Home IT Linux Windows Database Network Programming Server Mobile  
           
  Home \ Linux \ Denyhosts prevent hackers using SSH scanning     - SteamOS installation under Ubuntu 14.04 (Linux)

- MySQL display operation control tips (Database)

- Apache site default home page settings (Server)

- Linux operating system security tools of the Logs (Linux)

- Linux system security settings (Linux)

- Oracle 11g RMAN cross-platform transfer table space (Database)

- shell script: the number of characters in the text to print no more than 6 words (Programming)

- Through eight skills to let you become a super Linux end-user (Linux)

- After installation of Debian 6.0 do a few things first (Linux)

- Php and MySQL command add to the environment variable method in Linux system (Linux)

- Linux command line to put on your coat GUI (Linux)

- Tree Traversals Again (Programming)

- The istgt PSD on ported to Mac OS X (Linux)

- Java in the inverter and covariance (Programming)

- Installed FFmpeg 2.6.3 on Ubuntu / Debian / Fedora system (Linux)

- extundelete: the Linux-based open source data recovery tools (Linux)

- Execute command sentence can result in equipment permanently bricked in Linux laptop (Linux)

- Linux system security mechanisms to share (Linux)

- Using DBMS_STAT function closes mission (Database)

- Linux boot process (Linux)

 
         
  Denyhosts prevent hackers using SSH scanning
     
  Add Date : 2018-11-21      
         
       
         
  Environment: Ubuntu Server 12.04

denyhost is a script written by a python, the latest version is 2.6, you can achieve automatic for malicious ssh connection, then the malicious ip added to /etc/hosts.deny file inside the server in order to achieve security protection

Installation denyhost
# Apt-get install mailutils // install mail functionality to achieve when there are hacking when alarm to the administrator mailbox
# Apt-get install denyhosts // denyhost install software to achieve the anti-hacker scanning
View and configure denyhosts

root @ node2: ~ # cat /etc/denyhosts.conf | grep -v "^ $" | grep -v "^ #"

       ############ THESE SETTINGS ARE REQUIRED ############ // These settings are necessary
SECURE_LOG = /var/log/auth.log // specified sshd log file, which has built some log file location, you only need to open to open the way for removing the # sign.
HOSTS_DENY = /etc/hosts.deny // specified file can limit the IP address used here /etc/hosts.deny
PURGE_DENY = 5m // too long, remove the IP from inside /etc/hosts.deny
BLOCK_SERVICE = sshd // designated a protected service, here to protect the sshd
DENY_THRESHOLD_INVALID = 1 // invalid number of users allowed to fail, and in / etc / passwd there will be no users (not including root)
DENY_THRESHOLD_VALID = 2 // allowable number of normal user of failure in the / etc / passwd which some users (not including root)
DENY_THRESHOLD_ROOT = 1 // allow the number of failed root user
DENY_THRESHOLD_RESTRICTED = number allows the user to $ WORK_DIR / hosts-restricted which appeared failed // 1
WORK_DIR = / var / lib / denyhosts // you define the working directory
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS = YES // If YES, all in $ WORK_DIR / IP address allowed-host when the plane will be considered suspicious, if set to NO, all results allowd-hosts attempted to land, and will not send a warning mail! All is not $ WORK_DIR / IP address allowed-host will send a warning when the plane!
HOSTNAME_LOOKUP = YES // whether or not to resolve IP addresses to host names, use the alarm when the host name.
Location LOCK_FILE = /run/denyhosts.pid // define PID file, make sure that only one process running Denyhost
       ############ THESE SETTINGS ARE OPTIONAL ############ // set here is optional
ADMIN_EMAIL = gm100861@gmail.com // When someone tries to log on to your server, or have IP blacklisted when sending mail to the mailbox specified here. Provided that, the machine must be able to send mail job!
SMTP_HOST = localhost // specified smtp server
SMTP_PORT = 25 // Specify the SMTP port number
SMTP_FROM = DenyHosts < nobody @ localhost> // specify the sender
SMTP_SUBJECT = DenyHosts Report // specify message subject
AGE_RESET_VALID = 5d // how long after the number of failed login user is set to 0, this means that in the / etc / passwd which defines the user, if not set, will never be set to 0
AGE_RESET_ROOT = 25d // how long after, the number of root user login failures set to zero, if not set, will never be set to 0
AGE_RESET_RESTRICTED = 25d // at $ WORK_DIR / hosts-restricted when the plane defined by the user, how long failure number counter is set to 0
AGE_RESET_INVALID = 10d // invalid user (not in the / etc / passwd users inside) failure number counter, how long is set to 0
RESET_ON_SUCCESS = yes // When an IP with a user login is successful, the IP number of failures corresponding user will be set to 0
  ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE ##########
DAEMON_LOG = / var / log / denyhosts // denyhost position when running in daemon mode, the log file is saved
  
DAEMON_SLEEP = 30s // Check SSHD logs every polling
DAEMON_PURGE = 1h // empty $ HOSTS_DENY how long the IP address, if PURGE_DENY is empty, this setting will be invalid
   ######### THESE SETTINGS ARE SPECIFIC TO ##########
   ######### DAEMON SYNCHRONIZATION ##########
Malicious login, another view /etc/hosts.deny file

 

root @ node2: ~ # cat /etc/hosts.deny
# /etc/hosts.deny: List of hosts that are _not_ allowed to access the system.
# See the manual pages hosts_access (5) and hosts_options (5).
#
# Example: ALL: some.host.name, .some.domain
# ALL EXCEPT in.fingerd: other.host.name, .other.domain
#
# If you're going to protect the portmapper use the name "portmap" for the
# Daemon name. Remember that you can only use the keyword "ALL" and IP
# Addresses (NOT host or domain names) for the portmapper, as well as for
# Rpc.mountd (the NFS mount daemon). See portmap (8) and rpc.mountd (8)
# For further information.
#
# The PARANOID wildcard matches any host whose name does not match its
# Address.
#
# You may wish to enable this to ensure any programs that do not
# Validate looked up hostnames still leave understandable logs. In past
# Versions of Debian this has been the default.
# ALL: PARANOID
 
# DenyHosts: Mon Jul 16 16:46:46 2012 | sshd: 1.1.1.254
sshd: 1.1.1.254
     
         
       
         
  More:      
 
- Windows 7 hard disk to install Ubuntu 15.04 (Linux)
- Ubuntu How to mount iso file (Linux)
- To compile and install MySQL 5.7.7 RC under CentOS 7.1 (Database)
- Linux command Detailed chpasswd bulk edit user password (Linux)
- Linux installation skynet issue summary (Linux)
- The wrong in Linux: too many open files (Linux)
- Android determine the device network connection status, and determine the connection (Programming)
- How to track performance issues when using the Unity Game Development Android (Programming)
- Ubuntu simple method to track multiple time zones (Linux)
- Tmux Crash Course: Tips and adjustment (Linux)
- JVM garbage collector and memory allocation strategy (Programming)
- CentOS 7.0 running Docker kernel error solution (Server)
- Four Methods of Self - Learning Linux (Linux)
- Role Object of registerNatives () method (Programming)
- Those functions under Linux you do not know the df command (Linux)
- To update Python version under CentOS system (Linux)
- Install apr support for Tomcat on Linux (Server)
- Linux modify environment variables method (Linux)
- Spring WebSocket Comments (Programming)
- Install the system cleaning software under Linux: BleachBit 1.4 (Linux)
     
           
     
  CopyRight 2002-2016 newfreesoft.com, All Rights Reserved.