Head over to Sourceforge to download an RPM. Make sure that the major version of Python required for the RPM matches that installed on your system.
python --version
Now install the RPM:
rpm -ivH DenyHosts-2.6-python2.4.noarch.rpm
By default, the installation is placed in /usr/share/denyhosts. A few
steps are required before starting the daemon.
This is the main config file. A sample file is provided and is called
denyhosts.cfg-dist. Make a copy of this file and start editing it:
cp denyhosts.cfg-dist denyhosts.cfg
vim denyhosts.cfg
The file is beautifully self-explanatory, as are the FAQs. Any further explanation of the settings would be superfluous.
Like the config file, copy the daemon:
cp daemon-control-dist daemon-control
chown root daemon-control
chmod 700 daemon-control
No further configuration is necessary for the daemon if you're on RHEL.
A symlink is necessary within /etc/init.d
cd /etc/init.d/
ln -s /usr/share/denyhosts/daemon-control denyhosts
./denyhosts start
chkconfig --add denyhosts
chkconfig denyhosts on
The default WORK_DIR is /usr/share/denyhosts/data. An alternative is
/var/lib/denyhosts. An important consideration is the allowed-hosts
file, which lets you add an IP/range or domain as a 'trusted' source
which won't be banned (this can be fine-tuned in the denyhosts.cfg
file.) For example:
19.67.35.*
jhu.edu
If ever you need to do this, you will have to remove them from these files:
/etc/hosts.deny
/var/lib/denyhosts/hosts
/var/lib/denyhosts/hosts-restricted
/var/lib/denyhosts/hosts-root
/var/lib/denyhosts/hosts-valid
/var/lib/denyhosts/users-hosts
It is a good idea to add trusted hosts to the allowed-hosts file after
this and restart the service. You can also use this script:
#!/bin/bash
# denyhosts-remove.sh
#
# AUTHOR: Tommy Butler, email: $ echo YWNlQHRvbW15YnV0bGVyLm1lCg==|base64 -d
# VERSION: 1.0
#
# SUMMARY:
# Use this script to Remove an IP address ban that has been errantly blacklisted
# by denyhosts - the ubiquitous and unforgiving brute-force attack protection
# service so often used on Linux boxen.
#
# INSTALL:
# Usage: Put this script somewhere in your $PATH, and execute it as root or
# with sudo. Call it directly or with an IP address argument. Multiple IP
# address arguments are not supported. You'll need to `chmod +x` it first.
#
# LICENSE:
# GNU GPL 1.0
# Copyright 2011 Tommy Butler, All rights reserved
BASE_PATH="/var/lib/denyhosts";
IP=$1
if [[ "`/usr/bin/id -u`" != "0" ]]; then
echo "Run this script as root or with sudo or app can't run correctly. Aborted."
exit 1;
fi
cd $BASE_PATH
if [[ "`pwd`" != "$BASE_PATH" ]]; then
echo "Couldn't cd to $BASE_PATH. Abort."
exit 1;
fi
if [[ "$IP" == "" ]]; then
echo "Enter the IP address you want to un-ban"
read IP
fi
if [[ "$IP" == "" ]]; then
echo "No IP address given. Abort."
exit 1;
fi
/etc/init.d/denyhosts stop
/usr/bin/perl -pi -e "s/^.*?$IP.*\n//g" /etc/hosts.deny *
/etc/init.d/denyhosts start
exit $?While denyhosts is pretty good with regard to features, you can do a
basic 'bounce' with the IPT_RECENT module.
iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m state --state NEW -m recent --set --name SSH
iptables -A SSH_CHECK -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH
iptables -A SSH_CHECK -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 4 --name SSH -j DROP
Enough said :)