Page 1 of 3 123 LastLast
Results 1 to 10 of 32

Thread: HOWTO: Installing DenyHosts

Hybrid View

  1. #1
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    HOWTO: Installing DenyHosts (The Ubuntu Way)

    The denyhosts package is a great python script used to prevent brute force hacking of your SSH server. Full details are available at http://denyhosts.sf.net/.

    For those that wish to enable remote SSH access, the the best practices would be:

    1. Use RSA/DSA keys
    2. TCP Wrappers: Add any known remote host to /etc/hosts.allow and deny all other access in /etc/hosts.deny

    The main issue with the above is that:

    a) You can only access from a pre-determined host (/etc/hosts.allow)
    b) You need to have your private key installed on the remote machine (RSA/DSA)

    This guide is for those that require access from any remote machine, yet do not want to have their server constantly bombarded by brute force attacks.

    There are already a number of tutorials in these forums and various places on the 'net that address how to install and configure DenyHosts on various platforms, however, the difference between the Ubuntu package in the repositories and compiling yourself (or downloading a pre-complied .deb from somewhere) is that the Ubuntu package will create all of the required links and set the denyhosts script to run as a daemon automatically.

    This instructions are specifically for Feisty Fawn 7.04, although they should work in earlier versions.

    1. Install denyhosts from the repositories:
    Code:
    sudo apt-get install denyhosts
    2. Edit the denyhosts configuration file to suit your needs.

    The default file in the Ubuntu package has been pre-configured for Ubuntu/Debian systems, so most of the settings should be fine:
    Code:
    sudo nano /etc/denyhosts.conf
    For testing purposes, I set the PURGE_DENY value to 5 minutes, so that I can test to see if everything is working. If all is well, I purge the hosts.deny file and then I set it back to 5 days.
    Code:
           ############ THESE SETTINGS ARE REQUIRED ############
    
    ########################################################################
    #
    # SECURE_LOG: the log file that contains sshd logging info
    # if you are not sure, grep "sshd:" /var/log/*
    #
    # The file to process can be overridden with the --file command line
    # argument
    #
    # Redhat or Fedora Core:
    #SECURE_LOG = /var/log/secure
    #
    # Mandrake, FreeBSD or OpenBSD: 
    #SECURE_LOG = /var/log/auth.log
    #
    # SuSE:
    #SECURE_LOG = /var/log/messages
    #
    # Mac OS X (v10.4 or greater - 
    #   also refer to:   http://www.denyhosts.net/faq.html#macos
    #SECURE_LOG = /private/var/log/asl.log
    #
    # Mac OS X (v10.3 or earlier):
    #SECURE_LOG=/private/var/log/system.log
    #
    # Debian:
    SECURE_LOG = /var/log/auth.log
    ########################################################################
    
    ########################################################################
    #
    # HOSTS_DENY: the file which contains restricted host access information
    #
    # Most operating systems:
    HOSTS_DENY = /etc/hosts.deny
    #
    # Some BSD (FreeBSD) Unixes:
    #HOSTS_DENY = /etc/hosts.allow
    #
    # Another possibility (also see the next option):
    #HOSTS_DENY = /etc/hosts.evil
    #######################################################################
    
    
    ########################################################################
    #
    # PURGE_DENY: removed HOSTS_DENY entries that are older than this time
    #             when DenyHosts is invoked with the --purge flag
    #
    #      format is: i[dhwmy]
    #      Where 'i' is an integer (eg. 7) 
    #            'm' = minutes
    #            'h' = hours
    #            'd' = days
    #            'w' = weeks
    #            'y' = years
    #
    # never purge:
    PURGE_DENY = 
    #
    # purge entries older than 1 week
    #PURGE_DENY = 1w
    #
    # purge entries older than 5 days
    PURGE_DENY = 5d
    #######################################################################
    
    #######################################################################
    #
    # PURGE_THRESHOLD: defines the maximum times a host will be purged.  
    # Once this value has been exceeded then this host will not be purged. 
    # Setting this parameter to 0 (the default) disables this feature.
    #
    # default: a denied host can be purged/re-added indefinitely
    PURGE_THRESHOLD = 0
    #
    # a denied host will be purged at most 2 times. 
    #PURGE_THRESHOLD = 2 
    #
    #######################################################################
    
