Hi everyone,
I was browsing thru the forums and I noticed there was no howto explaining how to setup DenyHosts on ubuntu. I looked around and found a guide on howtoforge.com.
This guide is heavily based on the one at howtoforge. I installed and configured the script on my freshly installed dapper without problems so nothing should be left out in this guide.
I would like to thank Falko Timme for his excellent howto.
update: It seems that DenyHosts is now available in the repositories for Edgy and Feisty. (Thanks Jussi Kukkonen)
So, what is denyhost? Here is the description from the website:
The latest version of denyhost is 2.5 and needs python 2.4 to run:DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?
DenyHosts attempts to address the above... and more
Then, we download DenyHosts from sourceforge:Code:sudo apt-get install python2.4
Extract it to your working directory:Code:wget http://prdownloads.sourceforge.net/denyhosts/DenyHosts-2.5.tar.gz?use_mirror=easynews
And install it :Code:tar xvzf DenyHosts-2.5.tar.gz
Now we need to configure it to work with our ubuntu install :Code:cd DenyHosts-2.5 sudo python setup.py install
copy the sample configuration file:Code:cd /usr/share/denyhosts
Some variables need to be set up before we can start denyhosts:Code:sudo cp denyhosts.cfg-dist denyhosts.cfg
Code:sudo nano denyhosts.cfgAnd I use:Code:SECURE_LOG = /var/log/auth.log LOCK_FILE = /var/run/denyhosts.pid
(if someone tries to bruteforce my ssh, I don’t see why I should let him connect to my other services, you can do what you want here)Code:BLOCK_SERVICE = ALL
There are options to get notifications by mail when a host is added to the deny.host file. You can do it if you want but be prepared to receive a lot of mail from the daemon. First time I set it up, I had some hosts banned after just a couple of minutes!
After that, we ne to setup the startup script for the daemon:
Here are the variables you need to change:Code:sudo cp daemon-control-dist daemon-control sudo nano daemon-control
Then we secure the file and make it executable:Code:DENYHOSTS_BIN = "/usr/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/run/denyhosts.pid" DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
And finally, we make the script run at startup and we start the daemon:Code:sudo chown root daemon-control sudo chmod 700 daemon-control
For added security, I would also recommend denying root logins by editing the sshd_config file:Code:cd /etc/init.d sudo ln -s /usr/share/denyhosts/daemon-control denyhosts sudo /etc/init.d/denyhosts start update-rc.d denyhosts start 89 2 3 4 5 . stop 88 0 1 6 .
I hope this guide helps you secure your box from uninvited guests.Code:sudo nano /etc/ssh/sshd_config PermitRootLogin no
Feel free to tell me If you have any comments or if you see some typos.
Adv Reply
Bookmarks