DenyHosts is a Python script that helps to protect your SSH server from brute-force attacks by monitoring log files and blocking IP addresses that exhibit malicious behavior. Here's how to install and configure DenyHosts on a Linux system:
1. Installation:
You can install DenyHosts using the package manager specific to your Linux distribution.
For example, on Ubuntu or Debian-based systems, you can use the following command:
bashCopy codesudo apt-get update sudo apt-get install denyhosts
On CentOS or Red Hat-based systems, you can use yum:
bashCopy codesudo yum install denyhosts
2. Configuration:
The main configuration file for DenyHosts is usually located at /etc/denyhosts.conf. Open this file with a text editor:
bashCopy codesudo nano /etc/denyhosts.conf
Here are some important configurations you might want to modify:
SECURE_LOG: Set the path to the secure log file. This is the file DenyHosts will monitor for unauthorized SSH login attempts.
HOSTS_DENY: Path to the file where DenyHosts will store IP addresses that are blocked.
BLOCK_SERVICE: The service to block if an IP address is found to be malicious. Typically, this is set to sshd.
DENY_THRESHOLD_INVALID: Number of invalid login attempts before an IP address is blocked.
DENY_THRESHOLD_VALID: Number of valid login attempts before an IP address is blocked.
DENY_THRESHOLD_ROOT: Number of root login attempts before an IP address is blocked.
WORK_DIR: Directory where DenyHosts stores its data.
ADMIN_EMAIL: Email address where notifications about blocked hosts are sent.
Make sure to save your changes after modifying the configuration.
3. Start DenyHosts:
After configuring DenyHosts, start the service:
bashCopy codesudo service denyhosts start
4. Monitor Logs:
DenyHosts will now monitor your system logs for unauthorized login attempts. You can view the blocked IP addresses in the HOSTS_DENY file (usually located at /etc/hosts.deny).
5. Customization:
DenyHosts allows customization through various configuration options. You can adjust thresholds, whitelist trusted IP addresses, and configure email notifications based on your specific needs.
6. Logs and Notifications:
DenyHosts keeps logs of its activities. You can check these logs to see which IP addresses were blocked and for what reasons. You can also set up email notifications to receive alerts about banned hosts and other activities.
we are happy to serve you
Let's start a project.
Remember to regularly review DenyHosts' logs and adjust configurations based on your server's security needs. Additionally, ensure that you understand the changes you are making to avoid accidentally blocking legitimate users or services.