Centos – use ssh denyhosts to prevent attacks

Nothing in http://Dag.Wieers.com/home-made/apt/packages.php today to see a software denyhosts, just to solve this problem.

To install a package in order to use yum directly taking on the Dag:

wget http://ftp.belnet.be/packages/dr … 2.2.el4.rf.i386.rpm

rpm -ivh rpmforge-release-0.2-2.2.el4.rf.i386.rpm

So you can use yum to install denyhosts:

yum install denyhosts

Then set:

cp /usr/share/doc/denyhosts-2.2/daemon-control-dist /etc/init.d/denyhosts

cp /usr/share/doc/denyhosts-2.2/denyhosts.cfg-dist /etc/denyhosts.cfg

vi /etc/init.d/denyhosts

Change the value of the DENYHOSTS_CFG parameter to “/etc/denyhosts.cfg”

Additional services:

chkconfig –add denyhosts
chkconfig –level 2345 denyhosts on

Then modify the configuration files:

vi /etc/denyhosts.cfg

SECURE_LOG = /var/log/secure
#SSH log file, which is judged according to this document.

HOSTS_DENY = /etc/hosts.deny
# Control log files

PURGE_DENY = 5m
# Clear already after long banning

BLOCK_SERVICE = sshd
Services prohibited by # name

DENY_THRESHOLD_INVALID = 1
# Allowed number of failed invalid user

DENY_THRESHOLD_VALID = 10
# Allow normal users the number of login failures

DENY_THRESHOLD_ROOT = 5
# Number of failed root login allowed

HOSTNAME_LOOKUP=NO
# Domain solution

ADMIN_EMAIL = hui@ffccc.com
# Administrator email address, it will send the administrator an email

DAEMON_LOG = /var/log/denyhosts
# Your own log files

Then start it:

service denyhost start

Look in/etc/hosts.deny if banned IP, have already succeeded.