Introduction

DenyHosts is a log-based intrusion prevention security tool intended to be run by Linux administrators to prevent SSH server attacks. It is a  script which is  written in Python that monitors server access logs and detects invalid authentication attempts. It can block the originating IP addresses after a certain number of invalid login attempts.

Installation of DenyHosts

You will need a repo for the Installation of DenyHost which can be downloaded by executing the command given below:

sudo rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

After download is completed, we can install and configure DenyHosts.

yum install denyhosts

White-listing IP Addresses

White listing is usually done in order to prevent from being locked out of the virtual private server. After the installation of DenyHosts, you have to white list your own IP address. Skipping this step may render the risk of locking yourself out of the server.

To white list for allowing the hosts:

vi /etc/hosts.allow

In that list, you can add the IP addresses that shouldn’t be blocked from your server. You can give each IP address in separate lines. You may wish to include more familiar IP addresses.

sshd: 110.44.112.69

After the setup, restart the DenyHosts to bring in the new settings into effect:

/etc/init.d/denyhosts restart

Configuring DenyHosts

Configuring denyhosts is a completely optional step. DenyHosts will already be up and running on your server. In case if you want to customize certain settings, you can proceed to making changes to the configuration file:

vi /etc/denyhosts.conf