LinHES Forums :: View topic - Added security with DenyHosts

##Installing and configuring DenyHosts##
$ cd /tmp

$ wget http://internap.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz

$ tar zxvf DenyHosts-2.6.tar.gz

$ cd DenyHosts-2.6

##As root

# python setup.py install

# cd /usr/share/denyhosts

# cp denyhosts.cfg-dist denyhosts.cfg

# nano denyhosts.cfg

####Make the needed changes to .cfg file

#comment out all options but the following:

SECURE_LOG = /var/log/auth.log

HOSTS_DENY = /etc/hosts.deny

PURGE_DENY =

BLOCK_SERVICE = sshd #Note you might want to change this one to: = ALL

DENY_THRESHOLD_INVALID = 2

DENY_THRESHOLD_VALID = 3

DENY_THRESHOLD_ROOT = 2

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /usr/share/denyhosts/data

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=YES

LOCK_FILE = /var/run/denyhosts.pid

#Optional settings can be setup to email you when denyhosts blocks an ip address.

####

# cp daemon-control-dist daemon-control

# nano daemon-control

####Make the needed changes to daemon

DENYHOSTS_LOCK = "/var/run/denyhosts.pid"

PYTHON_BIN = "/usr/bin/python"

####

# chown root daemon-control

# chmod 700 daemon-control

#### Next to start and set to start at next boot

# /usr/share/denyhosts/daemon-control start

# cd /etc/init.d

# ln -s /usr/share/denyhosts/daemon-control denyhosts

# update-rc.d denyhosts defaults

##########FINISHED############

Author:	Too Many Secrets [ Mon Apr 14, 2008 10:17 pm ]
Post subject:	Added security with DenyHosts
After suffering (noticing) a 8 hour brute force attack on my test box, I installed DenyHosts and put the box back on the street. So far, this little proggy has banished all further attacks, pronto. There is a couple minor tweaks needed to get it going, but I've tried to document. Code: ##Installing and configuring DenyHosts## $ cd /tmp $ wget http://internap.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz $ tar zxvf DenyHosts-2.6.tar.gz $ cd DenyHosts-2.6 ##As root # python setup.py install # cd /usr/share/denyhosts # cp denyhosts.cfg-dist denyhosts.cfg # nano denyhosts.cfg ####Make the needed changes to .cfg file #comment out all options but the following: SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.deny PURGE_DENY = BLOCK_SERVICE = sshd #Note you might want to change this one to: = ALL DENY_THRESHOLD_INVALID = 2 DENY_THRESHOLD_VALID = 3 DENY_THRESHOLD_ROOT = 2 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/share/denyhosts/data SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/run/denyhosts.pid #Optional settings can be setup to email you when denyhosts blocks an ip address. #### # cp daemon-control-dist daemon-control # nano daemon-control ####Make the needed changes to daemon DENYHOSTS_LOCK = "/var/run/denyhosts.pid" PYTHON_BIN = "/usr/bin/python" #### # chown root daemon-control # chmod 700 daemon-control #### Next to start and set to start at next boot # /usr/share/denyhosts/daemon-control start # cd /etc/init.d # ln -s /usr/share/denyhosts/daemon-control denyhosts # update-rc.d denyhosts defaults ##########FINISHED############ To make sure DenyHosts is running, check the log (# cat /var/log/denyhosts) I have it set up to email me when and IP gets banished to the cornfield.

LinHES Forums http://forum.linhes.org/

Added security with DenyHosts http://forum.linhes.org/viewtopic.php?f=3&t=18174	Page 1 of 1

Page 1 of 1	All times are UTC - 6 hours
Powered by phpBB® Forum Software © phpBB Group http://www.phpbb.com/