Setup denyhosts » Historie » Revision 3
Revision 2 (Jeremias Keihsler, 13.04.2019 12:00) → Revision 3/4 (Jeremias Keihsler, 13.04.2019 12:01)
h1. Install Procedure for denyhosts (depreciated ... use [[fail2ban]] fail2ban instead) h2. Requirements To install denyhosts you will need the following: * a installed and supported operating system (e.g. CentOS 7.x) * root-access * a fast internet connection * [[repo_epel|EPEL]] h2. Preliminary Note This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/ h2. Install <pre><code class="bash"> yum install denyhosts </code></pre> h2. configure h3. whitelist IPs <pre><code class="bash"> vim /etc/hosts.allow </code></pre> <pre> Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows. # # hosts.allow This file contains access rules which are used to # allow or deny connections to network services that # either use the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 28.119.25.113 sshd: 28.119.25.114 sshd: 28.119.25.115 sshd: 28.119.25.116 </pre> h3. blacklist IPs <pre><code class="bash"> vim /etc/hosts.deny </code></pre> <pre> # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 28.119.25.117 sshd: 28.119.25.118 </pre> h3. email-alerts denyhosts is well integrated into [[setup_logwatch|logwatch]] but if you are into noise you may also send mails from denyhosts directly. <pre><code class="bash"> vim /etc/denyhosts.conf </code></pre> <pre> ############ DENYHOSTS REQUIRED SETTINGS ############ SECURE_LOG = /var/log/secure HOSTS_DENY = /etc/hosts.deny BLOCK_SERVICE = sshd DENY_THRESHOLD_INVALID = 5 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /var/lib/denyhosts SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/lock/subsys/denyhosts ############ DENYHOSTS OPTIONAL SETTINGS ############ ADMIN_EMAIL = support@techoism.com SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts SMTP_SUBJECT = DenyHosts Daily Report ############ DENYHOSTS OPTIONAL SETTINGS ############ DAEMON_LOG = /var/log/denyhosts DAEMON_SLEEP = 30s DAEMON_PURGE = 1h </pre> h2. Service <pre><code class="bash"> systemctl start denyhosts systemctl enable denyhosts </code></pre> h2. Remove banned IP If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service. <pre><code class="bash"> systemctl stop denyhosts </code></pre> To remove or delete banned IP address completely. You need to remove the IP address from the following files. <pre><code class="bash"> vim /etc/hosts.deny vim /var/lib/denyhosts/hosts vim /var/lib/denyhosts/hosts-restricted vim /var/lib/denyhosts/hosts-root vim /var/lib/denyhosts/hosts-valid vim /var/lib/denyhosts/users-hosts </code></pre> After removing the banned IP Address, start the service again. <pre><code class="bash"> systemctl start denyhosts </code></pre>