Inhaltsverzeichnis
DenyHosts
General
Denyhosts blocks IP addresses from which SSH breakin attempts are detected.
Blocked IP addresses are added to /etc/hosts.deny.
Slackware
DenyHosts is available at www.slackbuilds.org
After intall copy config files to /etc:
cp /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg ln /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg.sborg cp /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts ln /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts.sborg
Edit /etc/rc.d/rc.denyhosts:
--- rc.denyhosts.sborg 2006-04-22 01:04:43.000000000 +0200 +++ rc.denyhosts 2013-11-22 09:59:08.803109065 +0100 @@ -12,8 +12,8 @@ ############################################### DENYHOSTS_BIN = "/usr/bin/denyhosts.py" -DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" -DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" +DENYHOSTS_LOCK = "/var/run/denyhosts.pid" +DENYHOSTS_CFG = "/etc/denyhosts.cfg" PYTHON_BIN = "/usr/bin/env python"
Edit /etc/denyhosts.cfg:
--- denyhosts.cfg.sborg 2006-08-20 16:09:57.000000000 +0200 +++ denyhosts.cfg 2013-11-22 10:21:38.564117102 +0100 @@ -9,13 +9,13 @@ # argument # # Redhat or Fedora Core: -SECURE_LOG = /var/log/secure +#SECURE_LOG = /var/log/secure # # Mandrake, FreeBSD or OpenBSD: #SECURE_LOG = /var/log/auth.log # # SuSE: -#SECURE_LOG = /var/log/messages +SECURE_LOG = /var/log/messages # # Mac OS X (v10.4 or greater - # also refer to: http://www.denyhosts.net/faq.html#macos @@ -55,10 +55,10 @@ # 'y' = years # # never purge: -PURGE_DENY = +#PURGE_DENY = # # purge entries older than 1 week -#PURGE_DENY = 1w +PURGE_DENY = 1w # # purge entries older than 5 days #PURGE_DENY = 5d @@ -192,10 +192,10 @@ # running at a time. # # Redhat/Fedora: -LOCK_FILE = /var/lock/subsys/denyhosts +#LOCK_FILE = /var/lock/subsys/denyhosts # # Debian -#LOCK_FILE = /var/run/denyhosts.pid +LOCK_FILE = /var/run/denyhosts.pid # # Misc #LOCK_FILE = /tmp/denyhosts.lock
Finally add
/etc/rc.d/rc.denyhosts start
to /etc/rc.d/rc.local
More info at /usr/share/denyhosts/README.txt
Check if blocked hosts really get purged after 1 week!
Debian
Install denyhosts with aptitude install denyhosts. This also adds the necessary autstart scripts and symlinks in /etc/init.d, /etc/rcX.d and '/etc/logrotate.d. It further sets some default entries in /etc/hosts.deny and starts denyhosts.
Config file is /etc/denyhosts.conf
By doing so, attackers will be blocked from all ports, e.g. HTTP as well. The IP addresses will be unblocked after half a year.
Then restart with /etc/init.d/denyhosts restart.
Howto remove blocked adresses
The software stores its data internally, probably at /usr/share/denyhosts/data. Manual changes in /etc/hosts.deny get overwritten!
Did not find anythind regarding this topic on the homepage of denyhosts. So here is workaround to delete all blocked hosts:
Stop daemon: /etc/rc.d/rc.denyhosts stop
Set PURGE_DENY = 1m in /etc/denyhosts.cfg
Run denyhosts.py –purge
Restore PURGE_DENY = 1w in /etc/denyhosts.cfg
Restart daemon: /etc/rc.d/rc.denyhosts start