Installing DenyHosts on Centos 6.5, Plesk 11.5

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It prevents brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.

Add the EPEL repository if it is not already installed.

# wget http://dl.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# sudo rpm -Uvh epel-release-6*.rpm

and then simply install denyhosts from EPEL repository by using following command.

# yum install denyhosts

Before starting DenyHosts, configure a white list of IPs which DenyHosts should never block.
DenyHosts uses TCP Wrappers. edit /etc/hosts.allow and add IPs or entire subnets

sshd: 123.234.246.566
sshd: 192.168.0.0/255.255.255.0

Start DenyHosts

# service denyhosts start

Configure the OS to start DenyHosts at every boot

# chkconfig denyhosts on

IPs to white list should be added to /etc/hosts.allow.
IPs that DenyHosts blocks will be added to /etc/hosts.deny.
DenyHosts logs everything that it does to /var/log/denyhosts.
The DenyHosts configuration file is /etc/denyhosts.conf.
DenyHosts watches /var/log/secure for SSH login attempts.
Host IP can be added or removed from /etc/hosts.deny to block or unblock access.
Go through the DenyHosts configuration file (/etc/denyhosts.conf) and configure it to your liking. do not forget to restart DenyHosts after changes in this file.

# service denyhosts restart

Leave a Reply

Your email address will not be published. Required fields are marked *


two − 1 =