Benutzer-Werkzeuge

Webseiten-Werkzeuge


becki:linux:denyhosts

DenyHosts

General

Denyhosts blocks IP addresses from which SSH breakin attempts are detected.

found here - Homepage

Blocked IP addresses are added to /etc/hosts.deny.

Slackware

DenyHosts is available at www.slackbuilds.org

After intall copy config files to /etc:

cp /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg
ln /usr/share/denyhosts/denyhosts.cfg-dist /etc/denyhosts.cfg.sborg
cp /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts
ln /usr/share/denyhosts/daemon-control-dist /etc/rc.d/rc.denyhosts.sborg

Edit /etc/rc.d/rc.denyhosts:

--- rc.denyhosts.sborg  2006-04-22 01:04:43.000000000 +0200
+++ rc.denyhosts        2013-11-22 09:59:08.803109065 +0100
@@ -12,8 +12,8 @@
 ###############################################
 
 DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
-DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
-DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
+DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"
+DENYHOSTS_CFG   = "/etc/denyhosts.cfg"
 
 PYTHON_BIN      = "/usr/bin/env python"

Edit /etc/denyhosts.cfg:

--- denyhosts.cfg.sborg 2006-08-20 16:09:57.000000000 +0200
+++ denyhosts.cfg       2013-11-22 10:21:38.564117102 +0100
@@ -9,13 +9,13 @@
 # argument
 #
 # Redhat or Fedora Core:
-SECURE_LOG = /var/log/secure
+#SECURE_LOG = /var/log/secure
 #
 # Mandrake, FreeBSD or OpenBSD:
 #SECURE_LOG = /var/log/auth.log
 #
 # SuSE:
-#SECURE_LOG = /var/log/messages
+SECURE_LOG = /var/log/messages
 #
 # Mac OS X (v10.4 or greater -
 #   also refer to:   http://www.denyhosts.net/faq.html#macos
@@ -55,10 +55,10 @@
 #            'y' = years
 #
 # never purge:
-PURGE_DENY =
+#PURGE_DENY =
 #
 # purge entries older than 1 week
-#PURGE_DENY = 1w
+PURGE_DENY = 1w
 #
 # purge entries older than 5 days
 #PURGE_DENY = 5d
@@ -192,10 +192,10 @@
 # running at a time.
 #
 # Redhat/Fedora:
-LOCK_FILE = /var/lock/subsys/denyhosts
+#LOCK_FILE = /var/lock/subsys/denyhosts
 #
 # Debian
-#LOCK_FILE = /var/run/denyhosts.pid
+LOCK_FILE = /var/run/denyhosts.pid
 #
 # Misc
 #LOCK_FILE = /tmp/denyhosts.lock

Finally add

/etc/rc.d/rc.denyhosts start

to /etc/rc.d/rc.local

More info at /usr/share/denyhosts/README.txt

FIXME Check if blocked hosts really get purged after 1 week!

Debian

Install denyhosts with aptitude install denyhosts. This also adds the necessary autstart scripts and symlinks in /etc/init.d, /etc/rcX.d and '/etc/logrotate.d. It further sets some default entries in /etc/hosts.deny and starts denyhosts.

Config file is /etc/denyhosts.conf

By doing so, attackers will be blocked from all ports, e.g. HTTP as well. The IP addresses will be unblocked after half a year.
Then restart with /etc/init.d/denyhosts restart.

Howto remove blocked adresses

The software stores its data internally, probably at /usr/share/denyhosts/data. Manual changes in /etc/hosts.deny get overwritten!

Did not find anythind regarding this topic on the homepage of denyhosts. So here is workaround to delete all blocked hosts:

Stop daemon: /etc/rc.d/rc.denyhosts stop Set PURGE_DENY = 1m in /etc/denyhosts.cfg Run denyhosts.py –purge Restore PURGE_DENY = 1w in /etc/denyhosts.cfg Restart daemon: /etc/rc.d/rc.denyhosts start

Cookies helfen bei der Bereitstellung von Inhalten. Diese Website verwendet Cookies. Mit der Nutzung der Website erklären Sie sich damit einverstanden, dass Cookies auf Ihrem Computer gespeichert werden. Außerdem bestätigen Sie, dass Sie unsere Datenschutzerklärung gelesen und verstanden haben. Wenn Sie nicht einverstanden sind, verlassen Sie die Website. Weitere Information
becki/linux/denyhosts.txt · Zuletzt geändert: 2016-03-11 09:10 von becki

Impressum - Datenschutzerklärung