Monday, June 22, 2009

Installing DenyHosts

What is DenyHosts?

DenyHosts is a small python program created by Phil Schwartz which is intended to stop SSH attacks by adding an entry to the /etc/hosts.deny file on UNIX/LINUX systems based on the number of failed logins.


Software License

The program is licensed under the General Public License (GPL) version 2.


Download

The program can be downloaded from http://denyhosts.sourceforge.net/


Installing DenyHosts

Using an rpm package of DenyHost, issue the command as "root" user:

# rpm -Uvh DenyHosts-2.6-python2.4.noarch.rpm


DenyHost Files

/usr/bin/denyhosts.py
/usr/lib/python2.4/site-packages/DenyHosts/__init__.py
/usr/lib/python2.4/site-packages/DenyHosts/__init__.pyc
/usr/lib/python2.4/site-packages/DenyHosts/allowedhosts.py
/usr/lib/python2.4/site-packages/DenyHosts/allowedhosts.pyc
/usr/lib/python2.4/site-packages/DenyHosts/constants.py
/usr/lib/python2.4/site-packages/DenyHosts/constants.pyc
/usr/lib/python2.4/site-packages/DenyHosts/counter.py
/usr/lib/python2.4/site-packages/DenyHosts/counter.pyc
/usr/lib/python2.4/site-packages/DenyHosts/daemon.py
/usr/lib/python2.4/site-packages/DenyHosts/daemon.pyc
/usr/lib/python2.4/site-packages/DenyHosts/deny_hosts.py
/usr/lib/python2.4/site-packages/DenyHosts/deny_hosts.pyc
/usr/lib/python2.4/site-packages/DenyHosts/denyfileutil.py
/usr/lib/python2.4/site-packages/DenyHosts/denyfileutil.pyc
/usr/lib/python2.4/site-packages/DenyHosts/filetracker.py
/usr/lib/python2.4/site-packages/DenyHosts/filetracker.pyc
/usr/lib/python2.4/site-packages/DenyHosts/lockfile.py
/usr/lib/python2.4/site-packages/DenyHosts/lockfile.pyc
/usr/lib/python2.4/site-packages/DenyHosts/loginattempt.py
/usr/lib/python2.4/site-packages/DenyHosts/loginattempt.pyc
/usr/lib/python2.4/site-packages/DenyHosts/old-daemon.py
/usr/lib/python2.4/site-packages/DenyHosts/old-daemon.pyc
/usr/lib/python2.4/site-packages/DenyHosts/plugin.py
/usr/lib/python2.4/site-packages/DenyHosts/plugin.pyc
/usr/lib/python2.4/site-packages/DenyHosts/prefs.py
/usr/lib/python2.4/site-packages/DenyHosts/prefs.pyc
/usr/lib/python2.4/site-packages/DenyHosts/purgecounter.py
/usr/lib/python2.4/site-packages/DenyHosts/purgecounter.pyc
/usr/lib/python2.4/site-packages/DenyHosts/python_version.py
/usr/lib/python2.4/site-packages/DenyHosts/python_version.pyc
/usr/lib/python2.4/site-packages/DenyHosts/regex.py
/usr/lib/python2.4/site-packages/DenyHosts/regex.pyc
/usr/lib/python2.4/site-packages/DenyHosts/report.py
/usr/lib/python2.4/site-packages/DenyHosts/report.pyc
/usr/lib/python2.4/site-packages/DenyHosts/restricted.py
/usr/lib/python2.4/site-packages/DenyHosts/restricted.pyc
/usr/lib/python2.4/site-packages/DenyHosts/sync.py
/usr/lib/python2.4/site-packages/DenyHosts/sync.pyc
/usr/lib/python2.4/site-packages/DenyHosts/util.py
/usr/lib/python2.4/site-packages/DenyHosts/util.pyc
/usr/lib/python2.4/site-packages/DenyHosts/version.py
/usr/lib/python2.4/site-packages/DenyHosts/version.pyc
/usr/share/denyhosts/CHANGELOG.txt
/usr/share/denyhosts/LICENSE.txt
/usr/share/denyhosts/README.txt
/usr/share/denyhosts/daemon-control-dist
/usr/share/denyhosts/denyhosts.cfg-dist
/usr/share/denyhosts/plugins/README.contrib
/usr/share/denyhosts/plugins/shorewall_allow.sh
/usr/share/denyhosts/plugins/shorewall_deny.sh
/usr/share/denyhosts/plugins/test_deny.py
/usr/share/denyhosts/scripts/restricted_from_invalid.py
/usr/share/denyhosts/scripts/restricted_from_passwd.py
/usr/share/denyhosts/setup.py


