Nowdays is internet is worse and insecure than jungles , internet is full of spammers , hackers and crackers . if there is any security hole in your system , it wouldnt take long for them to get into your server . so make sure you have secured your box. use alpha numaric password with caps and small letter mixed . make sure you have created firewall rules . scan your system with NMAP to examine which port are open .
type . netstat -a to see active connection and port
ps aux to see which program is running .
finaly use denyhosts to secure your server .
in this tutorial i am going to explain how to install and configure denyhosts on linux .
DenyHosts is one of must have security tools for sever owner , alternative of fail2ban. it aslo intended to be run by Linux system administrators to help thwart ssh server attacks.
If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?
DenyHosts attempts to address the above... "
This tutorial is based on a CentOS system, however, it should apply to other distributions with almost no modifications.
I want to say first that this is not the only way of setting up such a system. There are many ways of achieving this goal but this is the way I take. I do not issue any guarantee that this will work for you!
i am using centos . using yum to install it from repo
yum install python python2.3-dev python2.3
Then we download and install DenyHosts like this:
cd /tmp
wget http://mesh.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.0.tar.gz
tar xvfz DenyHosts-2.0.tar.gz
cd DenyHosts-2.0
python setup.py install
This installs DenyHosts to /usr/share/denyhosts.
Now we have to create the DenyHosts configuration file /usr/share/denyhosts/denyhosts.cfg. We can use the sample configuration file /usr/share/denyhosts/denyhosts.cfg-dist for this:
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg
Then we must edit denyhosts.cfg with our favourite editor such as vi,
vi denyhosts.cfg
Make sure you set SECURE_LOG and LOCK_FILE to the correct values for your distribution. for my centos box
SECURE_LOG = /var/log/secure
LOCK_FILE = /var/run/denyhosts.pid
As we want to run DenyHosts as a daemon, we need the daemon control script /usr/share/denyhosts/daemon-control. Again, we can use the sample script /usr/share/denyhosts/daemon-control-dist to create the needed file:
cp daemon-control-dist daemon-control
Edit
vi /usr/share/denyhosts/daemon-control
make sure you set the correct values for DENYHOSTS_BIN, DENYHOSTS_LOCK, and DENYHOSTS_CFG. for my centos box its look like .
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
Next we have to make that file executable:
chown root daemon-control
chmod 700 daemon-control
Afterwards, we create the system bootup links for DenyHosts do that it is started automatically when the system is booted:
cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts
chkconfig denyhosts --addFinally, we start DenyHosts:
/etc/init.d/denyhosts start
DenyHosts logs to /var/log/denyhosts, if you are interested in the logs. The SSH daemon logs to /var/log/denyhosts on Centos. You can watch both logs and try to log in with an invalid user or with a valid user and incorrect password, etc. via SSH and see what happens. After you have crossed the threshold of incorrect login attempts, the IP address from which you tried to connect should get listed in /etc/hosts.deny,
You can specify if/when IP addresses are removed again from /etc/hosts.deny - have a look at the PURGE_DENY variable in /usr/share/denyhosts/denyhosts.cfg. You must start DenyHosts with the --purge option to make the PURGE_DENY variable effective, like this:
/etc/init.d/denyhosts start --purge
However, you can also remove IP addresses manually from there, and as soon as they have got removed, these IP addresses can try to log in again via SSH.
thats all
Links
within 20 mins of setup deny host , i have recieved following notification : ( AWESOME)
Added the following hosts to /etc/hosts.deny:
221.239.143.115 (unknown)
140.113.161.14 (www.ieo.NCTU.edu.tw)
221.252.88.84 (221x252x88x84.ap221.ftth.ucom.ne.jp)
61.140.128.197 (unknown)
76.85.229.5 (RDC-76-85-229-5.peakview.rr.com)
59.42.250.150 (unknown)
62.193.243.34 (unknown)
210.110.97.83 (unknown)
------------------------------
----------------------------------------
Added the following hosts to /etc/hosts.deny:
58.137.124.77 (unknown)
Copyright : www.mybanglaspace.com/durjoy [please do not copy or publish this blog without my permission]
Tags: Linux Hack Network Server Security IDS Intursion Detection System
HOT TAGS
