Home PC Games Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Denyhosts prevent hackers using SSH scanning     - Linux operating system Samba server configuration and use (Server)

- Linux System Getting Started Learning: Statistical process a number of threads in Linux (Linux)

- Linux system performance tuning of Analysis (Linux)

- Redis Design and Implementation study notes (Database)

- Android View event delivery (Programming)

- Modify grub solve computer startup error: ERROR 17 (Linux)

- Let OpenCV face detection score output codes (Programming)

- Apache Tomcat integration and resin (Server)

- Ubuntu 15.10 under Python + Apache + CGI fully configured (Server)

- Linux prohibit non-WHEEL user su command Detail (Linux)

- DBCA Error: ORA-19809: limit exceeded for recovery files process (Database)

- How to customize your Linux desktop: Gnome 3 (Linux)

- Linux environment variable settings methods and differences (Linux)

- Nginx server security configuration (Server)

- CoreOS Linux introduces Kubernetes kubelet (Server)

- MongoDB start under Linux (Database)

- Android engineers interview questions (Programming)

- Magical Virtualbox under Ubuntu (Linux)

- CentOS 7.0 Automatic installation CD-ROM production Comments (Linux)

- How to install Visual Studio Code on Ubuntu (Linux)

 
         
  Denyhosts prevent hackers using SSH scanning
     
  Add Date : 2018-11-21      
         
         
         
  Environment: Ubuntu Server 12.04

denyhost is a script written by a python, the latest version is 2.6, you can achieve automatic for malicious ssh connection, then the malicious ip added to /etc/hosts.deny file inside the server in order to achieve security protection

Installation denyhost
# Apt-get install mailutils // install mail functionality to achieve when there are hacking when alarm to the administrator mailbox
# Apt-get install denyhosts // denyhost install software to achieve the anti-hacker scanning
View and configure denyhosts

root @ node2: ~ # cat /etc/denyhosts.conf | grep -v "^ $" | grep -v "^ #"

       ############ THESE SETTINGS ARE REQUIRED ############ // These settings are necessary
SECURE_LOG = /var/log/auth.log // specified sshd log file, which has built some log file location, you only need to open to open the way for removing the # sign.
HOSTS_DENY = /etc/hosts.deny // specified file can limit the IP address used here /etc/hosts.deny
PURGE_DENY = 5m // too long, remove the IP from inside /etc/hosts.deny
BLOCK_SERVICE = sshd // designated a protected service, here to protect the sshd
DENY_THRESHOLD_INVALID = 1 // invalid number of users allowed to fail, and in / etc / passwd there will be no users (not including root)
DENY_THRESHOLD_VALID = 2 // allowable number of normal user of failure in the / etc / passwd which some users (not including root)
DENY_THRESHOLD_ROOT = 1 // allow the number of failed root user
DENY_THRESHOLD_RESTRICTED = number allows the user to $ WORK_DIR / hosts-restricted which appeared failed // 1
WORK_DIR = / var / lib / denyhosts // you define the working directory
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES // If YES, all in $ WORK_DIR / IP address allowed-host when the plane will be considered suspicious, if set to NO, all results allowd-hosts attempted to land, and will not send a warning mail! All is not $ WORK_DIR / IP address allowed-host will send a warning when the plane!
HOSTNAME_LOOKUP = YES // whether or not to resolve IP addresses to host names, use the alarm when the host name.
Location LOCK_FILE = /run/denyhosts.pid // define PID file, make sure that only one process running Denyhost
       ############ THESE SETTINGS ARE OPTIONAL ############ // set here is optional
ADMIN_EMAIL = gm100861@gmail.com // When someone tries to log on to your server, or have IP blacklisted when sending mail to the mailbox specified here. Provided that, the machine must be able to send mail job!
SMTP_HOST = localhost // specified smtp server
SMTP_PORT = 25 // Specify the SMTP port number
SMTP_FROM = DenyHosts < nobody @ localhost> // specify the sender
SMTP_SUBJECT = DenyHosts Report // specify message subject
AGE_RESET_VALID = 5d // how long after the number of failed login user is set to 0, this means that in the / etc / passwd which defines the user, if not set, will never be set to 0
AGE_RESET_ROOT = 25d // how long after, the number of root user login failures set to zero, if not set, will never be set to 0
AGE_RESET_RESTRICTED = 25d // at $ WORK_DIR / hosts-restricted when the plane defined by the user, how long failure number counter is set to 0
AGE_RESET_INVALID = 10d // invalid user (not in the / etc / passwd users inside) failure number counter, how long is set to 0
RESET_ON_SUCCESS = yes // When an IP with a user login is successful, the IP number of failures corresponding user will be set to 0
  ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = / var / log / denyhosts // denyhost position when running in daemon mode, the log file is saved
  
DAEMON_SLEEP = 30s // Check SSHD logs every polling
DAEMON_PURGE = 1h // empty $ HOSTS_DENY how long the IP address, if PURGE_DENY is empty, this setting will be invalid
   ######### THESE SETTINGS ARE SPECIFIC TO ##########
   ######### DAEMON SYNCHRONIZATION ##########
Malicious login, another view /etc/hosts.deny file

 

root @ node2: ~ # cat /etc/hosts.deny
# /etc/hosts.deny: List of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access (5) and hosts_options (5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# Daemon name. Remember that you can only use the keyword "ALL" and IP
# Addresses (NOT host or domain names) for the portmapper, as well as for
# Rpc.mountd (the NFS mount daemon). See portmap (8) and rpc.mountd (8)
# For further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# Address.
#
# You may wish to enable this to ensure any programs that do not
# Validate looked up hostnames still leave understandable logs. In past
# Versions of Debian this has been the default.
# ALL: PARANOID
 
# DenyHosts: Mon Jul 16 16:46:46 2012 | sshd: 1.1.1.254
sshd: 1.1.1.254
     
         
         
         
  More:      
 
- DRBD rapid installation and deployment (Server)
- Learning and Practice (Linux)
- Linux system monitoring, top command of the diagnostic tool Detailed (Linux)
- Kubernetes Cluster Setup problems encountered and solutions (Server)
- Mhddfs: multiple smaller partitions into one large virtual storage (Linux)
- Transfer files to Windows and Linux (Linux)
- grep command Series: grep command to search for multiple words (Linux)
- LogStash log analysis display system (Linux)
- Batch download files using the explorer under Windows Server 2008 R2 (Server)
- Oracle RAC node on the expulsion of the inspection process on OEL6.3 (Database)
- The REVERSE function of DB2 (Database)
- Java eight new features 8 (Programming)
- The ORA-01113 error is handled with BBED without archiving (Database)
- Monitor log file (listener.log) (Database)
- Using DBMS_STAT function closes mission (Database)
- Postmodern systems programming language (Programming)
- How to install the NVIDIA 358.16 driver in Ubuntu 15.10,14.04 (Linux)
- How to Install Xombrero 1.6.4 (minimalist Web browser) on Ubuntu and Archlinux (Linux)
- About the replication of JavaScript (Programming)
- Ordinary users how the Linux system shutdown (Linux)
     
           
     
  CopyRight 2002-2022 newfreesoft.com, All Rights Reserved.