Brute force attacks or dictionary based attacks are common these days for servers. DenyHosts is an excellent python tool to prevent such attacks. It will detects failed attempts and prevent offending Host/IP for further connection by adding it to /etc/hosts.deny file.
Here are steps to install and configure DenyHosts for your server. These steps are applicable for Red Hat based distros (ie RHEL, CentOS, Fedora) and needs minor changes for other distros. You can copy paste the commands.
Step 1. Detect which version of Python is installed on your server:
# python -V
Step 2. You will see python version 2.3.x (for CentOS 4.x) or 2.4.x (,CentOS 5.x, Fedora etc). Download the relevant rpm from sourceforge or source tarball, I have download it by using this direct link.
Step 3. Install the rpm:
# rpm -ivh DenyHosts-2.6-python2.3.noarch.rpm
or compile and install from tarball, you have it:
# tar xzf DenyHosts-2.6.tar.gz # cd DenyHosts-2.6 # python setup.py install
Step 4. make a copy of default configuration file:
# cd /usr/share/denyhosts/ # cp denyhosts.cfg-dist denyhosts.cfg
Step 5. Edit the configuration file to suit your needs:
# vi denyhosts.cfg
Step 6. You can run DenyHosts by cron or as Daemon. preferred way is to run it as daemon. To run it as daemon, make a copy of its default daemon script
# cp daemon-control-dist daemon-control
Step 7. Set proper permissions for daemon script:
# chown root daemon-control # chmod 700 daemon-control
Step 8. Start it:
# ./daemon-control start
Step 9. Make it run on startup:
# cd /etc/init.d # ln -s /usr/share/denyhosts/daemon-control denyhosts # chkconfig -–add denyhosts
Step 10. You can view its log and also view the hosts.deny file to find out how many hosts are denied:
# tail /var/log/denyhosts # cat /etc/hosts.deny
One other way to prevent such attacks is to use tcpwrappers and allow services (ssh) from specific IP Addresses only.
More related and helpful articles:
* 5 steps to secure your Linux Server
* Ensuring secure access to production Linux Servers
* Bash script to backup essential log files in Linux
* Quickly change your ssh port from defualt 22 to something higher
* SSH port forwarding from remote to local machine
* Save root or user history to check later