SSH anti-brute force hack software denyhosts

Principle:

DenyHosts is a Python language written by an open source program, it will periodically analyze the login log of the sshd service, when the discovery of an IP for multiple SSH login and the number of failed login to the threshold, IP records will be recorded to/etc/ Hosts.deny file, through Tcpwrapper to achieve the function of automatic shielding IP.

TCP wrapper:

Tcpwrapper is a Unix Class Server to provide a Firewall service program, any XINETD-managed services can be tcpwrapper to set up a firewall, simply speaking, the source IP or domain to allow or deny access to the settings;

Configuration file:

/etc/init.d/hosts.allow defines the IP allowed access in this file

Daemon_list:client_list[:option]

Example: sshd:192.168.1 # allow 192.168.1.0/24 network segment all host access

/etc/init.d/hosts.deny the IP defined in this file does not allow access

Configuration Ibid.

Check Order:

Request

↓

Service--->/etc/hosts.allow---> Match success is released

↓

/etc/hosts.deny----> Match success is rejected

↓

No access allowed in two configuration files

Note: Two profiles are matched at the same time, Host.allow takes precedence.

Determine if the service supports Tcpwrapper control:

LDD ' which service name ' |grep Wrap

650) this.width=650; "src=" Http://s3.51cto.com/wyfs02/M00/83/86/wKiom1d06_TjxEVnAAAZ5JmhzYs412.png "title=" Qq20160630175233.png "alt=" Wkiom1d06_tjxevnaaaz5jmhzys412.png "/>

libwrap.so.0 Tcpwrapper's development library, software calls this library represents the Tcpwrapper control.

The latest version is 2.6 Last updated on 2008-10-04

Official website: http://denyhosts.sourceforge.net/

Faq:http://denyhosts.sourceforge.net/faq.html

: http://nbtelecom.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

Installation:

wget http://nbtelecom.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

Tar xvf denyhosts-2.6.tar.gz

CD denyhosts-2.6/

Python setup.py Install

The default is installed in the/usr/share/denyhosts/directory

Ln-s daemon_control/etc/init.d/denyhosts

# Service Script

CP Denyhosts.cfg-dist Denyhosts.cfg

# configuration file

Configuration file in detail: (Interception of useful parts)

# Redhat or Fedora Core:

#SECURE_LOG =/var/log/secure

# Readhat Series Landing Log Location

# mandrake, FreeBSD or OpenBSD:

Secure_log =/var/log/auth.log

# FreeBSD Series Landing Log Location

# SuSE:

#SECURE_LOG =/var/log/messages

# SuSE Series Login Log Location

Hosts_deny =/etc/hosts.deny

# tcpwrapper configuration file

Purge_deny = 5m

# time to clear blocked hosts

Block_service = sshd

# service names that are blocked after a successful match

Deny_threshold_invalid = 5

# Allow invalid user attempts to log on failed (user name not in/etc/passwd file)

Deny_threshold_valid = 10

# Number of failed login attempts (user name exists in/etc/passwd file)

Deny_threshold_root = 1 # Number of failed logins allowed for ROOT user

Work_dir =/usr/share/denyhosts/data

# DenyHosts's working directory will log deny hosts or IP to files in the work_dir/directory

Hostname_lookup=yes

# Whether to reverse the domain name

Lock_file =/var/run/denyhosts.pid

# PID file location, used to determine whether the denyhosts is in a running state

Admin_email = [EMAIL protected]

# Admin Email address (receive alert message)

Smtp_host = smtp.mxhichina.com

Smtp_port = 25

# SMTP Outgoing server address and port number

[Email protected]

Smtp_password=myispassword

# Sender ID and password

Smtp_from = [email protected]

# Sender Address

Smtp_subject = denyhosts Report

# Alert Message Subject

age_reset_valid=5d

# Normal user logon failure counter zero time

age_reset_root=25d

# Root user logon failure counter zero time

age_reset_restricted=25d

# Global User failed login count reset to 0 time (/usr/share/denyhosts/data/restricted-usernames)

age_reset_invalid=10d

# How long the invalid user failure count resets to 0

Reset_on_success = yes

# If a failed login count is reset to 0 after a successful IP login

Daemon_log =/var/log/denyhosts

# denyhosts log File location

Daemon_sleep = 30s

# The time interval for each log file to be read when running in the next mode

Daemon_purge = 1h

# How long does a preset cleanup

# How often to clear a host that has been banned, this value should be less than Purge_deny,purge_deny < Daemon_purge

Problems encountered:

1. The blocked host cannot be cleared after the purge time arrives

Solution: The actual clear time is determined by daemon_purge, this value is set and Purge_deny equal.

This article is from "the days when those tumultuous left." "Blog, be sure to keep this provenance http://linuxzj.blog.51cto.com/6160158/1794680

SSH anti-brute force hack software denyhosts