Using denyhosts to be able to do the function of automatic screen IP, master denyhosts install in Linux system is very necessary, then how to install DenyHosts tool in Linux system? How to configure after installation? This is what users need to learn.
DenyHosts is a security tool, written in Python, to monitor server access logs to prevent brute force attacks on virtual private servers. The project works by prohibiting the IP address of a failed login attempt exceeding a certain number of times.
Step One, install DenyHosts
Yes, DenyHosts is easy to install in Ubuntu
sudo apt-get install denyhosts
Once the program has been downloaded, denyhosts will automatically install and configure it on your VPS.
Step two, white list IP address
In the denyhosts you install, be sure to whitelist your own IP address. Skipping this step will give you the risk of locking yourself out of your own machine.
Open the list of allowed hosts on your VPS:
According to the description, in the inability to disallow any IP address additions from the server, you can write on each separate line using this format:
After making any changes, be sure to reboot the denyhosts so that the new settings will put the effect on your virtual private server:
DenyHosts of Step three (optional) configuration
Yes, DenyHosts is ready to use, as long as the installation is over.
However, if you want to customize your VPS's denyhosts behavior, you can make changes in the Denyhost configuration file:
DenyHosts parameter Configuration
# CP Denyhosts.cfg-dist Denyhosts.cfg
# VI Denyhosts.cfg #DenyHosts配置文件
Secure_log =/var/log/secure #ssh日志文件
# format Is:i[dhwmy]
# Where I am an integer (eg. 7)
# m = minutes
# h = Hours
# d = Days
# w = weeks
# y = Years
# Never Purge:
Purge_deny = 50m #过多久后清除已阻止IP
Hosts_deny =/etc/hosts.deny #将阻止IP写入到hosts. DENY
Block_service = sshd #阻止服务名
Deny_threshold_invalid = 1 #允许无效用户登录失败的次数
Deny_threshold_valid = #允许普通用户登录失败的次数
Deny_threshold_root = 5 #允许root登录失败的次数
Work_dir =/usr/local/share/denyhosts/data #将deny的host或ip纪录到Work_dir中
deny_threshold_restricted = 1 #设定 Deny host writes to the folder
Lock_file =/var/lock/subsys/denyhosts #将DenyHOts启动的pid纪录到LOCK_FILE中, ensured that the service started properly and prevented multiple services from starting at the same time.
Admin_email = #设置管理员邮件地址
Daemon_log =/var/log/denyhosts #自己的日志文件
Daemon_purge = 10m #该项与PURGE_DENY set to be the same, is also the time to clear hosts.deniedssh users.
DenyHosts Boot file configuration
# CP Daemon-control-dist Daemon-control
# chown Root Daemon-control
# chmod Daemon-control
# 。 /daemon-control Start #启动DenyHosts
#ln-S/USR/SHARE/DENYHOSTS/DAEMON-CONTROL/ETC/INIT.D soft connection #对daemon-control for easy management
Install to this step is done.
#/etc/init.d/daemon-control Start #启动denyhosts
#chkconfig Daemon-control on #将denghosts设成开机启动
Add to Automatic reboot
Add the following command
Viewing attack IP Records
The above is the Linux installation configuration DenyHosts method introduced, configure the DenyHosts tool, you can use denyhosts to analyze the log files.