What is DenyHosts?

"DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above.."

http://denyhosts.sourceforge.net/

fs> tar xvzf DenyHosts-2.6.tar.gz
fs> cd DenyHosts-2.6
fs> python setup.py install
fs> cp -R DenyHosts /usr/share/denyhosts
fs> ln -s /usr/share/denyhosts/DenyHosts /usr/bin/DenyHosts
fs> cd /usr/share/denyhosts
fs> cp denyhosts.cfg-dist denyhosts.cfg
fs> cp daemon-control-dist daemon-control
fs> chown root daemon-control
fs> chmod 700 daemon-control

# Debian:
SECURE_LOG = /var/log/messages

# Another possibility (also see the next option):
HOSTS_DENY = /etc/hosts.evil

# http://denyhosts.sourceforge.net/faq.html#aux
BLOCK_SERVICE =   

# Debian
LOCK_FILE = /var/run/denyhosts.pid

# To enable synchronization, you must uncomment the following line:
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

# The default is SYNC_UPLOAD = yes
#
SYNC_UPLOAD = no

# The default is SYNC_DOWNLOAD = yes
#
#SYNC_DOWNLOAD = no
SYNC_DOWNLOAD = yes

62.193.233.132
80.24.4.23
210.15.200.92
81.138.41.99
193.231.3.97
201.0.145.106
168.167.229.166
24.232.77.40
213.251.154.165

fs> cp -R DenyHosts /usr/share/denyhosts
fs> ln -s /usr/share/denyhosts/DenyHosts /usr/bin/DenyHosts

이 저작물은 크리에이티브 커먼즈 코리아 저작자표시-비영리-변경금지 2.0 대한민국 라이센스에 따라 이용하실 수 있습니다.

(0) (0)