Linux prevents sshd from being exploded (install denyhosts)

This is a collection in the log of the document, the original view server sshd log found a lot of unknown IP attempts to log in, so what to prevent such a thing to happen. Online to find the next use denyhosts can solve such problems, so it will be collected in the log. Because the time is longer, cannot find the source of the original text, if you know the source, you can contact me plus. All right, in the chase.

DenyHosts is a program written in Python2.3, it is mainly based on the system log files/var/log/secure file analysis, when the same IP is found in multiple SSH password attempts will be recorded IP to/etc/ Hosts.deny file to automatically block the IP.

First, check the installation environment:

1) determine if the system installed SSHD supports Tcp_wrappers (supported by default), the command is as follows:

ldd/usr/sbin/sshd | grep libwrap.so. 0

If there is output: libwrap.so.0 =/lib64/libwrap.so.0 is supported

2) Determine if there is Python (CentOS is default):

Python-v

As long as the system Python version is not less than version 2.3 (native version of Python 2.6.5).

Second, installation denyhosts

1, download denyhosts-2.6.tar.gz and upload to the server, you can load the latest program in http://denyhosts.sourceforge.net/.

2. Installation

1), unzip

tar -zxvf denyhosts-2.6. tar. gz

2), installation

CD denyhosts-2.6Install

Program scripts are automatically installed in:/usr/share/denyhosts directory
Library files installed in:/usr/lib/python2.6/site-packages/denyhosts directory
denyhosts.py installed by default in:/usr/bin/directory

3. Set Startup script

cd/usr/share/denyhosts/cp daemon-control-dist daemon-controlchown root daemon-  Controlchmod Daemon-control

# #将denyhosts A line not beginning with "#" in Cfg-dist, write Denyhosts.cfg file

grep " ^# " denyhosts.cfg-dist > Denyhosts.cfg

Edit Denyhosts.cfg

VI denyhosts.cfg

Specific configuration items can refer to the following configuration:

############ These SETTINGS is REQUIRED ############ # #分析源文件 Secure_log=/var/log/Secure # #禁止sshd登陆的IP存放文件 Hosts_deny=/etc/Hosts.deny # #过多久后清除已经禁止的IP Purge_deny=1d # #监控的服务名 Block_service=sshd # #表示允许无效用户登录失败的次数 Deny_threshold_invalid=3# #表示允许普通用户登录失败的次数 Deny_threshold_valid=3# #表示允许root用户登录失败的次数 Deny_threshold_root=3deny_threshold_restricted=1Work_dir=/usr/share/denyhosts/Data suspicious_login_report_allowed_hosts=YES # #是否做域名反解 Hostname_lookup=NO Lock_file=/var/lock/subsys/denyhosts

4. Add denyhosts to system service and start automatically

1), self-starting

Vi

Add the following line at the end

/usr/share/denyhosts/daemon-control start

2), add to System services

Ln -s/usr/share/denyhosts/daemon-control/etc/init.d/--345 denyhosts on

5. Start DenyHosts

Service DenyHosts Start

6. See if the denyhosts is running successfully

Service denyhosts Status

Display: DenyHosts is running with PID = XXXX, which runs successfully.

7, at this point, DenyHosts is also configured to complete; In addition, the default port of sshd is modified, combined with denyhosts can prevent most sshd brute force.

Linux prevents sshd from being exploded (install denyhosts)