Cloud Developer's Technology Encounters


by polfilm on January 21, 2015

If you’re getting bombarded with brute force login attempts. Below will install DenyHosts as a daemon that will with default settings scan your /var/log/secure for failed login attempts. It is initially set to 5 failed attempts and then IP ends up in the hosts.deny file. You should get a good long look a the .cfg file to understand full capabilities. (For example running against Apache logs for web attacks)

tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python install
cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control
cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
service denyhosts start 
tail -f /etc/hosts.deny /var/log/secure

Comments are closed.