Install DenyHosts on a CentOS box

R

Rob

Guest
The world is full of bad people trying to get into your Linux server (type lastb as root to find out a little more.. it may take a while, but it'll give you a list of bad logins.. the usernames they tried, the ips they're coming from, etc..).

So - you need to catch and block these people, then let others know about it. While we're at it, we'll download a list of ips that others have found trying to log into their servers.. install DenyHosts (http://denyhosts.sourceforge.net/).

Code:
yum install denyhosts

If yum can't find it, install the epel repo:
Code:
rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Then use yum to install denyhosts as shown above..

After it's installed, add your ip address to /etc/hosts.allow so we don't get locked out
Code:
ALL: 209.xx.xx.xx
ALL: 209.xx.xx.xx
ALL: 72.xx.xx.xx
ALL: 71.xx.xx.xx

Edit the denyhosts.cfg located in /etc/denyhosts/ and configure it to your liking. Here are things that we've edited in the past:
Code:
ADMIN_EMAIL = [email protected], [email protected]
BLOCK_SERVICE = ALL
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
DENY_THRESHOLD_ROOT = 3

Edit the WORK_DIR/allowed-hosts file and add these lines:
(WORK_DIR is sometimes /var/lib/denyhosts/)
Code:
# Don't block office Fios or comcast lines
72.xx.xx.xx
71.xx.xx.xx
# Don't block nagios box
209.xx.xx.xx
# Don't block keyserver
209.xx.xx.xx

Ok, now configure it to run on startup:
Code:
chkconfig denyhosts on

Start denyhosts:
Code:
service denyhosts start
 


So does this block attempts from other people's servers as well? So like, a cloud service in a way?
 

Members online


Latest posts

Top