DenyHosts

References

Excerpt:
What is DenyHosts?
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). 

Install

ASSUMES Ubuntu/Debian
  • apt-get install denyhosts
  • Customize Configuration
    • replace /etc/denyhosts.conf with denyhosts.conf
      • change email address in SMTP_FROM =
    • Optionally add UW address white lists
  • service denyhosts restart

Script install

ASSUMES Ubuntu/Debian
Note: Change the email address to suite your system
#/bin/bash
#
# Install and configure denyhosts

# EMAIL is Point of contact From address
#    - it only helps to "encode" who is responsible for the machine in any reports to root
# denyhosts reports still goes to root
# Unless either of
#   1 - /etc/aliases forwards root
# - or -
#   2  /etc/denyhosts.conf "ADMIN_EMAIL =" is changed

# Otherwise
EMAIL=cs-rsg@cs.uwaterloo.ca

#install denyhosts
apt-get install denyhosts

ALLOWED=/var/lib/denyhosts/allowed-hosts
DENYCONF=/etc/denyhosts.conf
DENYTMP=/tmp/$$.denyhosts.conf
HOST=`hostname`

# Clean up old files
rm -f $DENYTMP $ALLOWED
wget -nH -nd https://www.cs.uwaterloo.ca/twiki/pub/CF/DenyHosts/allowed-hosts -O $ALLOWED
wget -nH -nd https://www.cs.uwaterloo.ca/twiki/pub/CF/DenyHosts/denyhosts.conf -O $DENYTMP

# Edit denyhosts.conf file to customize report to include the hostname in the report
cat $DENYTMP | \
sed -e "s/^SMTP_FROM.*$/SMTP_FROM = DenyHosts <$EMAIL>/" |
sed -e "s/^SMTP_SUBJECT.*$/SMTP_SUBJECT = $HOST DenyHosts Report/" >$DENYCONF

#Debug: list the changes
echo ===============================================
echo DenyHosts Changes to $HOST
egrep  '^SMTP_[FS]|^ADMIN_EMAIL' $DENYCONF
echo /etc/aliases root entry
grep "^root" /etc/aliases
echo ===============================================

rm -f $DENYTMP

#restart the service
service denyhosts restart

Administrative Batch install of Denyhosts from cscf.cs

ASSUMES Ubuntu/Debian TARGETS!!!
  • ssh cscf.cs
  • suw
  • cd /u1/magore/denyhosts
  • vi send_denyhosts - updating the LIST= line with your hosts and email contacts
  • ./send_denyhosts

Manual DenyHosts Redhat Install

   SECURE_LOG = /var/log/secure
   SMTP_FROM = DenyHosts <cs-rsg@cs.uwaterloo.ca>
   SMTP_SUBJECT = gamay-admin.cs DenyHosts Report
Topic attachments
I Attachment History Action Size Date Who Comment
Unknown file formatext allowed-hosts r1 manage 0.4 K 2011-12-12 - 16:52 MikeGore  
Unknown file formatconf denyhosts.conf r1 manage 20.4 K 2011-12-12 - 16:52 MikeGore  
Edit | Attach | Watch | Print version | History: r7 < r6 < r5 < r4 < r3 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r4 - 2011-12-13 - MikeGore
 
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2025 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback