Linux安装Denyhosts

DenyHosts是针对SSH服务器的一个基于日志的入侵预防安全工具,是用Python编写的。其通过监测身份验证登录日志中失败的登录尝试,屏蔽这些登录者的IP地址,从而预防对SSH服务器的暴力破解。

Centos7安装方法(适用Debian9待测试)

cd /usr/local/src 
wget -S "https://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz"
#备用下载地址: https://src.fedoraproject.org/lookaside/extras/denyhosts/DenyHosts-2.6.tar.gz/fc2365305a9402886a2b0173d1beb7df/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install  #python3 setup.py install
cd /usr/share/denyhosts
cp daemon-control-dist daemon-control
cp denyhosts.cfg-dist denyhosts.cfg
sed -i 's#DENY_THRESHOLD_INVALID = 5#DENY_THRESHOLD_INVALID = 10#' denyhosts.cfg
sed -i 's#DENY_THRESHOLD_VALID = 10#DENY_THRESHOLD_VALID = 10#' denyhosts.cfg
sed -i 's#DENY_THRESHOLD_ROOT = 1#DENY_THRESHOLD_ROOT = 10#' denyhosts.cfg
/usr/share/denyhosts/daemon-control start
echo "/usr/share/denyhosts/daemon-control start" >> /etc/rc.local

Denyhost工作原理

依赖系统 /var/log/secure* 这样的文件,软件启动后会读取这文件分析失败记录,如果符合 denyhosts.conf配置文件中配置的策略,就会把相应IP添加到黑名单中.

黑名单文件有两部分

  • /etc/hosts.deny
  • /usr/share/denyhosts/data/ 此目录下的文件

启动关闭服务命令

  • /usr/share/denyhosts/daemon-control start
  • /usr/share/denyhosts/daemon-control status
  • /usr/share/denyhosts/daemon-control stop

ubuntu18.04 apt安装denyhosts

sudo cat /dev/null > /var/log/auth.log
apt update
apt install denyhosts
systemctl  status denyhosts.service 
修改配置重启
sed -i 's#DENY_THRESHOLD_INVALID = 5#DENY_THRESHOLD_INVALID = 10#' /etc/denyhosts.conf
sed -i 's#DENY_THRESHOLD_VALID = 10#DENY_THRESHOLD_VALID = 10#' /etc/denyhosts.conf
sed -i 's#DENY_THRESHOLD_ROOT = 1#DENY_THRESHOLD_ROOT = 10#' /etc/denyhosts.conf
systemctl restart denyhosts.service

本文链接:目录"--EOF--