Thursday, November 24, 2011

Install DenyHosts


Install Denyhosts to prevent SSH dictionary attacks

Introduction:-
Brute force attacks or dictionary based attacks are common these days for servers. DenyHosts is an excellent python tool to prevent such attacks. It will detects failed attempts and prevent offending Host/IP for further connection by adding it to /etc/hosts.deny file.

DenyHosts is a tool that observes login attempts to SSH, and if it finds failed login attempts again and again from the same IP address, DenyHosts blocks further login attempts from that IP address by putting it into /etc/hosts.deny. DenyHosts can be run by cron or as a daemon.

1] DenyHosts is written in Python, therefore we must install Python and also the Python development files first
[root@server ~]# yum install python* -y

2] Download denyhosts from following link and paste it on your desktop
Denyhosts Download Link =
http://kaz.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

3] Run the python script and install denyhosts
[root@server ~]# cd /root/Desktop
[root@server Desktop]# tar -xvzf DenyHosts-2.6.tar.gz
[root@server Desktop]# ls
[root@server Desktop]# cd DenyHosts-2.6
[root@server DenyHosts-2.6]# python setup.py install
[root@server DenyHosts-2.6]# cd

[ Note = This installs denyhots to /usr/share/denyhosts ]

4] Create the denyhosts configuration file using sample configuration file
[root@server ~]# cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg

5] Edit file denyhosts.cfg as shown below
[root@server ~]# vim /usr/share/denyhosts/denyhosts.cfg
DENY_THRESHOLD_INVALID = 5   -->  DENY_THRESHOLD_INVALID = 3
DENY_THRESHOLD_VALID = 10     -->  DENY_THRESHOLD_VALID = 4
:wq

6]Create denyhosts daemon file using sample script
[root@server ~]# cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control


7] Edit daemon-control file and make sure you set the correct values for following options
[root@server ~]# vim /usr/share/denyhosts/daemon-control
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
:wq

8] Now make that file executable
[root@server ~]# chown root /usr/share/denyhosts/daemon-control
[root@rootuser ~]# chmod 700 /usr/share/denyhosts/daemon-control

9] Now create the system bootup links for denyhosts
[root@server ~]# cd /etc/init.d
[root@server init.d]# ln -s /usr/share/denyhosts/daemon-control denyhosts

10] Start denyhosts service
[root@server ~]# /etc/init.d/denyhosts start

[ Note = After you have crossed the threshold of incorrect login attempts, the IP address from which you tried to connect should get listed in /etc/hosts.deny. ]

No comments: