Centos Denyhosts a key installation configuration script

Centos Denyhostsinstallation configuration script
Oneclick install denyhosts script and configuration for common configurations. Place the Linux server is a brute
Because you cannot upload the tar file. ZIP compression instead.
Attachments zip compression Pack after decompression upload the entire folder to the server.
And then enter the denyhost folder
Give the script execute permissions.
chmod 700 denyhosts.sh
./ denyhosts.sh
The script content is:
denyhosts.sh
#!/bin/bash
# Copyright (c) 2015.6 Fenei
# BY: fly
# June 29, 2015, at 23 o’clock
# denyhosts auto install and configure shell
# VER. 1.1.0 – http://www.fenei.net
# Configure the automatically install denyhosts script
# June 29, 2015, at 23 o’clock
#
# This program is designed for Redhat, Centos systems produced by configuring Automatic Install denyhosts script.
# This procedure for networkspecific heap, add a default heap network IP to /usr/share/denyhosts/allowed-hosts file.
# Other persons if their telecommuting IP must be manually added to the /usr/share/denyhosts/allowed-hosts file.
# This script is open source, produced for the first time, if there are deficiencies, you can contact modified.
#
# Copyright (c) 2015.6 Fenei
# BY: fly
# June 29, 2015, at 23 o’clock
#
# Fenei@ Sinpul Network
# VER. 1.1.0 – http://www.fenei.net
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#=====================================================================
stty erase ^h
stty erase ^H
# Replaces the shell process reads the BACKSPACE to backspace command, otherwise it will output ^H!
chmod 700 denyhosts_removeip.sh
cp -a * /tmp
cd /tmp
tar zxf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control
chown root daemon-control
chmod 700 daemon-control
# Copy I have configured configuration file, default deny log on to login 5 times for 10 minutes.
cp /tmp/denyhosts.cfg .
cp -a /tmp/denyhosts_removeip.sh .
# Configure the denyhosts startup
echo “/usr/share/denyhosts/daemon-control start” >> /etc/rc.local
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig –add denyhosts
chkconfig –level 345 denyhosts on
# Add IP to remotely /etc/hosts.allow file.
echo “127.0.0.1” >> /usr/share/denyhosts/allowed-hosts
# You manage IP addresses here, add your address to the whitelist.
Echo your IP >>/usr/share/denyhosts/allowed-hosts
# Restart denyhosts service
service denyhosts restart
If unblocking IP after IP banned use scripts
denyhosts_removeip.sh
#!/bin/bash
HOST=$1
if [ -z “${HOST}” ]; then
echo “Usage:$0 IP”
exit 1
fi
/etc/init.d/denyhosts stop
echo ‘
/etc/hosts.deny
/usr/share/denyhosts/data/hosts
/usr/share/denyhosts/data/hosts-restricted
/usr/share/denyhosts/data/hosts-root
/usr/share/denyhosts/data/hosts-valid
/usr/share/denyhosts/data/users-hosts
‘ | grep -v “^$” | xargs sed -i “/${HOST}/d”
/etc/init.d/denyhosts start
I configured denyhosts.cfg file within the script
denyhosts.cfg
############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
#SSH log file
HOSTS_DENY = /etc/hosts.deny
# Write blocked IP to hosts.deny
PURGE_DENY = 10m
# Clear already after long forbidden, where w represents weeks, d represents days, h represents hours, s for seconds, m represents minutes
BLOCK_SERVICE = sshd
# Stop services
DENY_THRESHOLD_INVALID = 5
# Allows invalid users (not listed in/etc/passwd) logon failures, allowing the number of invalid login failed for user.
DENY_THRESHOLD_VALID = 5
# Allow normal users the number of logon failures
DENY_THRESHOLD_ROOT = 5
# Allow root to log the number of failed
DENY_THRESHOLD_RESTRICTED = 1
# Set deny host writes to the folder
WORK_DIR = /usr/share/denyhosts/data
# Deny host or IP record to Work_dir
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES
HOSTNAME_LOOKUP=YES
# Domain solution
LOCK_FILE = /var/lock/subsys/denyhosts
# The PID recorded LOCK_FILE launching DenyHOts, ensured that the service started correctly, prevent starting multiple services simultaneously.
ADMIN_EMAIL = denyhosts@163.com
############ THESE SETTINGS ARE OPTIONAL ############
# Set the administrator email address
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts
SMTP_SUBJECT = DenyHosts Report
ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES
# Allow-hosts white list file feature is enabled
AGE_RESET_VALID=1d
# Valid user login failure counts zero time
AGE_RESET_ROOT=1d
#Root user logon failure counts zero time
AGE_RESET_RESTRICTED=5d
# Reset user‘s failed login count to 0 (/usr/share/denyhosts/data/restricted-usernames)
AGE_RESET_INVALID=10d
# Invalid user login failure counts zero time
DAEMON_LOG = /var/log/denyhosts
# Your own log files
DAEMON_SLEEP = 30s
######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_PURGE = 5m
# The PURGE_DENY settings, and clear the hosts.deniedssh user time
After running successfully, suggesting that current brute IP automatically to the hosts.deny file
wKiom1WSRw-DlXNDAAEnQkaGkfg568.jpg
Content within the hosts.deny file, displays a list of blocked IP (I’m here to configure this file is empty after 10 minutes)
wKioL1WSSNHyKLgzAAJ9_2UXI_8996.jpg
/Var/log/denyhosts file record
wKioL1WSTXSBJSIBAAdAkAFY8pE323.jpg
/Var/log/secure file login record
wKioL1WSTXSzn9ukAAvJeVIb978207.jpg
Use
1
cat /var/log/secure | awk ‘/Failed/{print $(NF-3)}’| sort| uniq -c| awk ‘{print $2″=”$1;}’
View secure file failed login IP address statistics