Difference between revisions of "DenyHosts Setup"

From PCLinuxOSHelp Knowledge Base
Jump to: navigation, search
m (made changes to make instructions clearer)
 
(One intermediate revision by the same user not shown)
Line 8: Line 8:
 
'''''STEP 2:''''' Configure Denyhosts
 
'''''STEP 2:''''' Configure Denyhosts
  
The default configuration file is located at '''''/etc/denyhosts/denyhosts.cfg'''''. You need to allow yourself access sshd.
+
The default configuration file is located at '''''/etc/denyhosts.conf'''''. You need to allow yourself access sshd.
  
 
Using your favorite text editor.<br>
 
Using your favorite text editor.<br>
Line 16: Line 16:
 
Save and close the file.
 
Save and close the file.
  
'''''STEP 3:''''' Open denyhosts.cfg and change admin email. You will get an email on newly restricted hosts and IPs. If you do not want, leave it with #. Use your favorite text editor and open '''''/etc/denyhosts/denyhosts.cfg''''' and edit this line.
+
'''''STEP 3:''''' <br>
 +
Open denyhosts.conf and change admin email. You will get an email on newly restricted hosts and IPs. <br>
 +
If you do not want a email notification, leave it with '''#'''. <br>
 +
Use your favorite text editor and open '''''/etc/denyhosts.conf''''' and edit (must be root) this line.<br>
  
 
'' # ADMIN_EMAIL =  youremail@yourdomain.com''
 
'' # ADMIN_EMAIL =  youremail@yourdomain.com''
Line 66: Line 69:
 
'''''service denyhosts stop'''''
 
'''''service denyhosts stop'''''
  
'''''STEP 2:'''' Remove Your IP From /etc/hosts.deny
+
'''''STEP 2:''''' Remove Your IP From /etc/hosts.deny
  
 
In your favorite text editor open '''''/etc/hosts.deny'''''<br>
 
In your favorite text editor open '''''/etc/hosts.deny'''''<br>
Line 72: Line 75:
 
Save and close the file.
 
Save and close the file.
  
'''''STEP 3:''''' Remove Your IP From ''/usr/share/denyhosts/data'' Directory.
+
'''''STEP 3:''''' You need to edit the following files using your favorite text editor and remove the lines containing the IP address.<br>
 +
These files are found in the '''''/var/lib/denyhosts''''' folder (you must be the root user to edited these files)
  
'''''cd /usr/share/denyhosts/data'''''
+
'''''Be sure to save each file you edit.'''''
 
 
You need to edit the following files using your favorite text editor and remove the lines containing the IP address.
 
 
<pre>
 
<pre>
 
1.hosts
 
1.hosts
Line 84: Line 86:
 
5.users-hosts
 
5.users-hosts
 
</pre>
 
</pre>
'''''Save the file.'''''
 
  
 
'''''STEP 4:''''' Start DenyHosts by executing, in a console window as the root user type in:
 
'''''STEP 4:''''' Start DenyHosts by executing, in a console window as the root user type in:

Latest revision as of 13:14, 13 August 2018

DenyHosts - Preventing Brute Forced Attacks

SSH Brute Force Attacks Protection using DenyHosts

You can easily block SSH server attacks including dictionary based attacks and brute force attacks using a Python based script – DenyHosts. It analyzes the sshd log messages to determine what hosts or IPs are attempting to hack into your system.

STEP 1: Open the package manager and install denyhosts
STEP 2: Configure Denyhosts

The default configuration file is located at /etc/denyhosts.conf. You need to allow yourself access sshd.

Using your favorite text editor.
Open /etc/hosts.allow (must be root user) and add the following line.
sshd:<your ip number>
For Example: sshd:127.0.0.0 <-- this is the localhost feedback loop
Save and close the file.

STEP 3:
Open denyhosts.conf and change admin email. You will get an email on newly restricted hosts and IPs.
If you do not want a email notification, leave it with #.
Use your favorite text editor and open /etc/denyhosts.conf and edit (must be root) this line.

# ADMIN_EMAIL = youremail@yourdomain.com

Save and close the file.

Your configuration file should look something like this:

############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
# PURGE_DENY = 7d (This will never delete or purge entries)
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 5
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = youremail@yourdomain.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosys <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report of your “System Name”
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h

Now, start this utility by executing, in a console window as the root user type in:

service denyhosts start


Removing a blocked IP

If your IP is blocked and you want to remove it, follow below steps to remove your IP from DenyHosts Database.

STEP 1: Stop DenyHosts first, in a console window as the root user type in:

service denyhosts stop

STEP 2: Remove Your IP From /etc/hosts.deny

In your favorite text editor open /etc/hosts.deny
Delete your IP address.
Save and close the file.

STEP 3: You need to edit the following files using your favorite text editor and remove the lines containing the IP address.
These files are found in the /var/lib/denyhosts folder (you must be the root user to edited these files)

Be sure to save each file you edit.

1.hosts
2.hosts-restricted
3.hosts-root
4.hosts-valid
5.users-hosts

STEP 4: Start DenyHosts by executing, in a console window as the root user type in:

service denyhosts start

That’s it…! You can access ssh service with same IP, which was earlier blocked !