Projekt

Allgemein

Profil

Setup denyhosts » Historie » Version 1

Jeremias Keihsler, 20.01.2017 08:00

1 1 Jeremias Keihsler
h1. Install Procedure for denyhosts
2
3
h2. Requirements
4
5
To install denyhosts you will need the following:
6
* a installed and supported operating system (e.g. CentOS 7.x)
7
* root-access
8
* a fast internet connection
9
* [[repo_epel|EPEL]]
10
11
h2. Preliminary Note
12
13
This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/
14
15
h2. Install 
16
17
<pre><code class="bash">
18
yum install denyhosts
19
</code></pre>
20
21
h2. configure
22
23
h3. whitelist IPs
24
25
<pre><code class="bash">
26
vim /etc/hosts.allow
27
</code></pre>
28
29
<pre>
30
Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows.
31
32
#
33
# hosts.allow   This file contains access rules which are used to
34
#               allow or deny connections to network services that
35
#               either use the tcp_wrappers library or that have been
36
#               started through a tcp_wrappers-enabled xinetd.
37
#
38
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
39
#               for information on rule syntax.
40
#               See 'man tcpd' for information on tcp_wrappers
41
#
42
sshd: 28.119.25.113
43
sshd: 28.119.25.114
44
sshd: 28.119.25.115
45
sshd: 28.119.25.116
46
</pre>
47
48
h3. blacklist IPs
49
50
<pre><code class="bash">
51
vim /etc/hosts.deny
52
</code></pre>
53
54
<pre>
55
#
56
# hosts.deny    This file contains access rules which are used to
57
#               deny connections to network services that either use
58
#               the tcp_wrappers library or that have been
59
#               started through a tcp_wrappers-enabled xinetd.
60
#
61
#               The rules in this file can also be set up in
62
#               /etc/hosts.allow with a 'deny' option instead.
63
#
64
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
65
#               for information on rule syntax.
66
#               See 'man tcpd' for information on tcp_wrappers
67
#
68
sshd: 28.119.25.117
69
sshd: 28.119.25.118
70
</pre>
71
72
h3. email-alerts
73
74
denyhosts is well integrated into [[setup_logwatch|logwatch]] but if you are into noise you may also send mails from denyhosts directly.
75
76
<pre><code class="bash">
77
vim /etc/denyhosts.conf
78
</code></pre>
79
80
<pre>
81
############ DENYHOSTS REQUIRED SETTINGS ############
82
SECURE_LOG = /var/log/secure
83
HOSTS_DENY = /etc/hosts.deny
84
BLOCK_SERVICE  = sshd
85
DENY_THRESHOLD_INVALID = 5
86
DENY_THRESHOLD_VALID = 10
87
DENY_THRESHOLD_ROOT = 1
88
DENY_THRESHOLD_RESTRICTED = 1
89
WORK_DIR = /var/lib/denyhosts
90
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
91
HOSTNAME_LOOKUP=YES
92
LOCK_FILE = /var/lock/subsys/denyhosts
93
94
############ DENYHOSTS OPTIONAL SETTINGS ############
95
ADMIN_EMAIL = support@techoism.com
96
SMTP_HOST = localhost
97
SMTP_PORT = 25
98
SMTP_FROM = DenyHosts 
99
SMTP_SUBJECT = DenyHosts Daily Report
100
101
############ DENYHOSTS OPTIONAL SETTINGS ############
102
DAEMON_LOG = /var/log/denyhosts
103
DAEMON_SLEEP = 30s
104
DAEMON_PURGE = 1h
105
</pre>
106
107
h2. Service 
108
109
<pre><code class="bash">
110
systemctl start denyhosts
111
systemctl enable denyhosts
112
</code></pre>
113
114
h2. Remove banned IP
115
116
If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service.
117
118
<pre><code class="bash">
119
systemctl stop denyhosts
120
</code></pre>
121
122
To remove or delete banned IP address completely. You need to remove the IP address from the following files.
123
124
<pre><code class="bash">
125
vim /etc/hosts.deny
126
vim /var/lib/denyhosts/hosts
127
vim /var/lib/denyhosts/hosts-restricted
128
vim /var/lib/denyhosts/hosts-root
129
vim /var/lib/denyhosts/hosts-valid
130
vim /var/lib/denyhosts/users-hosts
131
</code></pre>
132
133
After removing the banned IP Address, start the service again.
134
135
<pre><code class="bash">
136
systemctl start denyhosts
137
</code></pre>