Install Denyhosts

From TomSchaefer.org Wiki

Jump to: navigation, search

Install Denyhosts


You know that SSH server that you have? Well it is not as secure as you think. Why don't you go take a look in your logs. Scary isn't it? There are only so many ip addresses in the world (v4) and it doesn't take long to scan them all to find out who has a SSH server. Once your SSH server is found, it will, and I say will, be subjected to a dictionary attack. This how to will show you how to defend against hackers with deny hosts.


apt-get will take care of all the dependencies, so this is easy. 

 $ sudo apt-get update

 $ sudo apt-get install denyhosts

also upgrade your install 

 $ sudo apt-get -u upgrade

Now that denyhosts is installed we need to configure our installation. 

 $ cd /etc

 $ sudo nano denyhosts.conf


In the denyhosts.conf file you will find everything you need in order to configure your installation to your liking.

First you will see that the log is kept in /var/log/auth.log This is the file that will show you all activity concerning your entire Debian installation.

Next you will see the hosts.deny file is located in /etc/hosts.deny This is the file that has all of the banned ip addresses.

Further down you will see something about synchronization. This feature will allow you to sync with a database full of bad ip addresses. You are able to apply certain restrictions on this feature if used. I would suggest enabling this feature.

To do this you need to uncomment the line...
File:Denyho1.gif
by removing the # next to the second line shown above

Then just configure SYNC_INTERVAL, SYNC_UPLOAD, SYNC_DOWNLOAD, SYNC_DOWNLOAD_THRESHOLD, and SYNC_DOWNLOAD_RESILIENCY.

Make sure to configure the file to your liking.

Now save the configuration by pressing CTL+X followed by a Y and hit enter.

Now create the hosts.deny if it is not there already 

 $ sudo nano hosts.deny

We need to add content in order to save the file so just input a comment out symbol

File:Denyho2.gif

Save the file by pressing CTL+X followed by a Y and hit enter

Now we reboot 

 $ sudo reboot now

Congratulations, denyhosts is installed. You are now able to watch /var/log/auth.log for activity. Also check with /var/log/denyhosts to make sure denyhosts is synchronizing with the main database. look for "sync".

Now just incase, if an ip is being blocked and you do not want it blocked just add it to a file called /var/lib/denyhosts/allowed-hosts 

 $ cd /var/lib/denyhosts

 $ sudo nano allowed-hosts

NOTE: Some times denyhosts will leave out some files. Here are all the files that need to be in /var/lib/denyhosts

  • allowed-hosts
  • hosts
  • hosts-restricted
  • hosts-root
  • hosts-valid
  • offset
  • suspicious-logins
  • sync-received
  • sync-timestamp
  • users-hosts
  • users-invalid
  • users-valid

add your ip and save the file.

For more information about denyhosts go to the FAQ located at http://denyhosts.sourceforge.net/faq.html

Retrieved from "http://www.tomschaefer.org/wiki/index.php/Install_Denyhosts"
Personal tools