User Tools

Site Tools


linux:applications:denyhosts

DenyHosts

DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.

Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.

An email report can be sent to a system admin.

Installation

DenyHost 2.6 requires Python 2.4 to be installed

To get Python 2.4, the best is to install a source rpm (rpms) from the following location:

http://www.python.org/download/releases/2.4/rpms/.

Installation of python 2.4 (not needed for RedHat ES5):

wget python-<version>.src.rpm
rpmbuild --rebuild python-<version>.src.rpm

The denyhosts source rpm you will find on http://denyhosts.sourceforge.net. Installation of denyhosts:

wget  	DenyHosts-2.6-1.src.rpm
rpmbuild --rebuild DenyHosts-2.6-1.src.rpm

Configuration

You can adapt the denyhosts configuration based on your needs.

The configuration can be found at /usr/share/denyhost.

Just copy the example and adapt it:

cp denyhosts.cfg-dist denyhosts.cfg
vi denyhosts.cfg

Daemon configuration

An example configuration can be found under /usr/share/denyhost.

Copy the template and adapt it, if you need special settings as example for the python paths:

cp daemon-control-dist daemon-control
vi daemon-control-dist

An example configuration with adapted python path (find out path with 'which python'):

###############################################
#### Edit these to suit your configuration ####
###############################################
 
DENYHOSTS_BIN   = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"
 
PYTHON_BIN      = "/usr/local/bin/python"
 
###############################################
####         Do not edit below             ####
###############################################

Change ownership and make the code executable:

chown root daemon-control
chmod 700 daemon-control

Add daemon under system daemons

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig –-add denyhosts

Running DenyHosts

Finally, we start DenyHosts:

service denyhosts start
/srv/wiki.niwos.com/data/pages/linux/applications/denyhosts.txt · Last modified: 2009/08/15 12:14 (external edit)