INSTALLING DENYHOSTS ON CENTOS 6
DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP
addresses. DenyHosts is developed by Phil Schwartz, who is also the developer of Kodos Python Regular Expression Debugger.
First, add the EPEL repository. Then simply install the package from the EPEL repository:
# yum install denyhosts
Before starting DenyHosts, configure a white list of IPs that DenyHosts should never block. Again, DenyHosts uses TCP Wrappers. Hence, edit /etc/hosts.allow and add IPs, entire subnets, etc. For example,
sshd: 188.8.131.52 sshd: 192.168.0.0/255.255.255.0
# service denyhosts start
Configure the system to start DenyHosts at boot:
# chkconfig denyhosts on
Basic things to be aware of:
- IPs to white list should be added to /etc/hosts.allow.
- IPs that DenyHosts blocks will be added to /etc/hosts.deny.
- The DenyHosts configuration file is /etc/denyhosts.conf.
- DenyHosts logs everything that it does to /var/log/denyhosts.
- DenyHosts watches /var/log/secure for SSH login attempts.
- If a host is ever added to the block list by mistake, just remove it from /etc/hosts.deny. You can also manually add hosts you want to block.
Go through the DenyHosts configuration file (/etc/denyhosts.conf) and tune it to your liking. Be sure to restart DenyHosts (service denyhosts restart) if you change anything.