    
    #######################################################################
    #
    # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
    # 
    # man 5 hosts_access for details
    #
    # eg.   sshd: 127.0.0.1  # will block sshd logins from 127.0.0.1
    #
    # To block all services for the offending host:
    #BLOCK_SERVICE = ALL
    # To block only sshd:
    BLOCK_SERVICE  = sshd
    # To only record the offending host and nothing else (if using
    # an auxilary file to list the hosts).  Refer to: 
    # http://denyhosts.sourceforge.net/faq.html#aux
    #BLOCK_SERVICE =    
    #
    #######################################################################
    
    
    #######################################################################
    #
    # DENY_THRESHOLD_INVALID: block each host after the number of failed login 
    # attempts has exceeded this value.  This value applies to invalid
    # user login attempts (eg. non-existent user accounts)
    #
    DENY_THRESHOLD_INVALID = 5
    #
    #######################################################################
    
    #######################################################################
    #
    # DENY_THRESHOLD_VALID: block each host after the number of failed 
    # login attempts has exceeded this value.  This value applies to valid
    # user login attempts (eg. user accounts that exist in /etc/passwd) except
    # for the "root" user
    #
    DENY_THRESHOLD_VALID = 5
    #
    #######################################################################
    
    #######################################################################
    #
    # DENY_THRESHOLD_ROOT: block each host after the number of failed 
    # login attempts has exceeded this value.  This value applies to 
    # "root" user login attempts only.
    #
    DENY_THRESHOLD_ROOT = 1
    #
    #######################################################################
    
    
    #######################################################################
    #
    # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed 
    # login attempts has exceeded this value.  This value applies to 
    # usernames that appear in the WORK_DIR/restricted-usernames file only.
    #
    DENY_THRESHOLD_RESTRICTED = 1
    #
    #######################################################################
    
    
    #######################################################################
    #
    # WORK_DIR: the path that DenyHosts will use for writing data to
    # (it will be created if it does not already exist).  
    #
    # Note: it is recommended that you use an absolute pathname
    # for this value (eg. /home/foo/denyhosts/data)
    #
    WORK_DIR = /var/lib/denyhosts
    #
    #######################################################################
    
    #######################################################################
    #
    # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
    #
    # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
    # If set to YES, if a suspicious login attempt results from an allowed-host
    # then it is considered suspicious.  If this is NO, then suspicious logins 
    # from allowed-hosts will not be reported.  All suspicious logins from 
    # ip addresses that are not in allowed-hosts will always be reported.
    #
    SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
    ######################################################################
    
    ######################################################################
    #
    # HOSTNAME_LOOKUP
    #
    # HOSTNAME_LOOKUP=YES|NO
    # If set to YES, for each IP address that is reported by Denyhosts,
    # the corresponding hostname will be looked up and reported as well
    # (if available).
    #
    HOSTNAME_LOOKUP=YES
    #
    ######################################################################
    
    
    ######################################################################
    #
    # LOCK_FILE
    #
    # LOCK_FILE=/path/denyhosts
    # If this file exists when DenyHosts is run, then DenyHosts will exit
    # immediately.  Otherwise, this file will be created upon invocation
    # and deleted upon exit.  This ensures that only one instance is
    # running at a time.
    #
    # Redhat/Fedora:
    #LOCK_FILE = /var/lock/subsys/denyhosts
    #
    # Debian
    LOCK_FILE = /var/run/denyhosts.pid
    #
    # Misc
    #LOCK_FILE = /tmp/denyhosts.lock
    #
    ######################################################################
    
    
           ############ THESE SETTINGS ARE OPTIONAL ############
    
    
    #######################################################################
    #
    # ADMIN_EMAIL: if you would like to receive emails regarding newly
    # restricted hosts and suspicious logins, set this address to 
    # match your email address.  If you do not want to receive these reports
    # leave this field blank (or run with the --noemail option)
    #
    # Multiple email addresses can be delimited by a comma, eg:
    # ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com
    #
     ADMIN_EMAIL = you@yourdomain.com
    #
    #######################################################################
    
