What is DenyHosts?

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

Download and Install DenyHosts

Login as root
#cd /root
#wget http://nchc.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts...
#tar -zxvf DenyHosts-2.6.tar.gz
#cd DenyHosts-2.6
#python setup.py install

DenyHosts default directory is in /usr/share/denyhosts

Configure DenyHosts

#cd /usr/share/denyhosts
#cp denyhosts.cfg-dist denyhosts.cfg
#vi denyhosts.cfg

### you can modify few options in denyhosts.cf ###

Configure DenyHosts Daemon

#cp daemon-control-dist daemon-control
#vi daemon-control

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN   = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK  = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG   = "/usr/share/denyhosts/denyhosts.cfg"


Once you have edited the configuration and daemon control files
make sure that the daemon control script it executable (by root).

Set permission and owner for DenyHosts daemon

#chown root daemon-control
#chmod 700 daemon-control

Starting DenyHosts

#vi /etc/rc.local
### add this line below into rc.local ###
/usr/share/denyhosts/daemon-control start

For OpenSUSE

#vi /etc/init.d/boot.local
### add this line below into rc.local ###
/usr/share/denyhosts/daemon-control start