Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security. 1. Install sudoapt-getinstalldenyhosts2. Configure/etc/denyhosts. conf. For details, see the sshd logon log file. Different systems are different. SECURE_LOG =/var/log/auth. log File HO
Scanning the Internet is common. To prevent brute-force cracking of ssh accounts and passwords, install denyhosts in Ubuntu to enhance system security.
1. Install
Sudo apt-get install denyhosts
2. Configure/etc/denyhosts. conf. Content reference:
Sshd logon log file. Different systems are different.
SECURE_LOG =/var/log/auth. log
Files restricted by host access
HOSTS_DENY =/etc/hosts. deny
Remove Old entries that have exceeded the following time in HOSTS_DENY
PURGE_DENY = 1 w
Blocked service. The default value is sshd, which can be set to other or all.
BLOCK_SERVICE = sshd
When the attempt to log on to the host using an invalid user fails more than the following times
DENY_THRESHOLD_INVALID = 3
For Valid users
DENY_THRESHOLD_VALID = 4
For root users
DENY_THRESHOLD_ROOT = 1
For Restricted Users
DENY_THRESHOLD_RESTRICTED = 1
DenyHosts is used to write data. You can see the records hosts, hosts-root, offset, users-hosts, users-valid, hosts-restricted, hosts-valid, suspicious-logins, and users-invalid.
WORK_DIR =/var/lib/denyhosts
When YES, if the permitted host is considered suspicious during login, the host is recorded. When the value is NO, if the permitted host is considered suspicious during login, the host is not recorded. All suspicious logins to hosts outside the permitted host range will be recorded.
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES
Reverse Domain Name explanation
HOSTNAME_LOOKUP = NO
This file exists, indicating that Denyhosts is running. It is used to ensure that only one instance is running at a time.
LOCK_FILE =/var/run/denyhosts. pid
Administrator EMail
ADMIN_EMAIL = root @ localhost
SMTP host settings. If you have SMTP service support, you can send an email to the Administrator.
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
If no logon attempt fails within the specified time, the failure count of the host is reset to 0. This value applies to logon attempts by all valid users (in/etc/passwd) except root. If not defined, this count will never be reset.
AGE_RESET_VALID = 5d
For root users
AGE_RESET_ROOT = 25d
For Restricted Users
AGE_RESET_RESTRICTED = 25d
For invalid users (not in/etc/passwd)
AGE_RESET_INVALID = 1 w
When the logon is successful, set the logon Failure count to 0. The default value is NO.
# RESET_ON_SUCCESS = yes
Denyhosts logs are left empty when running in the later mode.
# DAEMON_LOG =/var/log/denyhosts
The interval between each log file read when the log file is run in the later mode.
DAEMON_SLEEP = 30 s
When running in later mode, the clearing Mechanism terminates the old entry interval in HOSTS_DENY.
DAEMON_PURGE = 1 h
3. Restart Denyhosts
Sudo/etc/init. d/denyhosts restart