DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP
 addresses. DenyHosts is developed by Phil Schwartz, who is also the developer of Kodos Python Regular Expression Debugger.
Install DenyHosts
First, add the EPEL repository. Then simply install the package from the EPEL repository:
# yum install denyhosts
Configure DenyHosts
Before starting DenyHosts, configure a white list of IPs that DenyHosts should never block. Again, DenyHosts uses TCP Wrappers. Hence, edit /etc/hosts.allow and add IPs, entire subnets, etc. For example,
Start DenyHosts
# service denyhosts start
Configure the system to start DenyHosts at boot:
# chkconfig denyhosts on
Basic things to be aware of:
  • IPs to white list should be added to /etc/hosts.allow.
  • IPs that DenyHosts blocks will be added to /etc/hosts.deny.
  • The DenyHosts configuration file is /etc/denyhosts.conf.
  • DenyHosts logs everything that it does to /var/log/denyhosts.
  • DenyHosts watches /var/log/secure for SSH login attempts.
  • If a host is ever added to the block list by mistake, just remove it from /etc/hosts.deny. You can also manually add hosts you want to block.
Go through the DenyHosts configuration file (/etc/denyhosts.conf) and tune it to your liking. Be sure to restart DenyHosts (service denyhosts restart) if you change anything.

About Author:

I am a Linux Administrator and Security Expert with this site i can help lot's of people about linux knowladge and as per security expert i also intersted about hacking related news.TwitterFacebook

Newer Post
Older Post


Post a Comment