Tested

The installation of the program is fairly easy. I have tested it under CentOS 5.3 with Python 2.4 installation.


Installation Instruction

Read the README.txt file. The README.txt files contains a clear installation instruction for the program. This file is reproduced below:


DenyHosts is a utility developed by Phil Schwartz which aims to
thwart sshd (ssh server) brute force attacks.

Please refer to http://www.denyhosts.net/faq.html

INSTALLATION:
=============

SOURCE DISTRIBUTION
===================

If you downloaded the source distribution file (DenyHosts-#.#.#-tar.gz)
then:

$ tar zxvf DenyHosts-#.#.#-tar.gz (Where #.#.# is the version)

$ cd DenyHosts-#.#.#

as root:

# python setup.py install

This will install the DenyHosts modules into python's site-packages
directory.

BINARY DISTRIBUTION (rpm, deb, etc)
===================

It is assumed that you are familiar with installing a binary package
on your particular operating system. If you are unsure how to do
this, you may wish to install from souce instead.


ALL DISTRIBUTIONS
=================

Once you have installed DenyHosts, by default the directory
/usr/share/denyhosts will be created and a sample configuration
file will be copied into it. A sample daemon-control script will
also be copied into the /usr/share/denyhosts directory.

DenyHosts requires that a configuration file be created before
it can function. The sample configuration file denyhosts.cfg-dist
contains most of the possible settings and should be copied and
then edited as such:

# cp denyhosts.cfg-dist denyhosts.cfg

# denyhosts.cfg

(where is your preferred text editor such as emacs, vi, etc)

The sample configuration file contains informational comments that
should help you quickly configure DenyHosts. After you have
edited your configuration file, save it.

Next, if you intend to run DenyHosts in daemon mode (recommended)
copy the sample daemon-control.dist script as such:

# cp daemon-control-dist daemon-control

Edit the daemon-control file. You should only need to edit this section
near the top:

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"


These defaults should be reasonable for many systems. You
should customize these settings to match your particular
system.

Once you have edited the configuration and daemon control files
make sure that the daemon control script it executable (by root).

# chown root daemon-control

# chmod 700 daemon-control


STARTING DENYHOSTS MANUALLY
===========================

Assuming you have configured DenyHosts to run as a daemon, you
can use the daemon-control script to control it:

# daemon-control start

You should refer to the daemon log (typically /var/log/denyhosts)
to ensure that DenyHosts is running successfully. If you
notice any problems you may wish to consult the FAQ at
http://www.denyhosts.net/faq.html

If you wish to run DenyHosts from cron rather than as a
daemon, please refer to the FAQ.


STARTING DENYHOSTS AUTOMATICALLY
================================

METHOD 1 (preferred)
====================

Create a symbolic link from /etc/init.d such as:

# cd /etc/init.d

# ln -s /usr/share/denyhosts/daemon-control denyhosts

If you have chkconfig installed you can then use it to
ensure that DenyHosts runs at boot time:

# chkconfig --add denyhosts


If you do not have chkconfig (or similar) installed you can either manually
create the symlinks in /etc/rc2.d, /etc/rc3.d, /etc/rc5.d but that is beyond
the scope of this document.

METHOD 2
========

Add an entry into the /etc/rc.local file:

/usr/share/denyhosts/daemon-control start


No comments: