====== CentOS5 安裝 DenyHosts 阻絕 ssh 暴力破解  ======
DenyHosts 是透過登入失敗紀錄的來源 ip 來判別是否自動將此 ip 列入黑名單的工具.

===== 安裝方式 =====
  * 先安裝好 [[http://wiki.centos.org/zh-tw/AdditionalResources/Repositories/RPMForge|rpmforge]]
  * 透過 yum install 安裝 DenyHosts<code sh>
yum install denyhosts
</code>

===== 設定方式 =====
  * vi /etc/denyhosts/denyhosts.cfg<file>
:
# Redhat or Fedora Core:
SECURE_LOG = /var/log/secure
:
# Most operating systems:
HOSTS_DENY = /etc/hosts.deny
:
# never purge:
PURGE_DENY =
:
# To block only sshd:
BLOCK_SERVICE  = sshd
:
DENY_THRESHOLD_INVALID = 5
:
DENY_THRESHOLD_VALID = 10
:
DENY_THRESHOLD_ROOT = 1
:
DENY_THRESHOLD_RESTRICTED = 1
:
WORK_DIR = /usr/share/denyhosts/data
:
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
:
# Redhat/Fedora:
LOCK_FILE = /var/lock/subsys/denyhosts
:
#
# OPTIONAL Setting...
#
ADMIN_EMAIL = tryweb@ichiayi.com
SMTP_HOST = localhost
SMTP_PORT = 25
#SMTP_USERNAME=foo
#SMTP_PASSWORD=bar
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report
#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
:
SYSLOG_REPORT=YES
#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
#RESET_ON_SUCCESS = yes
:
#
DAEMON_LOG = /var/log/denyhosts
#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
:
</file>

===== 啟動服務 =====
  * 啟動服務<code sh>
service denyhosts start
</code>
  * 檢查運作紀錄<code sh>
tail -f /var/log/denyhosts
</code><file>
[root@xen-server ~]# tail -f /var/log/denyhosts
2012-09-18 15:35:31,685 - denyhosts   : INFO     Processing log file (/var/log/secure) from offset (0)
2012-09-18 15:35:32,042 - denyhosts   : INFO     new denied hosts: ['122.141.234.42', '49.238.238.37']
2012-09-18 15:35:32,146 - denyhosts   : INFO     launching DenyHosts daemon (version 2.6)...
2012-09-18 15:35:32,151 - denyhosts   : INFO     DenyHosts daemon is now running, pid: 17906
2012-09-18 15:35:32,152 - denyhosts   : INFO     send daemon process a TERM signal to terminate cleanly
2012-09-18 15:35:32,152 - denyhosts   : INFO       eg.  kill -TERM 17906
2012-09-18 15:35:32,209 - denyhosts   : INFO     monitoring log: /var/log/secure
2012-09-18 15:35:32,209 - denyhosts   : INFO     sync_time: 3600
2012-09-18 15:35:32,209 - denyhosts   : INFO     purging of /etc/hosts.deny is disabled
2012-09-18 15:35:32,210 - denyhosts   : INFO     denyhosts synchronization disabled
</file>

===== 設定白名單 =====
當出現不小心打錯密碼被列入黑名單後, 雖然手動去 /etc/hosts.deny 移除, 但不久又被 denyhosts 自動加回時, 需要處理的程序. Exp. 192.168.0.252 被列入黑名單.. <code sh>
vi /etc/hosts.allow</code><file>
:
sshd:   192.168.0.252
</file>
這樣 192.168.0.252 雖然出現在 /etc/hosts.deny 但仍然可以透過 ssh 連入


===== 參考網址 =====
  * http://denyhosts.sourceforge.net/
  * http://keniver.pixnet.net/blog/post/28577992
  * https://www.digitalocean.com/community/articles/how-to-install-denyhosts-on-ubuntu-12-04

{{tag>ssh 安裝 資安}}