DokuWiki » Infrastructure » Operating System » CentOS 7

h1. Install Procedure for denyhosts

h2. Requirements

To install denyhosts you will need the following:

* a installed and supported operating system (e.g. CentOS 7.x)

* root-access

* a fast internet connection

* [[repo_epel|EPEL]]

h2. Preliminary Note

This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/

h2. Install 

<pre><code class="bash">

yum install denyhosts

</code></pre>

h2. configure

h3. whitelist IPs

<pre><code class="bash">

vim /etc/hosts.allow

</code></pre>

<pre>

Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows.

#

# hosts.allow   This file contains access rules which are used to

#               allow or deny connections to network services that

#               either use the tcp_wrappers library or that have been

#               started through a tcp_wrappers-enabled xinetd.

#

#               See 'man 5 hosts_options' and 'man 5 hosts_access'

#               for information on rule syntax.

#               See 'man tcpd' for information on tcp_wrappers

#

sshd: 28.119.25.113

sshd: 28.119.25.114

sshd: 28.119.25.115

sshd: 28.119.25.116

</pre>

h3. blacklist IPs

<pre><code class="bash">

vim /etc/hosts.deny

</code></pre>

<pre>

#

# hosts.deny    This file contains access rules which are used to

#               deny connections to network services that either use

#               the tcp_wrappers library or that have been

#               started through a tcp_wrappers-enabled xinetd.

#

#               The rules in this file can also be set up in

#               /etc/hosts.allow with a 'deny' option instead.

#

#               See 'man 5 hosts_options' and 'man 5 hosts_access'

#               for information on rule syntax.

#               See 'man tcpd' for information on tcp_wrappers

#

sshd: 28.119.25.117

sshd: 28.119.25.118

</pre>

h3. email-alerts

denyhosts is well integrated into [[setup_logwatch|logwatch]] but if you are into noise you may also send mails from denyhosts directly.

<pre><code class="bash">

vim /etc/denyhosts.conf

</code></pre>

<pre>

############ DENYHOSTS REQUIRED SETTINGS ############

SECURE_LOG = /var/log/secure

HOSTS_DENY = /etc/hosts.deny

BLOCK_SERVICE  = sshd

DENY_THRESHOLD_INVALID = 5

DENY_THRESHOLD_VALID = 10

DENY_THRESHOLD_ROOT = 1

DENY_THRESHOLD_RESTRICTED = 1

WORK_DIR = /var/lib/denyhosts

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

HOSTNAME_LOOKUP=YES

LOCK_FILE = /var/lock/subsys/denyhosts

############ DENYHOSTS OPTIONAL SETTINGS ############

ADMIN_EMAIL = support@techoism.com

SMTP_HOST = localhost

SMTP_PORT = 25

SMTP_FROM = DenyHosts 

SMTP_SUBJECT = DenyHosts Daily Report

############ DENYHOSTS OPTIONAL SETTINGS ############

DAEMON_LOG = /var/log/denyhosts

DAEMON_SLEEP = 30s

DAEMON_PURGE = 1h

</pre>

h2. Service 

<pre><code class="bash">

systemctl start denyhosts

systemctl enable denyhosts

</code></pre>

h2. Remove banned IP

If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service.

<pre><code class="bash">

systemctl stop denyhosts

</code></pre>

To remove or delete banned IP address completely. You need to remove the IP address from the following files.

<pre><code class="bash">

vim /etc/hosts.deny

vim /var/lib/denyhosts/hosts

vim /var/lib/denyhosts/hosts-restricted

vim /var/lib/denyhosts/hosts-root

vim /var/lib/denyhosts/hosts-valid

vim /var/lib/denyhosts/users-hosts

</code></pre>

After removing the banned IP Address, start the service again.

<pre><code class="bash">

systemctl start denyhosts

</code></pre>