Hi everyone,
I was browsing thru the forums and I noticed there was no howto explaining how to setup DenyHosts on ubuntu. I looked around and found a guide on howtoforge.com.
This guide is heavily based on the one at howtoforge. I installed and configured the script on my freshly installed dapper without problems so nothing should be left out in this guide.
I would like to thank Falko Timme for his excellent howto.
update: It seems that DenyHosts is now available in the repositories for Edgy and Feisty. (Thanks Jussi Kukkonen)
So, what is denyhost? Here is the description from the website:
DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?
DenyHosts attempts to address the above... and more
The latest version of denyhost is 2.5 and needs python 2.4 to run:
Code:
sudo apt-get install python2.4
Then, we download DenyHosts from sourceforge:
Code:
wget http://prdownloads.sourceforge.net/denyhosts/DenyHosts-2.5.tar.gz?use_mirror=easynews
Extract it to your working directory:
Code:
tar xvzf DenyHosts-2.5.tar.gz
And install it :
Code:
cd DenyHosts-2.5
sudo python setup.py install
Now we need to configure it to work with our ubuntu install :
Code:
cd /usr/share/denyhosts
copy the sample configuration file:
Code:
sudo cp denyhosts.cfg-dist denyhosts.cfg
Some variables need to be set up before we can start denyhosts:
Code:
sudo nano denyhosts.cfg
Code:
SECURE_LOG = /var/log/auth.log
LOCK_FILE = /var/run/denyhosts.pid
And I use:
Code:
BLOCK_SERVICE = ALL
(if someone tries to bruteforce my ssh, I don’t see why I should let him connect to my other services, you can do what you want here)
There are options to get notifications by mail when a host is added to the deny.host file. You can do it if you want but be prepared to receive a lot of mail from the daemon. First time I set it up, I had some hosts banned after just a couple of minutes!
After that, we ne to setup the startup script for the daemon:
Code:
sudo cp daemon-control-dist daemon-control
sudo nano daemon-control
Here are the variables you need to change:
Code:
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
Then we secure the file and make it executable:
Code:
sudo chown root daemon-control
sudo chmod 700 daemon-control
And finally, we make the script run at startup and we start the daemon:
Code:
cd /etc/init.d
sudo ln -s /usr/share/denyhosts/daemon-control denyhosts
sudo /etc/init.d/denyhosts start
update-rc.d denyhosts start 89 2 3 4 5 . stop 88 0 1 6 .
For added security, I would also recommend denying root logins by editing the sshd_config file:
Code:
sudo nano /etc/ssh/sshd_config
PermitRootLogin no
I hope this guide helps you secure your box from uninvited guests.
Feel free to tell me If you have any comments or if you see some typos.
Bookmarks