    #######################################################################
    #
    # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email 
    # reports (see ADMIN_EMAIL) then these settings specify the 
    # email server address (SMTP_HOST) and the server port (SMTP_PORT)
    # 
    #
     SMTP_HOST = mail.yourdomain.com
    SMTP_PORT = 25
    #
    #######################################################################
    
    #######################################################################
    # 
    # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your 
    # smtp email server requires authentication
    #
    SMTP_USERNAME=you@yourdomain.com
    SMTP_PASSWORD=your_password
    #
    ######################################################################
    
    #######################################################################
    #
    # SMTP_FROM: you can specify the "From:" address in messages sent
    # from DenyHosts when it reports thwarted abuse attempts
    #
    SMTP_FROM = DenyHosts <nobody@localhost>
    #
    #######################################################################
    
    #######################################################################
    #
    # SMTP_SUBJECT: you can specify the "Subject:" of messages sent
    # by DenyHosts when it reports thwarted abuse attempts
     SMTP_SUBJECT = Possible SSH Attack
    #
    ######################################################################
    
    ######################################################################
    #
    # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
    # when sending email messages.
    #
    # for possible values for this parameter refer to: man strftime
    #
    # the default:
    #
    #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
    #
    ######################################################################
    
    ######################################################################
    #
    # SYSLOG_REPORT
    #
    # SYSLOG_REPORT=YES|NO
    # If set to yes, when denied hosts are recorded the report data
    # will be sent to syslog (syslog must be present on your system).
    # The default is: NO
    #
    #SYSLOG_REPORT=NO
    #
    #SYSLOG_REPORT=YES
    #
    ######################################################################
    
    ######################################################################
    #
    # ALLOWED_HOSTS_HOSTNAME_LOOKUP
    #
    # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
    # If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
    # the hostname will be looked up.  If your versions of tcp_wrappers
    # and sshd sometimes log hostnames in addition to ip addresses
    # then you may wish to specify this option.
    # 
    #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
    #
    ######################################################################
    
    ###################################################################### 
    # 
    # AGE_RESET_VALID: Specifies the period of time between failed login
    # attempts that, when exceeded will result in the failed count for 
    # this host to be reset to 0.  This value applies to login attempts 
    # to all valid users (those within /etc/passwd) with the 
    # exception of root.  If not defined, this count will never
    # be reset.
    #
    # See the comments in the PURGE_DENY section (above) 
    # for details on specifying this value or for complete details 
    # refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
    #
    AGE_RESET_VALID=5m
    #
    ######################################################################
    
    ###################################################################### 
    # 
    # AGE_RESET_ROOT: Specifies the period of time between failed login
    # attempts that, when exceeded will result in the failed count for 
    # this host to be reset to 0.  This value applies to all login 
    # attempts to the "root" user account.  If not defined,
    # this count will never be reset.
    #
    # See the comments in the PURGE_DENY section (above) 
    # for details on specifying this value or for complete details 
    # refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
    #
    AGE_RESET_ROOT=25d
    #
    ######################################################################
    
    ###################################################################### 
    # 
    # AGE_RESET_RESTRICTED: Specifies the period of time between failed login
    # attempts that, when exceeded will result in the failed count for 
    # this host to be reset to 0.  This value applies to all login 
    # attempts to entries found in the WORK_DIR/restricted-usernames file.  
    # If not defined, the count will never be reset.
    #
    # See the comments in the PURGE_DENY section (above) 
    # for details on specifying this value or for complete details 
    # refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
    #
    AGE_RESET_RESTRICTED=25d
    #
    ######################################################################
    
    
    ###################################################################### 
    # 
    # AGE_RESET_INVALID: Specifies the period of time between failed login
    # attempts that, when exceeded will result in the failed count for 
    # this host to be reset to 0.  This value applies to login attempts 
    # made to any invalid username (those that do not appear 
    # in /etc/passwd).  If not defined, count will never be reset.
    #
    # See the comments in the PURGE_DENY section (above) 
    # for details on specifying this value or for complete details 
    # refer to:  http://denyhosts.sourceforge.net/faq.html#timespec
    #
    AGE_RESET_INVALID=10d
    #
    ######################################################################
    
