Install Procedure for denyhosts (depreciated ... use fail2ban instead)¶

Requirements¶

To install denyhosts you will need the following:

a installed and supported operating system (e.g. CentOS 7.x)
root-access
a fast internet connection
EPEL

Preliminary Note¶

This procedure is based on a documentation supplied by http://www.techoism.com/block-ssh-server-attacks-using-denyhosts-in-centosrhel-567/

Install¶

yum install denyhosts

configure¶

whitelist IPs¶

vim /etc/hosts.allow

Below the description, add the each IP address one-by-one on a separate line, that you never want to block. The format should be as follows.

#
# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.113
sshd: 28.119.25.114
sshd: 28.119.25.115
sshd: 28.119.25.116

blacklist IPs¶

vim /etc/hosts.deny

#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 28.119.25.117
sshd: 28.119.25.118

email-alerts¶

denyhosts is well integrated into logwatch but if you are into noise you may also send mails from denyhosts directly.

vim /etc/denyhosts.conf

############ DENYHOSTS REQUIRED SETTINGS ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/lock/subsys/denyhosts

############ DENYHOSTS OPTIONAL SETTINGS ############
ADMIN_EMAIL = support@techoism.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts 
SMTP_SUBJECT = DenyHosts Daily Report

############ DENYHOSTS OPTIONAL SETTINGS ############
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h

Service¶

systemctl start denyhosts
systemctl enable denyhosts

Remove banned IP¶

If you’ve ever blocked accidentally and want to remove that banned IP address. So first you need to stop the service.

systemctl stop denyhosts

To remove or delete banned IP address completely. You need to remove the IP address from the following files.

vim /etc/hosts.deny
vim /var/lib/denyhosts/hosts
vim /var/lib/denyhosts/hosts-restricted
vim /var/lib/denyhosts/hosts-root
vim /var/lib/denyhosts/hosts-valid
vim /var/lib/denyhosts/users-hosts

After removing the banned IP Address, start the service again.

systemctl start denyhosts

Dateien (0)

Von Jeremias Keihsler vor etwa 5 Jahren aktualisiert · 4 Revisionen

Projekt

Allgemein

Profil

DokuWiki » Infrastructure » Operating System » CentOS 7

Wiki