HOWTO Setup Deny Hosts

From Research
Revision as of 04:42, 16 April 2008 by Jjaythomas (talk | contribs)
Jump to navigation Jump to search

Purpose

Fail2ban, working in combination with Iptables, is a superior method of controlling hacking activities. However, our virtual servers cannot directly address hardware. As a work-around, denyhosts approximates the function of Fail2ban and Iptables.

Setup

  • If ssh is not compiled tcpd you will need to edit make.conf and recompile.
hostname ~ # emerge -pv net-misc/openssh
[ebuild   R ] net-misc/openssh-x.x  USE="tcpd"
  • There will be more USE flags listed in addition to tcpd but it is the only necessary flag for this setup.
hostname ~ # emerge -v denyhosts
[ebuild   N ] app-admin/denyhosts-x.x
  • Denyhosts can be run as a cron job, but our virtual servers run it as as service.
hostname ~ # rc-update add denyhosts default

Configure

  • There are several values to change in denyhosts.conf. Refer to the comments in this file for more information.
hostname ~ # vi /etc/denyhosts.conf

PURGE_DENY =2h

PURGE_THRESHOLD = 3

BLOCK_SERVICE = ALL

REM out BLOCK_SERVICE = sshd

DENY_THRESHOLD_ROOT = 4

SYSLOG_REPORT=YES

SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

SYNC_INTERVAL = 1h

SYNC_UPLOAD = yes

SYNC_DOWNLOAD = yes

SYNC_DOWNLOAD_THRESHOLD = 3

Turn It On

hostname ~ # /etc/init.d/denyhosts start