Install DenyHosts on a CentOS box

Discussion in 'Linux Security' started by Rob, Nov 9, 2011.

  1. Rob

    Rob Administrator Staff Member

    Messages:
    573
    Likes Received:
    187
    Trophy Points:
    43
    The world is full of bad people trying to get into your Linux server (type lastb as root to find out a little more.. it may take a while, but it'll give you a list of bad logins.. the usernames they tried, the ips they're coming from, etc..).

    So - you need to catch and block these people, then let others know about it. While we're at it, we'll download a list of ips that others have found trying to log into their servers.. install DenyHosts (http://denyhosts.sourceforge.net/).

    Code:
    yum install denyhosts
    If yum can't find it, install the epel repo:
    Code:
    rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm
    Then use yum to install denyhosts as shown above..


    After it's installed, add your ip address to /etc/hosts.allow so we don't get locked out
    Code:
    ALL: 209.xx.xx.xx
    ALL: 209.xx.xx.xx
    ALL: 72.xx.xx.xx
    ALL: 71.xx.xx.xx
    
    Edit the denyhosts.cfg located in /etc/denyhosts/ and configure it to your liking. Here are things that we've edited in the past:
    Code:
    ADMIN_EMAIL = hosting@iqnection.com, rkennedy@iqnection.com
    BLOCK_SERVICE = ALL
    SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
    SYNC_INTERVAL = 1h
    SYNC_UPLOAD = yes
    SYNC_DOWNLOAD = yes
    DENY_THRESHOLD_ROOT = 3
    
    Edit the WORK_DIR/allowed-hosts file and add these lines:
    (WORK_DIR is sometimes /var/lib/denyhosts/)
    Code:
    # Don't block office Fios or comcast lines
    72.xx.xx.xx
    71.xx.xx.xx
    # Don't block nagios box
    209.xx.xx.xx
    # Don't block keyserver
    209.xx.xx.xx
    
    Ok, now configure it to run on startup:
    Code:
    chkconfig denyhosts on
    Start denyhosts:
    Code:
    service denyhosts start
  2. red

    red New Member

    Messages:
    21
    Likes Received:
    0
    Trophy Points:
    0
    This is great, thanks!
  3. MustangV10

    MustangV10 New Member

    Messages:
    87
    Likes Received:
    3
    Trophy Points:
    0
    So does this block attempts from other people's servers as well? So like, a cloud service in a way?

Share This Page