Wednesday, December 31, 2008

Securing System with DenyHost package

Denyhost is a package which is exellent for blocking brute forc ssh attacks.
It is also easy to install and manage.

Installation


apt-get install denyhosts


Configuration:

Default configuration are pretty good but you can tune the basic.

/etc/denyhosts.conf

It reads the logs and add those IPs which try to break in /etc/hosts.deny

You can add your IP/valid IP or with your domain.
/etc/hosts.allow

sshd: yourdomain.com 192.168.0.1

Start/stop service


/etc/init.d/denyhosts stop

/etc/init.d/denyhosts start

Purging denyhost


denyhosts --purge

The /etc/rc3.d contains the denyhost which start on run time.