This is a python-script for the protection of ssh server, like fail2ban, but consumes
far less memory. The script parses the log file and finds failed login attempts and
prohibits login from these IP addresses.
Installation steps.
Installation process is simple and contains some steps:
1. Retrieve new lists of packages
sudo apt-get update
2. Installation DenyHosts:
sudo apt-get install denyhosts
If the process is successfully completed, you will see the information of the screen:
After installation you can add your IP address in whitelist:
sudo nano /etc/hosts.allow
and insert following string:
sshd: 12.34.45.678
Where “12.34.45.678” – your IP address
And restart denyhost:
sudo service denyhosts restart
Configuration denyhosts.
After the installation process, the DenyHosts is ready to work, but some
configuration options are noteworthy. All configuration values are in the file
/etc/denyhosts.conf
1. PURGE_DENY: removed HOSTS_DENY entries that are older than this
time.
Default value is empty and all listed ip-addresses remain in the file
/etc/hosts.deny forever.
2. BLOCK_SERVICE: the service name that should be blocked in
HOSTS_DENY
Default value = sshd, By default, the service protects only ssh server, but it
can be customized to other services.
3. ADMIN_EMAIL: if you would like to receive report from denyhosts.
Default value = root@localhost, but you can change this value to your email.
After changing the settings, you should restart the DenyHosts again:
sudo service denyhosts restart
The result of DenyHosts you can see in the file: /etc/hosts.deny
Provided by:Forthscale systems, cloud experts
1 comment:
I like denyhosts and have used it for years, but it seems like they've removed it from the official deb repository in 14.04, and you have to install it manually. See:
http://askubuntu.com/questions/433924/package-denyhosts-in-ubuntu-trusty-tahr-is-deleted-temporary-or-forever
I haven't messed around with the manual install yet.
Post a Comment