    
    ######################################################################
    #
    # RESET_ON_SUCCESS: If this parameter is set to "yes" then the
    # failed count for the respective ip address will be reset to 0
    # if the login is successful.  
    #
    # The default is RESET_ON_SUCCESS = no
    #
    #RESET_ON_SUCCESS = yes
    #
    #####################################################################
    
    
    ######################################################################
    #
    # PLUGIN_DENY: If set, this value should point to an executable
    # program that will be invoked when a host is added to the
    # HOSTS_DENY file.  This executable will be passed the host
    # that will be added as its only argument.
    #
    #PLUGIN_DENY=/usr/bin/true
    #
    ######################################################################
    
    
    ######################################################################
    #
    # PLUGIN_PURGE: If set, this value should point to an executable
    # program that will be invoked when a host is removed from the
    # HOSTS_DENY file.  This executable will be passed the host
    # that is to be purged as its only argument.
    #
    #PLUGIN_PURGE=/usr/bin/true
    #
    ######################################################################
    
    ######################################################################
    #
    # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
    # a regular expression that can be used to identify additional
    # hackers for your particular ssh configuration.  This functionality
    # extends the built-in regular expressions that DenyHosts uses.
    # This parameter can be specified multiple times.
    # See this faq entry for more details:
    #    http://denyhosts.sf.net/faq.html#userdef_regex
    #
    #USERDEF_FAILED_ENTRY_REGEX=
    #
    #
    ######################################################################
    
    
    
    
       ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
    
    
    
    #######################################################################
    #
    # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
    # this is the logfile that DenyHosts uses to report its status.
    # To disable logging, leave blank.  (default is: /var/log/denyhosts)
    #
    DAEMON_LOG = /var/log/denyhosts
    #
    # disable logging:
    #DAEMON_LOG = 
    #
    ######################################################################
    
    #######################################################################
    # 
    # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode 
    # (--daemon flag) this specifies the timestamp format of 
    # the DAEMON_LOG messages (default is the ISO8061 format:
    # ie. 2005-07-22 10:38:01,745)
    #
    # for possible values for this parameter refer to: man strftime
    #
    # Jan 1 13:05:59   
    #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
    #
    # Jan 1 01:05:59 
    #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
    #
    ###################################################################### 
    
    #######################################################################
    # 
    # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode 
    # (--daemon flag) this specifies the message format of each logged
    # entry.  By default the following format is used:
    #
    # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
    #
    # Where the "%(asctime)s" portion is expanded to the format
    # defined by DAEMON_LOG_TIME_FORMAT
    #
    # This string is passed to python's logging.Formatter contstuctor.
    # For details on the possible format types please refer to:
    # http://docs.python.org/lib/node357.html
    #
    # This is the default:
    #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
    #
    #
    ###################################################################### 
    
     
    #######################################################################
    #
    # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
    # this is the amount of time DenyHosts will sleep between polling
    # the SECURE_LOG.  See the comments in the PURGE_DENY section (above)
    # for details on specifying this value or for complete details
    # refer to:    http://denyhosts.sourceforge.net/faq.html#timespec
    # 
    #
    DAEMON_SLEEP = 30s
    #
    #######################################################################
    
    #######################################################################
    #
    # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
    # run the purge mechanism to expire old entries in HOSTS_DENY
    # This has no effect if PURGE_DENY is blank.
    #
    DAEMON_PURGE = 1h
    #
    #######################################################################
    
    
       #########   THESE SETTINGS ARE SPECIFIC TO     ##########
       #########       DAEMON SYNCHRONIZATION         ##########
    
    
    #######################################################################
    #
    # Synchronization mode allows the DenyHosts daemon the ability
    # to periodically send and receive denied host data such that 
    # DenyHosts daemons worldwide can automatically inform one
    # another regarding banned hosts.   This mode is disabled by
    # default, you must uncomment SYNC_SERVER to enable this mode.
    #
    # for more information, please refer to: 
    #        http:/denyhosts.sourceforge.net/faq.html#sync 
    #
    #######################################################################
    
    
    #######################################################################
    #
    # SYNC_SERVER: The central server that communicates with DenyHost
    # daemons.  Currently, denyhosts.net is the only available server
    # however, in the future, it may be possible for organizations to
    # install their own server for internal network synchronization
    #
    # To disable synchronization (the default), do nothing. 
    #
    # To enable synchronization, you must uncomment the following line:
    #SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
    #
    #######################################################################
    
