Installing DenyHosts on CentOS 6

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host. DenyHosts uses TCP Wrappers and not iptables.

Install DenyHosts

First, add the EPEL repository. Then simply install the package from the EPEL repository:

# yum install denyhosts

Configure DenyHosts

Before starting DenyHosts, configure a white list of IPs that DenyHosts should never block. Again, DenyHosts uses TCP Wrappers. Hence, edit /etc/hosts.allow and add IPs, entire subnets, etc. For example,

sshd: 12.34.56.78
sshd: 192.168.0.0/255.255.255.0

Start DenyHosts

# service denyhosts start

Configure the system to start DenyHosts at boot:

# chkconfig denyhosts on

Basic things to be aware of:

  • IPs to white list should be added to /etc/hosts.allow.
  • IPs that DenyHosts blocks will be added to /etc/hosts.deny.
  • The DenyHosts configuration file is /etc/denyhosts.conf.
  • DenyHosts logs everything that it does to /var/log/denyhosts.
  • DenyHosts watches /var/log/secure for SSH login attempts.
  • If a host is ever added to the block list by mistake, just remove it from /etc/hosts.deny. You can also manually add hosts you want to block.

Go through the DenyHosts configuration file (/etc/denyhosts.conf) and tune it to your liking. Be sure to restart DenyHosts (service denyhosts restart) if you change anything.

My System Configuration

  • CentOS 6.5 x86 64-bit
  • DenyHosts 2.6

References

Leave a Reply

Your email address will not be published. Required fields are marked *

*