Step # 1: Make Sure Python is installed
First, make sure python is installed under Debian / Ubuntu Linux:
# dpkg --list
grep python2
Find out version (DenyHosts requires 2.3 or above version)
$ python -V
Output:
Python 2.5.1
Step # 2: Download DenyHosts
Visit official project home page to grab latest source code or packages. Use apt-get command under Debian / Ubuntu Linux, enter
$ sudo apt-get install denyhosts
DenyHosts configuration - /etc/denyhosts.conf
1. The default configuration file is /etc/denyhosts.conf.
2. You also need to create / update a whitelist in /etc/hosts.allow. For example, if you have static IP assigned by ISP, enter in this file. You can add all the important hosts that you never want blocked.
Step # 1: Setup a whitelist
Open /etc/hosts.allow:
# vi /etc/hosts.allow
Allow sshd from 202.54.1.2 i.e. you never want to block yourself
sshd: 202.54.1.2
Save and close the file. Verify and examines your tcp wrapper configuration file and reports all potential and real problems:
# tcpdchk -v
Step # 1: Configure DenyHosts
Open default configuration file - /etc/denyhosts.conf, enter:
# vi /etc/denyhosts.conf
Setup your email ID so you would receive emails regarding newly restricted hosts and suspicious logins, set this address to match your email address.
ADMIN_EMAIL = vivek@nixcraft.com
Save and close the file. Here is my own sample configuration file for Debian Linux 4.0 server (config file is documented very well, just open and read it):
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY =
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
WORK_DIR = /var/lib/denyhosts
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES
LOCK_FILE = /var/run/denyhosts.pid
############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = vivek@nixcraft.com
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
Restart the daemon:
# /etc/init.d/denyhosts restart
First of all, references to WORK_DIR point to /var/lib/denyhosts/ or something similar on your system.
The default location for the hosts.deny file is /etc/hosts.deny.
Here's the method I used to unblock an IP:
Stop DenyHosts
/etc/init.d/denyhosts stop
Remove the IP address from hosts.deny
Remove all lines containing the IP address from the following files:
WORK_DIR/hosts
WORK_DIR/hosts-restricted
WORK_DIR/hosts-root
WORK_DIR/hosts-valid
WORK_DIR/users-hosts
Consider adding the IP address to WORK_DIR/allowed-hosts
Start DenyHosts
ไม่มีความคิดเห็น:
แสดงความคิดเห็น