    #######################################################################
    #
    # SYNC_INTERVAL: the interval of time to perform synchronizations if
    # SYNC_SERVER has been uncommented.  The default is 1 hour.
    # 
    #SYNC_INTERVAL = 1h
    #
    #######################################################################
    
    
    #######################################################################
    #
    # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
    # been denied?  This option only applies if SYNC_SERVER has
    # been uncommented.
    # The default is SYNC_UPLOAD = yes
    #
    #SYNC_UPLOAD = no
    #SYNC_UPLOAD = yes
    #
    #######################################################################
    
    
    #######################################################################
    #
    # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
    # been denied by others?  This option only applies if SYNC_SERVER has
    # been uncommented.
    # The default is SYNC_DOWNLOAD = yes
    #
    #SYNC_DOWNLOAD = no
    #SYNC_DOWNLOAD = yes
    #
    #
    #
    #######################################################################
    
    #######################################################################
    #
    # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
    # filters the returned hosts to those that have been blocked this many
    # times by others.  That is, if set to 1, then if a single DenyHosts
    # server has denied an ip address then you will receive the denied host.
    # 
    # See also SYNC_DOWNLOAD_RESILIENCY
    #
    #SYNC_DOWNLOAD_THRESHOLD = 10
    #
    # The default is SYNC_DOWNLOAD_THRESHOLD = 3 
    #
    #SYNC_DOWNLOAD_THRESHOLD = 3
    #
    #######################################################################
    
    #######################################################################
    #
    # SYNC_DOWNLOAD_RESILIENCY:  If SYNC_DOWNLOAD is enabled then the
    # value specified for this option limits the downloaded data
    # to this resiliency period or greater.
    #
    # Resiliency is defined as the timespan between a hackers first known 
    # attack and its most recent attack.  Example:
    # 
    # If the centralized   denyhosts.net server records an attack at 2 PM 
    # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h 
    # will not download this ip address.
    #
    # However, if the attacker is recorded again at 6:15 PM then the 
    # ip address will be downloaded by your DenyHosts instance.  
    #
    # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD 
    # and only hosts that satisfy both values will be downloaded.  
    # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1 
    #
    # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
    #
    # Only obtain hackers that have been at it for 2 days or more:
    #SYNC_DOWNLOAD_RESILIENCY = 2d
    #
    # Only obtain hackers that have been at it for 5 hours or more:
    #SYNC_DOWNLOAD_RESILIENCY = 5h
    #
    #######################################################################
    3. Create hosts.allow and hosts.deny:

    Note: This step was not necessary in earlier versions of Ubuntu (6.10 & 6.06).

    In Feisty Fawn 7.04, there appears to be a bug where the hosts.allow and hosts.deny files are missing. Create them by typing the 2 commands below:
    Code:
    sudo touch /etc/hosts.deny 
    Code:
    sudo touch /etc/hosts.allow
    4. Starting & Stopping the denyhosts daemon manually:

    To start denyhosts:
    Code:
    sudo /etc/init.d/denyhosts start
    To stop denyhosts:
    Code:
    sudo /etc/init.d/denyhosts stop
    Background: The denyhosts script resides in /etc/init.d/:
    Code:
    dbott@feisty:/etc/init.d$ ls -all denyhosts 
    -rwxr-xr-x 1 root root 1948 2006-12-12 11:35 denyhosts
    and there is a link in the /etc/rc.3 directory that starts the script automatically at boot-time:
    Code:
    dbott@feisty:/etc/rc3.d$ ls -all S20denyhosts 
    lrwxrwxrwx 1 root root 19 2007-05-21 16:28 S20denyhosts -> ../init.d/denyhosts
    5. Purging hosts from /etc/hosts.deny:

