Install and configure DenyHost
Brute force attacks or dictionary based attacks are common these days for servers. DenyHosts is an excellent python tool to prevent such attacks. It will detects failed attempts and prevent offending Host/IP for further connection by adding it to /etc/hosts.deny.
Here are steps to install and configure DenyHosts for your server. These steps are applicable for Red Hat based distros (ie RHEL, CentOS, Fedora) and needs minor changes for other distros. You can copy paste the commands.
Step 1. Detect which version of Python is installed on your server:
# python -V
Step 2. You will see python version 2.3.x (for CentOS 4.x) or 2.4.x (Fedora etc). Download the relevant rpm from sourceforge (http://sourceforge.net/project/showfiles.php?group_id=131204).
Step 3. Install the rpm:
# rpm -ivh DenyHosts-2.6-python2.3.noarch.rpm
Step 4. make a copy of default configuration file:
# cd /usr/share/denyhosts/
# cp denyhosts.cfg-dist denyhosts.cfg
Step 5. Edit the configuration file to suit your needs:
# vi denyhosts.cfg
Step 6. You can run DenyHosts by cron or as Daemon. preferred way is to run it as daemon. To run it as daemon, make a copy of its default daemon script
# cp daemon-control-dist daemon-control
Step 7. Set proper permissions for daemon script:
# chown root daemon-control
# chmod 700 daemon-control
Step 8. Start it:
# ./daemon-control start
Step 9. Make it run on startup:
# cd /etc/init.d
# ln -s /usr/share/denyhosts/daemon-control denyhosts
# chkconfig –add denyhosts
Step 10. You can view its log and also view the hosts.deny file to find out how many hosts are denied:
# tail /var/log/denyhosts
# cat /etc/hosts.deny
One other way to prevent such attacks is to use tcpwrappers and allow services (ssh) from specific IP Addresses only.
Thanks for this nice tutorial. I have spotted a small error:
chkconfig –add denyhosts
instead of
chkconfig –add denyhosts
double dash instead of hyphen. Must be the blog editor
Cheers