Projekt

Allgemein

Profil

Aktionen

Install Procedure for denyhosts (depreciated ... use fail2ban instead)

Requirements

To install denyhosts you will need the following:
  • a installed and supported operating system (e.g. CentOS 7.x)
  • root-access
  • a fast internet connection
  • EPEL

Preliminary Note

This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/

Install

yum install denyhosts

configure

whitelist IPs

vim /etc/hosts.allow
Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows.

#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.113
sshd: 28.119.25.114
sshd: 28.119.25.115
sshd: 28.119.25.116

blacklist IPs

vim /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.117
sshd: 28.119.25.118

email-alerts

denyhosts is well integrated into logwatch but if you are into noise you may also send mails from denyhosts directly.

vim /etc/denyhosts.conf
############ DENYHOSTS REQUIRED SETTINGS ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts

############ DENYHOSTS OPTIONAL SETTINGS ############
ADMIN_EMAIL = support@techoism.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts 
SMTP_SUBJECT = DenyHosts Daily Report

############ DENYHOSTS OPTIONAL SETTINGS ############
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h

Service

systemctl start denyhosts
systemctl enable denyhosts

Remove banned IP

If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service.

systemctl stop denyhosts

To remove or delete banned IP address completely. You need to remove the IP address from the following files.

vim /etc/hosts.deny
vim /var/lib/denyhosts/hosts
vim /var/lib/denyhosts/hosts-restricted
vim /var/lib/denyhosts/hosts-root
vim /var/lib/denyhosts/hosts-valid
vim /var/lib/denyhosts/users-hosts

After removing the banned IP Address, start the service again.

systemctl start denyhosts

Von Jeremias Keihsler vor mehr als 5 Jahren aktualisiert · 4 Revisionen