LinHES Forums http://forum.linhes.org/ |
|
Added security with DenyHosts http://forum.linhes.org/viewtopic.php?f=3&t=18174 |
Page 1 of 1 |
Author: | Too Many Secrets [ Mon Apr 14, 2008 10:17 pm ] |
Post subject: | Added security with DenyHosts |
After suffering (noticing) a 8 hour brute force attack on my test box, I installed DenyHosts and put the box back on the street. So far, this little proggy has banished all further attacks, pronto. There is a couple minor tweaks needed to get it going, but I've tried to document. Code: ##Installing and configuring DenyHosts##
$ cd /tmp $ wget http://internap.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz $ tar zxvf DenyHosts-2.6.tar.gz $ cd DenyHosts-2.6 ##As root # python setup.py install # cd /usr/share/denyhosts # cp denyhosts.cfg-dist denyhosts.cfg # nano denyhosts.cfg ####Make the needed changes to .cfg file #comment out all options but the following: SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.deny PURGE_DENY = BLOCK_SERVICE = sshd #Note you might want to change this one to: = ALL DENY_THRESHOLD_INVALID = 2 DENY_THRESHOLD_VALID = 3 DENY_THRESHOLD_ROOT = 2 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/share/denyhosts/data SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/run/denyhosts.pid #Optional settings can be setup to email you when denyhosts blocks an ip address. #### # cp daemon-control-dist daemon-control # nano daemon-control ####Make the needed changes to daemon DENYHOSTS_LOCK = "/var/run/denyhosts.pid" PYTHON_BIN = "/usr/bin/python" #### # chown root daemon-control # chmod 700 daemon-control #### Next to start and set to start at next boot # /usr/share/denyhosts/daemon-control start # cd /etc/init.d # ln -s /usr/share/denyhosts/daemon-control denyhosts # update-rc.d denyhosts defaults ##########FINISHED############ To make sure DenyHosts is running, check the log (# cat /var/log/denyhosts) I have it set up to email me when and IP gets banished to the cornfield. |
Page 1 of 1 | All times are UTC - 6 hours |
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/ |