    If there are valid hosts that end up being blocked (i.e. during testing or forgotten password, etc.), you can purge any entries in the /etc/hosts.deny file by running the denyhosts script with the --purge option. The hosts must be older than the value set in PURGE_DENY, so you may want to lower the value temporarily in order to purge the valid host (i.e. to purge entries older than 1 minute, set PURGE_DENY = 1m in the /etc/denyhosts.conf file):

    a. Stop the DenyHosts service:
    Code:
    dbott@feisty:~$ sudo /etc/init.d/denyhosts stop
     * Stopping DenyHosts denyhosts                                     [ OK ]
    b. Purge Hosts:
    Code:
    dbott@feisty:~$ sudo denyhosts --purge
    c. Restart the DenyHosts service:
    Code:
    dbott@feisty:~$ sudo /etc/init.d/denyhosts start
     * Starting DenyHosts denyhosts                                      [ OK ]
    While testing, you may want to open 2 terminal windows, one that watches the auth.log file and the other that watches the hosts.deny file:

    Code:
    dbott@feisty:/etc/rc3.d$ tail -f -s3 /var/log/auth.log
    May 21 17:31:24 feisty sudo:    dbott : TTY=pts/0 ; PWD=/home/dbott ; USER=root ; COMMAND=/etc/init.d/denyhosts start
    May 21 17:36:44 feisty sudo:    dbott : TTY=pts/0 ; PWD=/home/dbott ; USER=root ; COMMAND=/etc/init.d/denyhosts stop
    May 21 17:36:51 feisty sudo:    dbott : TTY=pts/0 ; PWD=/home/dbott ; USER=root ; COMMAND=/usr/sbin/denyhosts --purge
    May 21 17:36:56 feisty sudo:    dbott : TTY=pts/0 ; PWD=/home/dbott ; USER=root ; COMMAND=/etc/init.d/denyhosts start
    May 21 18:17:01 feisty CRON[7806]: (pam_unix) session opened for user root by (uid=0)
    May 21 18:17:01 feisty CRON[7806]: (pam_unix) session closed for user root
    Code:
    dbott@feisty:/etc/rc3.d$ tail -f -s3 /etc/hosts.deny
    -Dave
    Last edited by dbott67; June 10th, 2007 at 01:20 PM. Reason: Minor edits for clarification

  2. #2
    Join Date
    Jan 2006
    Beans
    182
    Distro
    Ubuntu Karmic Koala (testing)

    Re: HOWTO: Installing DenyHosts

    d
    Last edited by DigitalDuality; July 6th, 2009 at 08:18 PM.

  3. #3
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Installing DenyHosts

    I'm not sure if it is available for Breezy. Make sure you have the "Backports" enabled in the repos:

    http://ubuntuguide.org/wiki/Ubuntu#H...a_repositories

    If it's not available in the Breezy Repos, then you may have to download the Debian .deb and follow the instructions on this page:

    http://denyhosts.sourceforge.net/faq.html#1_15
    Is DenyHosts available as a Debian package?

    Thanks to Marco Bertorello, DenyHosts is now available as a Debian package. Falko Timme has written a "How To" document on How to setup DenyHosts on Debian
    -Dave

  4. #4
    Join Date
    Feb 2007
    Location
    chicago, IL
    Beans
    5
    Distro
    Xubuntu 7.10 Gutsy Gibbon

    Re: HOWTO: Installing DenyHosts

    awesome mon... been looking for something to do this for quite a while now.... messed around w/ sshblack and a few others but couldn't get them to work (call it lack of time) ... this came straight out of the repos, installed like a champ.. and has blocked 3 dictionary attacks thusfar... nice setup tutorial

  5. #5
    Join Date
    Feb 2007
    Location
    Little Rock, AR
    Beans
    372
    Distro
    Ubuntu 10.10 Maverick Meerkat

    Re: HOWTO: Installing DenyHosts

    In case anyone else is getting the not found error that I got, you have to have Universe enabled in Feisty.
    Last edited by silverglade00; July 3rd, 2007 at 02:02 AM.
    - Silverglade00

  6. #6
    Join Date
    Feb 2006
    Beans
    Hidden!

    Re: HOWTO: Installing DenyHosts

    Nice Howto! Two questions actually:

    1. How effective is DenyHosts when your machine is behind a router? I mean, doesn't the router have some sort of firewall function, that renders Denyhosts useless?

