Linux prevents sshd from being exploded (install denyhosts)

Source: Internet
Author: User
Tags system log

This is a collection in the log of the document, the original view server sshd log found a lot of unknown IP attempts to log in, so what to prevent such a thing to happen. Online to find the next use denyhosts can solve such problems, so it will be collected in the log. Because the time is longer, cannot find the source of the original text, if you know the source, you can contact me plus. All right, in the chase.

DenyHosts is a program written in Python2.3, it is mainly based on the system log files/var/log/secure file analysis, when the same IP is found in multiple SSH password attempts will be recorded IP to/etc/ Hosts.deny file to automatically block the IP.

First, check the installation environment:

1) determine if the system installed SSHD supports Tcp_wrappers (supported by default), the command is as follows:

ldd/usr/sbin/sshd | grep libwrap.so. 0 

If there is output: libwrap.so.0 =/lib64/libwrap.so.0 is supported

2) Determine if there is Python (CentOS is default):

Python-v

As long as the system Python version is not less than version 2.3 (native version of Python 2.6.5).

Second, installation denyhosts

1, download denyhosts-2.6.tar.gz and upload to the server, you can load the latest program in http://denyhosts.sourceforge.net/.

2. Installation

1), unzip

TAR-ZXVF denyhosts-2.6.  tar.gz 

2), installation

CD denyhosts-2.6Install 

Program scripts are automatically installed in:/usr/share/denyhosts directory
Library files installed in:/usr/lib/python2.6/site-packages/denyhosts directory
denyhosts.py installed by default in:/usr/bin/directory

3. Set Startup script

cd/usr/share/denyhosts/CP daemon-control-dist daemon-controlchown root daemon-control700 Daemon-control    

# #将denyhosts A line not beginning with "#" in Cfg-dist, write Denyhosts.cfg file

"^#" denyhosts.cfg-dist > Denyhosts.cfg 

Edit Denyhosts.cfg

VI denyhosts.cfg

Specific configuration items can refer to the following configuration:

############ These SETTINGS is REQUIRED ############ # #分析源文件 Secure_log =/var/log/Secure # #禁止sshd登陆的IP存放文件 Hosts_deny =/etc/Hosts.deny # #过多久后清除已经禁止的IP Purge_deny =1d # #监控的服务名 block_service = sshd # #表示允许无效用 Number of user logon failures Deny_threshold_invalid = 3 # #表示允许普通用户登录失败的次数 deny_threshold_valid = 3 # #表示允许root用户登录失败 The number of times Deny_threshold_root = 3 deny_threshold_restricted = 1 work_dir =/usr/share/denyhosts/data suspicious_login_report_allowed_hosts=YES # #是否做域名反解 hostname_lookup=NO lock_file =/var/lock/subsys/ DenyHosts            

4. Add denyhosts to system service and start automatically

1), self-starting

Add the following line at the end

/usr/share/denyhosts/daemon-control start

2), add to System services

Ln-s/usr/share/denyhosts/daemon-control/etc/init.d/denyhostschkconfig--345 denyhosts  on

5. Start DenyHosts

Service DenyHosts Start

6. See if the denyhosts is running successfully

Service denyhosts Status

Display: DenyHosts is running with PID = XXXX, which runs successfully.

7, at this point, DenyHosts is also configured to complete; In addition, the default port of sshd is modified, combined with denyhosts can prevent most sshd brute force.

Linux prevents sshd from being exploded (install denyhosts)

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.