DenyHosts on Ubuntu

From banana_wiki
Jump to: navigation, search

Ubuntu seems to have removed DenyHosts after an exploit was revealed for it. Now it has been fixed but is no longer maintained. The tool works well to block the constant bombardment of ssh brute force attempts.

Install DenyHosts dependencies and then from source

sudo apt-get install python-dev python-setuptools -y
tar zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
sudo python install
sudo cp denyhosts.cfg-dist /etc/denyhosts.conf

Now open DenyHosts config and edit it:

sudo nano /etc/denyhosts.conf

And add the following:

# Debian:
SECURE_LOG = /var/log/auth.log

And comment out:

# Redhat or Fedora Core:
#SECURE_LOG = /var/log/secure

You should read through the rest of the config, there are a lot of settings to change if needed. By default DenyHosts leaves permanent entries in /etc/hosts.deny

Add this:

python /usr/bin/ --daemon --config=/etc/denyhosts.conf

to /etc/rc.local before the exit 0 line