    2. I tried compiling Denyhosts from source, as well as using the *.deb files from the suggested sites, but to no avail... I run Ubuntu 6.06 Dapper-Server edition, with the following repositories enabled:

    deb http://archive.ubuntu.com/ubuntu/ dapper universe multiverse
    deb-src http://archive.ubuntu.com/ubuntu/ dapper universe multivers
    Last edited by Pentagonees; August 8th, 2007 at 04:53 PM. Reason: typo

  7. #7
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Installing DenyHosts

    Quote Originally Posted by Pentagonees View Post
    Nice Howto! Two questions actually:

    1. How effective is DenyHosts when your machine is behind a router? I mean, doesn't the router have some sort of firewall function, that renders Denyhosts useless?
    If you do not permit outside SSH access through your router (for example, you create a port-forward rule on the router that permits external traffic on port 22 to reach your Ubuntu computer), then Denyhosts is not needed. Your router will protect all computers against unsolicited inbound attacks.

    But if you wish to allow external access via SSH, Denyhosts will protect against the bruteforce, dictionary-style attacks.

    Quote Originally Posted by Pentagonees View Post
    2. I tried compiling Denyhosts from source, as well as using the *.deb files from the suggested sites, but to no avail... I run Ubuntu 6.06 Dapper-Server edition, with the following repositories enabled:

    deb http://archive.ubuntu.com/ubuntu/ dapper universe multiverse
    deb-src http://archive.ubuntu.com/ubuntu/ dapper universe multivers
    What seems to be the problem? What happens when you install the .debs using apt-get or Synaptic? Any error messages?

    -Dave

  8. #8
    Join Date
    Feb 2006
    Beans
    Hidden!

    Re: HOWTO: Installing DenyHosts

    Well, apt-get won't work, since there is no candidate for Denyhosts in 6.06 (I guess...).

    When I try to install the .deb files from the suggested website, it seems to work out, right up to the point where I install the Denyhost package itself (after "sudo dpkg -i denyhosts-something.deb" it seems to start, but then spits out a bunch of errors).

    Compiling from source seemed to have worked, but I couldn't get it to start at boottime.

    Then there's the other thing with the two machines that can access (my desktop and my laptop) the server are directly added to the hosts.deny file (with the entry sshd: 192.168.x.xxx), once I try to login. Luckily I had those two IP-addressess mentioned in the hosts.allow file, otherwise I wouldn't have been able to log in.

  9. #9
    Join Date
    Mar 2005
    Location
    Canada
    Beans
    1,595

    Re: HOWTO: Installing DenyHosts

    Quote Originally Posted by Pentagonees View Post
    Well, apt-get won't work, since there is no candidate for Denyhosts in 6.06 (I guess...).
    Yes. It appears that there isn't a backport of Denyhosts available for Dapper or Breezy. A search for "Denyhosts" in the packages returns this result.


    Quote Originally Posted by Pentagonees View Post
    When I try to install the .deb files from the suggested website, it seems to work out, right up to the point where I install the Denyhost package itself (after "sudo dpkg -i denyhosts-something.deb" it seems to start, but then spits out a bunch of errors).
    It may be dependency issues. Can you post any of the errors?

    Quote Originally Posted by Pentagonees View Post
    Compiling from source seemed to have worked, but I couldn't get it to start at boottime.

    Try starting the script manually:
    Code:
    sudo /etc/init.d/denyhosts start
    If this works, you will need to create a link in /etc/rc.3/ to the script in /etc/init.d/ (see the background section in step #4 above).

    Quote Originally Posted by Pentagonees View Post
    Then there's the other thing with the two machines that can access (my desktop and my laptop) the server are directly added to the hosts.deny file (with the entry sshd: 192.168.x.xxx), once I try to login. Luckily I had those two IP-addressess mentioned in the hosts.allow file, otherwise I wouldn't have been able to log in.
    Step #5 above should help with purging any entries. Be sure to set the PURGE_DENY value to something fairly low to allow the IP addresses to be purged.

    -Dave

  10. #10
    Join Date
    Feb 2006
    Beans
    Hidden!

    Re: HOWTO: Installing DenyHosts

    I'll give it a go, as soon as I'm home tonight. I'll let you know if it works. Thanks for the help so far!

Page 1 of 3 123 LastLast

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •