How to install and configure denyhosts tool on Linux for automatic screen IP


It is necessary to master the installation of denyhosts in Linux system, so how to install denyhosts tool in Linux system? How to configure it after installation? This is what users need to learn.


Denyhosts is a security tool written in Python to monitor server access logs and prevent brute force attacks on virtual private servers. The project works by prohibiting more than a certain number of failed login attempts.

Step 1: install denyhosts

Yes, denyhosts is easy to install in Ubuntu

  sudo apt-get install denyhosts

Once the program is downloaded, denyhosts will be automatically installed and configured on your VPS.

Step 2. IP address of white list

When you install denyhosts, be sure to whitelist your own IP addresses. Skipping this step will put you at risk of locking yourself out of your own machine.

Open the list of hosts allowed in your VPS:

  sudo nano /etc/hosts.allow

According to the description, you can write on each separate line and use this format when you cannot prohibit the addition of any IP address from the server:

  sshd: yourip

After making any changes, be sure to restart denyhosts so that the new settings will have the effect on your virtual private server:

  sudo /etc/init.d/denyhosts restart

Step 3 (optional) configure denyhosts

Yes, denyhosts can be used at any time, as long as the installation is over.

However, if you want to customize the denyhosts behavior of your VPS, you can make changes in the denyhost configuration file:

  sudo nano /etc/denyhosts.conf

Denyhosts parameter configuration

#CD / usr / share / denyhosts / #denyhosts default installation directory

  # cp denyhosts.cfg-dist denyhosts.cfg

#VI denyhosts.cfg #denyhosts configuration file

SECURE_ Log = / var / log / secure #ssh log file

  # format is: i[dhwmy]

  # Where i is an integer (eg. 7)

  # m = minutes

  # h = hours

  # d = days

  # w = weeks

  # y = years


  # never purge:

PURGE_ Deny = 50m # how long will it take to clear blocked IP

HOSTS_ Deny = / etc / hosts.deny # will block IP writes to hosts.deny

BLOCK_ Service = sshd # block service name

DENY_ THRESHOLD_ Invalid = 1 # number of invalid user login failures allowed

DENY_ THRESHOLD_ Valid = 10 # allowed number of login failures for ordinary users

DENY_ THRESHOLD_ Root = 5 # number of root login failures allowed

WORK_ Dir = / usr / local / share / denyhosts / data # record the host or IP of deny to work_ In dir

DENY_ THRESHOLD_ Restricted = 1 # set deny host to write to this folder

LOCK_ File = / var / lock / subsys / denyhosts # records the PID started by denyhots to lock_ In file, it has been ensured that the service starts correctly to prevent multiple services from starting at the same time.

HOSTNAME_ Lookup = no # do you want to reverse solve the domain name

ADMIN_ Email = # set administrator email address

DAEMON_ Log = / var / log / denyhosts # own log file

DAEMON_ Purge = 10m # this item is the same as purge_ When deny is set to the same, it is also the time to clear the hosts.deniedsh user.

Denyhosts startup profile

  # cp daemon-control-dist daemon-control

  # chown root daemon-control

  # chmod 700 daemon-control

# 。/ Daemon control start # starts denyhosts

#Ln – S / usr / share / denyhosts / daemon control / etc / init. D # provides soft connection for daemon control to facilitate management

The installation is completed at this step.

#/Etc / init.d/daemon-control start # start denyhosts

#Chkconfig daemon control on # set denghosts to boot

Join automatic restart

  # vi /etc/rc.local

Add the following command

  /usr/share/denyhosts/daemon-control start

View attack IP records

  # vi /etc/hosts.deny

The above is how to configure denyhosts for Linux Installation. After configuring denyhosts tool, you can use denyhosts to analyze log files.

Recommended Today

Swift advanced (XV) extension

The extension in swift is somewhat similar to the category in OC Extension can beenumeration、structural morphology、class、agreementAdd new features□ you can add methods, calculation attributes, subscripts, (convenient) initializers, nested types, protocols, etc What extensions can’t do:□ original functions cannot be overwritten□ you cannot add storage attributes or add attribute observers to existing attributes□ cannot add parent […]