Using denyhosts to protect your server

Because the network segments of the server are fixed, hackers will scan the network segments crazily and crack the passwords violently, which will not only harm our server, but also cause severe server-side resources due to excessive requests. In order to ensure the security of our server, we recommend using denyhosts software

The default configuration file storage location for denyhosts is as follows:

tar zxvf DenyHosts-2.6.tar.gz                             #Decompress the source package
cd DenyHosts-2.6                                          #Enter the installation and decompression directory
python install                                   #Install DenyHosts
cd /usr/share/denyhosts/                                  #Default installation path
cp denyhosts.cfg-dist denyhosts.cfg                       #denyhosts.cfg is the configuration file
cp daemon-control-dist daemon-control                     #Daemon control is the startup program
chown root daemon-control                                 #Add root
chmod 700 daemon-control                                  #Change to executable
ln -s /usr/share/denyhosts/daemon-control /etc/init.d     #Soft connection to the daemon control for easy management

//Installation to this step is complete.
/etc/init.d/daemon-control start                          #Start denyhosts
chkconfig daemon-control on                               #Set denghosts to power on

vi /usr/share/denyhosts/denyhosts.cfg     #Modify the configuration file of denyhosts

HOSTS_DENY = /etc/hosts.deny                  #Documents controlling user login
PURGE_DENY = 30m                              #After a long period of time to clear the prohibited, set to 30 minutes;
# 'm' = minutes
# 'h' = hours
# 'd' = days
# 'w' = weeks
# 'y' = years
BLOCK_SERVICE = ALL                          #Prohibit all services
DENY_THRESHOLD_INVALID = 1                   #Number of failures allowed for invalid users
DENY_THRESHOLD_VALID = 3                     #Number of login failures allowed for ordinary users
DENY_THRESHOLD_ROOT = 3                      #Number of root login failures allowed
DAEMON_LOG = /var/log/denyhosts              #The path where the DenyHosts log file is stored, default

Another solution is to insert the failed IP in / var/log/secure into the / etc/hosts.deny file by using the timed task to achieve the purpose of shielding


Tags: network Python

Posted on Sun, 03 Nov 2019 06:41:09 -0800 by dfwcomputer