Home

Install DenyHosts to Thwart Dictionary and Brute Force Attacks

Submitted by Vince on Fri, 2007-09-14 10:26.
Tags:

DenyHosts is a fantastic application that just works. It was written in Python by Phil Schwartz, and his website is http://denyhosts.sourceforge.net. DenyHosts basically observes the auth.log or secure log file (depending on your Linux distro) and if a certain number of attempts are made, the application puts the IP address of the offender in /etc/hosts.deny file, and then refuses the connection from that point forward. The default setting for attempts is 10 and can be changed in the denyhosts.cfg file.

There are several ways this can be installed. But first, ensure that you have Python installed (at least version 2.3). Next, we'll break things down between RedHat/Fedora, Debian (and its variants), and manual installation.

  1. RedHat/Fedora

    2. All you'll need to do is perform the following:

       yum install denyhosts

    DenyHosts should already be setup for automation in the run-levels. If not, just do the following (denyhosts has to exist in /etc/init.d):

       cd /etc/init.d
   chkconfig --add denyhosts

  2. Debian and Variants

    3. Debian is just as easy to install.

       apt-get install denyhosts

    Again, DenyHosts should already be setup for automation in the run-levels. If not, just do the following (denyhosts has to exist in /etc/init.d):

       cd /etc/init.d
   update-rc.d denyhosts defaults

  3. Manual Installation

    4. Here are the complete steps to setup DenyHosts (I'm assuming v2.6 here). It is much more complicated, but straightforward. If you're still having problems, just read the README.txt file that comes with the source.

    • Login as root
    • wget http://superb-east.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
    • tar xvzf DenyHosts-2.6.tar.gz
    • cd DenyHosts-2.6
    • cd src
    • python ./setup.py install
    • cd /etc/init.d
    • mv daemon-control denyhosts
    • chmod 700 denyhosts (if not already set)
    • For RedHat/Fedora, type 'chkconfig --add denyhosts'
    • For Debian and Variants, type 'update-rc.d denyhosts defaults'
    • vi denyhosts
    • Ensure this line is pointing to the correct location --> DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" <-- depending on your distribution.
    • Save the file.
    • cd /usr/share/denyhosts
    • cp denyhosts.cfg-dist denyhosts.cfg
    • vi denyhosts.cfg
    • Ensure SECURE_LOG points to the correct log file that contains login information from ssh.
    • Ensure LOCK_FILE points to the correct location for lock files (depends on your distribution of Linux).
    • Save the file.
    • cd /etc/init.d
    • ./denyhosts start

The denyhosts.cfg can be configured to suit your needs. The file itself is well documented for each of the options.

If you liked this, please donate a byte or two.