====== DenyHosts ==
===== General ==

Denyhosts blocks IP addresses from which SSH breakin attempts are detected.

[[http://www.geekride.com/index.php/secure-your-ssh-server-with-denyhosts/|found here]] - [[ http://denyhosts.sourceforge.net/features.html|Homepage]]

Blocked IP addresses are added to ''/etc/hosts.deny''.

===== Slackware ==

DenyHosts is available at www.slackbuilds.org

After intall copy config files to /etc:
<code bash>
cp /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg
ln /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg.sborg
cp /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts
ln /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts.sborg
</code>

Edit ''/etc/rc.d/rc.denyhosts'':
<code diff>
--- rc.denyhosts.sborg  2006-04-22 01:04:43.000000000 +0200
+++ rc.denyhosts        2013-11-22 09:59:08.803109065 +0100
@@ -12,8 +12,8 @@
 ###############################################

 DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"
+DENYHOSTS_CFG   = "/etc/denyhosts.cfg"

 PYTHON_BIN      = "/usr/bin/env python"
</code>

Edit ''/etc/denyhosts.cfg'':
<code diff>
--- denyhosts.cfg.sborg 2006-08-20 16:09:57.000000000 +0200
+++ denyhosts.cfg       2013-11-22 10:21:38.564117102 +0100
@@ -9,13 +9,13 @@
 # argument
 #
 # Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
+#SECURE_LOG = /var/log/secure
 #
 # Mandrake, FreeBSD or OpenBSD:
 #SECURE_LOG = /var/log/auth.log
 #
 # SuSE:
-#SECURE_LOG = /var/log/messages
+SECURE_LOG = /var/log/messages
 #
 # Mac OS X (v10.4 or greater -
 #   also refer to:   http://www.denyhosts.net/faq.html#macos
@@ -55,10 +55,10 @@
 #            'y' = years
 #
 # never purge:
-PURGE_DENY =
+#PURGE_DENY =
 #
 # purge entries older than 1 week
-#PURGE_DENY = 1w
+PURGE_DENY = 1w
 #
 # purge entries older than 5 days
 #PURGE_DENY = 5d
@@ -192,10 +192,10 @@
 # running at a time.
 #
 # Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
+#LOCK_FILE = /var/lock/subsys/denyhosts
 #
 # Debian
-#LOCK_FILE = /var/run/denyhosts.pid
+LOCK_FILE = /var/run/denyhosts.pid
 #
 # Misc
 #LOCK_FILE = /tmp/denyhosts.lock</code>

Finally add 
  /etc/rc.d/rc.denyhosts start
to ''/etc/rc.d/rc.local''

More info at /usr/share/denyhosts/README.txt

FIXME Check if blocked hosts really get purged after 1 week!

===== Debian ==

Install denyhosts with ''aptitude install denyhosts''. This also adds the necessary autstart scripts and symlinks in ''/etc/init.d'', ''/etc/rcX.d'' and '''/etc/logrotate.d''. It further sets some default entries in ''/etc/hosts.deny'' and starts denyhosts.

Config file is ''/etc/denyhosts.conf''

By doing so, attackers will be blocked from all ports, e.g. HTTP as well. The IP addresses will be unblocked after half a year.
Then restart with ''/etc/init.d/denyhosts restart''.

===== Howto remove blocked adresses ==

The software stores its data internally, probably at ''/usr/share/denyhosts/data''. Manual changes in ''/etc/hosts.deny'' get overwritten!

Did not find anythind regarding this topic on the homepage of denyhosts. So here is workaround to delete //all// blocked hosts:

Stop daemon: ''/etc/rc.d/rc.denyhosts stop''
Set ''PURGE_DENY = 1m'' in ''/etc/denyhosts.cfg''
Run ''denyhosts.py --purge''
Restore ''PURGE_DENY = 1w'' in ''/etc/denyhosts.cfg''
Restart daemon: ''/etc/rc.d/rc.denyhosts start''