = 1d
# Time when the logon Failure count of a valid user is set to zero
Age_reset_root = 1d
# Time when the logon Failure count of the root user is zero
Age_reset_restricted = 5d
# Time when the user's logon Failure count is reset to 0 (/usr/share/denyhosts/data/restricted-usernames)
Age_reset_invalid = 10D
# Return time of Logon Failure count of invalid users
Daemon_log =/var/log/denyhosts
# Your own log files
Daemon_sleep = 30 s
Daemon_purge = 5 m
# This item is set to the same as purge_deny, which is also the time for clearing hosts. deniedssh users.
3. Others
############################# 3 ########## #####################
If you want to delete a disabled Host IP address and add it to the allowed host instance table, it is useless to delete it only in/etc/hosts. Deny. Enter the/var/lib/denyhosts directory and perform the following operations:
1. Stop the denyhosts service: $ sudo service denyhosts stop
2. Delete the Host IP address you want to cancel in/etc/hosts. Deny.
3. Edit all the files in the denyhosts working directory
$ Sudo grep 192.168.1.191/usr/share/denyhosts/data /*
Delete the lines of the Host IP address in the file one by one:
*/Usr/share/denyhosts/data/hosts
*/Usr/share/denyhosts/data/hosts-restricted
*/Usr/share/denyhosts/data/hosts-Root
*/Usr/share/denyhosts/data/hosts-valid
*/Usr/share/denyhosts/data/users-hosts
4. Add the Host IP address you want to allow
/Var/lib/denyhosts/allowed-hosts
VI/usr/share/denyhosts/data/allowed-hostsps
# We mustn't block localhost
127.0.0.1
192.168.1 .*
5. Start the denyhosts service: Service denyhosts start
Troubleshooting
# Service denyhost start
Starting denyhosts:/usr/bin/ENV Python/usr/bin/denyhosts. py -- daemon
-- Config =/usr/share/denyhosts. cfg
Python: Can't open file '/usr/bin/denyhosts. py': [errno 2] No such file or
Directory
CD/usr/share/denyhosts/
VI daemon-control
Denyhosts_bin = "/usr/bin/denyhosts. py"
Change
Denyhosts_bin = "/usr/local/bin/denyhosts. py"
CD/usr/local/lib/python2.7/Site-packages/
CP-RP denyhosts/usr/lib/python2.4/Site-packages/
/Etc/init. d/denyhosts restart