denyhosts (by damian)

What is Denyhosts

* http://denyhosts.sourceforge.net/

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you've ever looked at your ssh log (Ubuntu /var/log/auth.log) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above...

Conclusion

It's a good idea to have denyhosts whenever/wherever a SSH server is listening for connections...

Installation

sudo apt-get install denyhosts
sudo vim /etc/denyhosts

•  denyhosts sync fix (for synchronisation only):

sudo date +%s > /var/lib/denyhosts/sync-timestamp
sudo chmod 666 /var/lib/denyhosts/sync-timestamp
sudo vim /usr/share/denyhosts/DenyHosts/sync.py

• change /usr/share/denyhosts/DenyHosts/sync.py (around line 55) from:

fp = open(os.path.join(self.__work_dir,
SYNC_TIMESTAMP), "a")

to

fp = open(os.path.join(self.__work_dir,
SYNC_TIMESTAMP), "w")

• restart denyhosts:

sudo /etc/init.d/denyhosts restart

Reportig
There is a PLUGIN_DENY script (/root/scripts/report-denied-host) that collects data of blocked hosts in a central mysql database on silo.ethz.ch, which can be shown in a webgui:

• * [http://silo.ethz.ch/denyhosts denyhosts reporting]