Setup denyhosts » Historie » Revision 2
Revision 1 (Jeremias Keihsler, 20.01.2017 08:00) → Revision 2/4 (Jeremias Keihsler, 13.04.2019 12:00)
h1. Install Procedure for denyhosts (depreciated ... use fail2ban instead)
h2. Requirements
To install denyhosts you will need the following:
* a installed and supported operating system (e.g. CentOS 7.x)
* root-access
* a fast internet connection
* [[repo_epel|EPEL]]
h2. Preliminary Note
This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/
h2. Install
<pre><code class="bash">
yum install denyhosts
</code></pre>
h2. configure
h3. whitelist IPs
<pre><code class="bash">
vim /etc/hosts.allow
</code></pre>
<pre>
Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows.
#
# hosts.allow This file contains access rules which are used to
# allow or deny connections to network services that
# either use the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.113
sshd: 28.119.25.114
sshd: 28.119.25.115
sshd: 28.119.25.116
</pre>
h3. blacklist IPs
<pre><code class="bash">
vim /etc/hosts.deny
</code></pre>
<pre>
#
# hosts.deny This file contains access rules which are used to
# deny connections to network services that either use
# the tcp_wrappers library or that have been
# started through a tcp_wrappers-enabled xinetd.
#
# The rules in this file can also be set up in
# /etc/hosts.allow with a 'deny' option instead.
#
# See 'man 5 hosts_options' and 'man 5 hosts_access'
# for information on rule syntax.
# See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.117
sshd: 28.119.25.118
</pre>
h3. email-alerts
denyhosts is well integrated into [[setup_logwatch|logwatch]] but if you are into noise you may also send mails from denyhosts directly.
<pre><code class="bash">
vim /etc/denyhosts.conf
</code></pre>
<pre>
############ DENYHOSTS REQUIRED SETTINGS ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts
############ DENYHOSTS OPTIONAL SETTINGS ############
ADMIN_EMAIL = support@techoism.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Daily Report
############ DENYHOSTS OPTIONAL SETTINGS ############
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
</pre>
h2. Service
<pre><code class="bash">
systemctl start denyhosts
systemctl enable denyhosts
</code></pre>
h2. Remove banned IP
If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service.
<pre><code class="bash">
systemctl stop denyhosts
</code></pre>
To remove or delete banned IP address completely. You need to remove the IP address from the following files.
<pre><code class="bash">
vim /etc/hosts.deny
vim /var/lib/denyhosts/hosts
vim /var/lib/denyhosts/hosts-restricted
vim /var/lib/denyhosts/hosts-root
vim /var/lib/denyhosts/hosts-valid
vim /var/lib/denyhosts/users-hosts
</code></pre>
After removing the banned IP Address, start the service again.
<pre><code class="bash">
systemctl start denyhosts
</code></pre>