Skip to content

Month: April 2009

Denyhosts

Published by jweisber on 2009-04-15

A small daemon called Denyhosts has no been installed onto all astronet boxes as of April 15 2009. This will block IP addresses from remote access to linux services (sshd, nfs, samba, etc) after a remote host attempts, but fails, to connect after a certain number of times. This will go a long way to prevent our linux machines from brute force attacks where remote zombies try repeatedly to log in and guess our passwords.

It creates a log file at /var/log/denyhosts
It uses a configuration script at /etc/denyhosts.conf (#>service denyhosts restart if you want changes to take effect!)

I have made the directory /etc/secret/clientconfig/denyhosts to store install files and setup info. The .rpm in this directory which contains “fc3” in its filename is for RHEL4, whereas the .rpm with “fc6” in the filename is for RHEL5. The configuration script, which I copy to /etc/ after rpm installation, is also in this directory.

For more information, an excellent FAQ is maintained by the author at http://denyhosts.sourceforge.net/faq.html

People who are accidentally blocked must contact Bruce or I to be unbanned. If you have your username correct, you shouldn’t be banned until failing to enter your password correctly 10 times in succession.

-James

Note: In addition to the above, you must also edit /etc/hosts.allow and /etc/hosts.deny. Here’s a copy of both files on a properly configured system:
=========================================
hosts.allow:
=========================================

#
# hosts.allow This file describes the names of the hosts which are
# allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#

ALL: localhost.localdomain
#sshd: ALL
ALL: .carleton.edu

 

=========================================
hosts.deny:
=========================================

#
# hosts.deny This file describes the names of the hosts which are
# *not* allowed to use the local INET services, as decided
# by the '/usr/sbin/tcpd' server.
#
# The portmap line is redundant, but it is left to remind you that
# the new secure portmap uses hosts.deny and hosts.allow. In particular
# you should know that NFS uses portmap!

ALL EXCEPT sshd: ALL

# DenyHosts below this line