The DenyHosts in the Debian Repos worked fine, if you are not interested in SYNCing. If your not using syncing in Denyhosts, you might as well use Fail2ban, as it covers more services that just SSH.
The sync feature really sets Denyhosts apart from the rest of the pack. Because as soon as an IP is detected and banned on a server half-way around the world, it will will shortly be pre-emptively banned on your server as well. So you are protected by, as well as helping to protect others.
Here is what worked for me:
1 Installation
DenyHosts is written in Python, therefore we must install Python and also the Python development files first:apt-get install python2.6-dev python2.6
or you can probably get away with doing:
apt-get install python python-dev
I just happened to know that 2.6 was the latest in the repos anyways.
Then we download and install DenyHosts like this:
cd /tmp
wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz/download
tar xvfz DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
This installs DenyHosts to /usr/share/denyhosts.
2 Configuration
Now we have to create the DenyHosts configuration file /usr/share/denyhosts/denyhosts.cfg. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dist for this:cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg
Make sure you set SECURE_LOG and LOCK_FILE to the correct values for your distribution! For Debian, these are:
SECURE_LOG = /var/log/auth.log
LOCK_FILE = /var/run/denyhosts.pid
As we want to run DenyHosts as a daemon, we need the daemon control script /usr/share/denyhosts/daemon-control. Again, we can use the sample script /usr/share/denyhosts/daemon-control-dist to create the needed file:
cp daemon-control-dist daemon-control
Edit /usr/share/denyhosts/daemon-control and make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. For Debian, these are:
DENYHOSTS_BIN = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
Next we have to make that file executable:
chown root daemon-control
chmod 700 daemon-control
Afterwards, we create the system bootup links for DenyHosts do that it is started automatically when the system is booted:
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
Finally, we start DenyHosts:
/etc/init.d/denyhosts start
DenyHosts logs to /var/log/denyhosts, if you are interested in the logs. The SSH daemon logs to /var/log/auth.log on Debian. You can watch both logs and try to log in with an invalid user or with a valid user and incorrect password, etc. via SSH and see what happens.
Credits to: Falko Timme <ft [at] falkotimme [dot] com> for writing the original guide I drew most of this text from.
No comments:
Post a Comment