How to install and configure DenyHosts tool

Use DenyHosts to perform automatic screen ip function. It is necessary to master the installation of DenyHosts in Linux system. How to install DenyHosts tool in Linux system? How to configure after installation? This is what users need to learn.

denyhosts is a security tool, written in Python for server access logs to monitor, prevent virtual dedicated server brute force attacks. The project works by prohibiting IP addresses that fail more than a certain number of failed login attempts.

Step one, install denyhosts

Yes, denyhosts are easy to install on Ubuntu

sudo apt-get install denyhosts

Once the program is downloaded, Denyhosts will be automatically installed and configured on your VPS.

Step 2: Whitelist IP Address

In your installed denyhosts, be sure to whitelist your own IP address. Skip this step will put you at risk of locking yourself out of your own machine.

Open the list of hosts allowed in your VPS:

sudo nano /etc/hosts.allow

According to the description, no IP address can be added from the server. You can write on each separate line using this format:

sshd: yourip

After making any changes, be sure to restart denyhosts to make the new settings take your virtual Effects on a dedicated server:

sudo /etc/init.d/denyhosts restart

Step 3 (Optional) Configured denyhosts

Yes, denyhosts are always available, As long as the installation is over.

However, if you want to customize the behavior of your VPS's denyhosts, you can make changes in the DenyHost configuration file:

sudo nano /etc/denyhosts.conf

DenyHosts parameter configuration

# cd /usr/share/denyhosts/#DenyHosts default installation directory

# cp denyhosts.cfg-dist denyhosts.cfg

# vi denyhosts.cfg #DenyHostsConfiguration File

SECURE_LOG = /var/log/secure #sshLog File

# format is: i[dhwmy]

# Where i is an integer (eg 7)

#m = minutes

#h = hours

#d = days

# w = weeks

# y = years

#

# never purge:

PURGE_DENY = 50m #Clean up blocked IP

HOSTS_DENY = /etc/hosts. Deny # will block IP writes to hosts.deny

BLOCK_SERVICE = sshd #block service name

DENY_THRESHOLD_INVALID = 1 #allow invalid user login failures

DENY_THRESHOLD_VALID = 10 #Number of failed login attempts for ordinary users

DENY_THRESHOLD_ROOT = 5 #Number of failed login attempts allowed

WORK_DIR = /usr/local/share/denyhosts/data #登登的host or ip记录To Work_dir

DENY_THRESHOLD_RESTRICTED = 1 #Set deny host Write to this folder

LOCK_FILE = /var/lock/subsys/denyhosts #Write the pid record started by DenyHOts to LOCK_FILE, It has been ensured that the service starts correctly and prevents multiple services from being started at the same time.

HOSTNAME_LOOKUP=NO #Do you want to do domain name resolving

ADMIN_EMAIL = #Set administrator email address

DAEMON_LOG = /var/log/denyhosts #自己的日志文件

DAEMON_PURGE = 10m #This is the same as PURGE_DENY and also the time to clear the hosts.deniedssh user.

DenyHosts startup file configuration

# cp daemon-control-dist daemon-control

# chown root daemon-control

# chmod 700 daemon-control

# . /daemon-control start #Start DenyHosts

#ln -s /usr/share/denyhosts/daemon-control /etc/init.d #software connection to daemon-control for easy management

Installation to this step is complete.

#/etc/init.d/daemon-control start #Start denyhosts

#chkconfig daemon-control on #设置denghosts is set to boot

Add to auto restart

# vi /etc/rc.local

Add the following command

/usr/share/denyhosts/daemon-control start

View Attacks Ip record

# vi /etc/hosts.deny

The above is the introduction of the Linux installation and configuration of DenyHosts. After configuring the DenyHosts tool, you can use DenyHosts to analyze the log files. .