View unanswered posts    View active topics

All times are UTC - 6 hours





Post new topic Reply to topic  [ 1 post ] 
Print view Previous topic   Next topic  
Author Message
Search for:
PostPosted: Mon Apr 14, 2008 10:17 pm 
Offline
Joined: Fri Oct 20, 2006 12:04 pm
Posts: 905
Location: LA, CA
After suffering (noticing) a 8 hour brute force attack on my test box, I installed DenyHosts and put the box back on the street. So far, this little proggy has banished all further attacks, pronto. There is a couple minor tweaks needed to get it going, but I've tried to document.

Code:
##Installing and configuring DenyHosts##
$ cd /tmp

$ wget http://internap.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz

$ tar zxvf DenyHosts-2.6.tar.gz

$ cd DenyHosts-2.6

##As root

# python setup.py install

# cd /usr/share/denyhosts

# cp denyhosts.cfg-dist denyhosts.cfg

# nano denyhosts.cfg

####Make the needed changes to .cfg file

#comment out all options but the following:

SECURE_LOG = /var/log/auth.log

HOSTS_DENY = /etc/hosts.deny

PURGE_DENY =

BLOCK_SERVICE  = sshd #Note you might want to change this one to: = ALL

DENY_THRESHOLD_INVALID = 2

DENY_THRESHOLD_VALID = 3

DENY_THRESHOLD_ROOT = 2

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /usr/share/denyhosts/data

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=YES

LOCK_FILE = /var/run/denyhosts.pid

#Optional settings can be setup to email you when denyhosts blocks an ip address.

####

# cp daemon-control-dist daemon-control

# nano daemon-control

####Make the needed changes to daemon

DENYHOSTS_LOCK  = "/var/run/denyhosts.pid"

PYTHON_BIN      = "/usr/bin/python"

####

# chown root daemon-control

# chmod 700 daemon-control

#### Next to start and set to start at next boot

# /usr/share/denyhosts/daemon-control start

# cd /etc/init.d

# ln -s /usr/share/denyhosts/daemon-control denyhosts

# update-rc.d denyhosts defaults

##########FINISHED############


To make sure DenyHosts is running, check the log (# cat /var/log/denyhosts) I have it set up to email me when and IP gets banished to the cornfield.


Top
 Profile  
 

Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 


All times are UTC - 6 hours




Who is online

Users browsing this forum: Google [Bot] and 18 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Jump to:  
cron
Powered by phpBB® Forum Software © phpBB Group

Theme Created By ceyhansuyu