jump to navigation

Secure your Linux box using denyhosts autoban November 28, 2010

Posted by Tournas Dimitrios in Linux.

Here are some tips to make your Linux server safer from intruders. I have recently viewed my log files in linux and noticed a few hundreads failed logins from different hosts on my sshd service.
I wanted to secure it using iptables, but this reduced my mobility quite a lot. By denying packets from all hosts and accepting just from a few trusted ones, I ended up not being able to access my server from everywhere i want. So I started searching on the Internet for an alternative; and I found something called Deny Hosts, an open source project from Sourceforge. This python script is very useful, bringing many options that are an advantage in the fight against hackers.
It’s features include allowed and denied host list files that dynamically update by analyzing the attempts in service’s log files, e-mailing functions to notify you if something happens and a synchronization tool that gets all the hosts that were banned several times around the world and denies them on your server too.

Downloading the script :

To download the script, go to http://denyhosts.sourceforge.net/ or if you are using Fedore Core, try “yum install denyhosts”  (on my box , Epel is on the repo – list ) .

Configuring the script :

After installing it, you need to edit it’s configuration file. This is tipically found in /usr/share/doc/denyhosts-xx, where xx is your current version. Open the file denyhosts.cfg-dist located here with an editor and edit all fields you may need.
Here are the most important ones:
#The path to your authentication log file
SECURE_LOG = /var/log/secure
#The path to the hosts denied to access the services
HOSTS_DENY = /etc/hosts.deny
#The time that a host is kept as denied if no other attack happens (eg. 1w = one week)
#The desired services to be blocked for the denied hosts – you can set the service(s) name, ALL or blank for none
#Lookup the hostname of the denied IP
#Admin e-mail for sending triggered updates
ADMIN_EMAIL = root, you@yourdomain.comThis e-mail address is being protected from spam bots, you need JavaScript enabled to view it
#SMTP settings
SMTP_HOST = localhost
#Optional, just if you run send the mail using an external e-mail SMTP
#Daemon Log file
DAEMON_LOG = /var/log/denyhosts
#Daemon cycle time – period between new denied hosts check
After checking all variables, save the file as a new one, called denyhosts.cfg.

Running it :

Now you can start your python script in three ways:
– One-time run – denyhosts.py –file /var/log/secure
– Daemon run – denyhosts.py –daemon
– Run it using cron to do the task periodically
Be sure that your run the script from the directory that contains the configuration file.
Now the Deny Hosts is up and running and will ban the intruders for you. If running in daemon mode, check the /etc/hosts.deny and /var/log/denyhosts from time to time to see if it’s all ok. This is an example of hosts.deny output:
# DenyHosts: Thu Jun 21 05:25:31 2007 | vsftpd:
# DenyHosts: Thu Jun 21 05:25:31 2007 | vsftpd:
# DenyHosts: Thu Jun 21 05:25:31 2007 | vsftpd:
# DenyHosts: Thu Jun 21 06:19:21 2007 | sshd:


No comments yet — be the first.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s