DenyHosts on Ubuntu

From banana_wiki
Revision as of 00:53, 25 November 2014 by Bananafish (talk | contribs) (Created page with "Ubuntu seems to have removed DenyHosts after an exploit was revealed for it. Now it has been fixed but is no longer maintained. The tool works well to block the constant bomba...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Ubuntu seems to have removed DenyHosts after an exploit was revealed for it. Now it has been fixed but is no longer maintained. The tool works well to block the constant bombardment of ssh brute force attempts.

Install DenyHosts dependencies and then from source

sudo apt-get install python-dev python-setuptools -y
wget http://pub.bananafi.sh/src/DenyHosts-2.6.tar.gz
tar zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
sudo python setup.py install
sudo cp denyhosts.cfg-dist /etc/denyhosts.conf

Now open DenyHosts config and edit it:

sudo nano /etc/denyhosts.conf

And add the following:

# Debian:
SECURE_LOG = /var/log/auth.log

And comment out:

# Redhat or Fedora Core:
#SECURE_LOG = /var/log/secure

You should read through the rest of the config, there are a lot of settings to change if needed. By default DenyHosts leaves permanent entries in /etc/hosts.deny

Add this:

python /usr/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf

to /etc/rc.local before the exit 0 line