Setup denyhosts » Historie » Version 3
Jeremias Keihsler, 13.04.2019 12:01
1 | 3 | Jeremias Keihsler | h1. Install Procedure for denyhosts (depreciated ... use [[fail2ban]] instead) |
---|---|---|---|
2 | 1 | Jeremias Keihsler | |
3 | h2. Requirements |
||
4 | |||
5 | To install denyhosts you will need the following: |
||
6 | * a installed and supported operating system (e.g. CentOS 7.x) |
||
7 | * root-access |
||
8 | * a fast internet connection |
||
9 | * [[repo_epel|EPEL]] |
||
10 | |||
11 | h2. Preliminary Note |
||
12 | |||
13 | This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/ |
||
14 | |||
15 | h2. Install |
||
16 | |||
17 | <pre><code class="bash"> |
||
18 | yum install denyhosts |
||
19 | </code></pre> |
||
20 | |||
21 | h2. configure |
||
22 | |||
23 | h3. whitelist IPs |
||
24 | |||
25 | <pre><code class="bash"> |
||
26 | vim /etc/hosts.allow |
||
27 | </code></pre> |
||
28 | |||
29 | <pre> |
||
30 | Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows. |
||
31 | |||
32 | # |
||
33 | # hosts.allow This file contains access rules which are used to |
||
34 | # allow or deny connections to network services that |
||
35 | # either use the tcp_wrappers library or that have been |
||
36 | # started through a tcp_wrappers-enabled xinetd. |
||
37 | # |
||
38 | # See 'man 5 hosts_options' and 'man 5 hosts_access' |
||
39 | # for information on rule syntax. |
||
40 | # See 'man tcpd' for information on tcp_wrappers |
||
41 | # |
||
42 | sshd: 28.119.25.113 |
||
43 | sshd: 28.119.25.114 |
||
44 | sshd: 28.119.25.115 |
||
45 | sshd: 28.119.25.116 |
||
46 | </pre> |
||
47 | |||
48 | h3. blacklist IPs |
||
49 | |||
50 | <pre><code class="bash"> |
||
51 | vim /etc/hosts.deny |
||
52 | </code></pre> |
||
53 | |||
54 | <pre> |
||
55 | # |
||
56 | # hosts.deny This file contains access rules which are used to |
||
57 | # deny connections to network services that either use |
||
58 | # the tcp_wrappers library or that have been |
||
59 | # started through a tcp_wrappers-enabled xinetd. |
||
60 | # |
||
61 | # The rules in this file can also be set up in |
||
62 | # /etc/hosts.allow with a 'deny' option instead. |
||
63 | # |
||
64 | # See 'man 5 hosts_options' and 'man 5 hosts_access' |
||
65 | # for information on rule syntax. |
||
66 | # See 'man tcpd' for information on tcp_wrappers |
||
67 | # |
||
68 | sshd: 28.119.25.117 |
||
69 | sshd: 28.119.25.118 |
||
70 | </pre> |
||
71 | |||
72 | h3. email-alerts |
||
73 | |||
74 | denyhosts is well integrated into [[setup_logwatch|logwatch]] but if you are into noise you may also send mails from denyhosts directly. |
||
75 | |||
76 | <pre><code class="bash"> |
||
77 | vim /etc/denyhosts.conf |
||
78 | </code></pre> |
||
79 | |||
80 | <pre> |
||
81 | ############ DENYHOSTS REQUIRED SETTINGS ############ |
||
82 | SECURE_LOG = /var/log/secure |
||
83 | HOSTS_DENY = /etc/hosts.deny |
||
84 | BLOCK_SERVICE = sshd |
||
85 | DENY_THRESHOLD_INVALID = 5 |
||
86 | DENY_THRESHOLD_VALID = 10 |
||
87 | DENY_THRESHOLD_ROOT = 1 |
||
88 | DENY_THRESHOLD_RESTRICTED = 1 |
||
89 | WORK_DIR = /var/lib/denyhosts |
||
90 | SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES |
||
91 | HOSTNAME_LOOKUP=YES |
||
92 | LOCK_FILE = /var/lock/subsys/denyhosts |
||
93 | |||
94 | ############ DENYHOSTS OPTIONAL SETTINGS ############ |
||
95 | ADMIN_EMAIL = support@techoism.com |
||
96 | SMTP_HOST = localhost |
||
97 | SMTP_PORT = 25 |
||
98 | SMTP_FROM = DenyHosts |
||
99 | SMTP_SUBJECT = DenyHosts Daily Report |
||
100 | |||
101 | ############ DENYHOSTS OPTIONAL SETTINGS ############ |
||
102 | DAEMON_LOG = /var/log/denyhosts |
||
103 | DAEMON_SLEEP = 30s |
||
104 | DAEMON_PURGE = 1h |
||
105 | </pre> |
||
106 | |||
107 | h2. Service |
||
108 | |||
109 | <pre><code class="bash"> |
||
110 | systemctl start denyhosts |
||
111 | systemctl enable denyhosts |
||
112 | </code></pre> |
||
113 | |||
114 | h2. Remove banned IP |
||
115 | |||
116 | If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service. |
||
117 | |||
118 | <pre><code class="bash"> |
||
119 | systemctl stop denyhosts |
||
120 | </code></pre> |
||
121 | |||
122 | To remove or delete banned IP address completely. You need to remove the IP address from the following files. |
||
123 | |||
124 | <pre><code class="bash"> |
||
125 | vim /etc/hosts.deny |
||
126 | vim /var/lib/denyhosts/hosts |
||
127 | vim /var/lib/denyhosts/hosts-restricted |
||
128 | vim /var/lib/denyhosts/hosts-root |
||
129 | vim /var/lib/denyhosts/hosts-valid |
||
130 | vim /var/lib/denyhosts/users-hosts |
||
131 | </code></pre> |
||
132 | |||
133 | After removing the banned IP Address, start the service again. |
||
134 | |||
135 | <pre><code class="bash"> |
||
136 | systemctl start denyhosts |
||
137 | </code></pre> |