Selected from Linux Selected from PHP
- Ubuntu 17.10 Install google's mod pagespeed for apache - PHP-Ubuntu-Youtube-dl simple script for converting and downloading youtube video or mp3
- Ubuntu SSH tunnel via proxy - PHP while loop with every row with a different color
- Install GoAccess Apache Log Analyzer Tool on Ubuntu 17.10 - PHP use while loop in function
- SSHFS and map folder with a proxy - PHP List Files And Folders As links
- How to connect to SSH server with a proxy - PHP Extract Text From String
➥ How to install denyhosts on Ubuntu Linux 17.04 ( intrusion prevention security tool for SSH and more)
Added by sonik on 08-05-2017 and keywords: [ Print Article ]
DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is designed to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses using /etc/hosts.deny and sbin/iptables on Linux server. In this tutorial, you will learn how to install DenyHosts a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny file.

The tutorial is tested on Ubuntu 17.04 server installation.

1. First lets install the software:
$ sudo apt-get install denyhosts


2. Add your addresses to hosts.allow to ensure that they are not blocked.
sudo pico /etc/hosts.allow


Example of how to add more than one address:
[quote]
sshd: 212.22.112.113 , 10.20.133.3 , 192.168.0.1 , 127.0.0.1


3. Now lets configure the denyhosts configuration file:
$ sudo pico /etc/denyhosts.conf


Make sure SECURE_LOG set as follows:
SECURE_LOG = /var/log/auth.log

HOSTS_DENY set as follows:
HOSTS_DENY = /etc/hosts.deny

Block only sshd:
BLOCK_SERVICE = sshd

Deny threshold limit for login attempts:
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1

Block incoming connections using the Linux firewall IPTABLES:
IPTABLES = /sbin/iptables


4. ENABLE DenyHosts service:
$ sudo systemctl enable denyhosts.service

You will se something like this:
[quote]
Synchronizing state of denyhosts.service with SysV init with /lib/systemd/systemd-sysv-install...
Executing /lib/systemd/systemd-sysv-install enable denyhosts


5. Restart DenyHosts service:
sudo /etc/init.d/denyhosts restart


6. Some commands to check if all is working and to list addresses added to blocklist:
$ sudo grep 'something' /var/log/denyhosts
$ sudo tail -f /var/log/denyhosts
$ sudo cat /etc/hosts.deny
sudo iptables -L INPUT -n -v | grep DROP


Attention:
Please note that the DenyHosts is restricted to connections using IPv4. It does not work with IPv6 based IP address. Another option is to use the iptables command to see blocked IP address:

Enable centralized synchronization support?
The DenyHosts version 2.0 and above support centralized synchronization, so that repeat offenders are blocked from many computers. The site xmlrpc.denyhosts.net gathers statistics from computers running the software. Synchronization disabled by default. To enable synchronization, enter:
$ sudo pico /etc/denyhosts.conf

Then add:
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

And restart:
$ sudo /etc/init.d/denyhosts restart

@All rights reserved with Copyright Webleit.info 2018 by Sonik_Blast [ Site Map ] [ RSS ] [ YouTube Mp3 Downloader and converter ]