Tips: 本文创建于2015年11月3日,已超过 2 年,内容或图片可能已经失效!

DenyHosts

DenyHosts官网地址

安装

[[email protected] ~]# cd /usr/local/src      
[[email protected] src]# tar zxvf DenyHosts-2.6.tar.gz      
[[email protected] DenyHosts-2.6]# echo "" > /var/log/secure && service rsyslog restart      
[[email protected] DenyHosts-2.6]# python setup.py install #默认安装到 /usr/share/denyhosts/      
[[email protected] DenyHosts-2.6]# cd /usr/share/denyhosts/      
[[email protected] denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg      
[[email protected] denyhosts]# cp daemon-control-dist daemon-control      
[[email protected] denyhosts]# chown root daemon-control      
[[email protected] denyhosts]# chmod 700 daemon-control      
[[email protected] denyhosts]# ln -sf /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts      
[[email protected] denyhosts]# chkconfig --add denyhosts      
[[email protected] denyhosts]# chkconfig --level 2345 denyhosts on      
[[email protected] denyhosts]# echo "/usr/share/denyhosts/daemon-control start" >> /etc/rc.local      
[[email protected] denyhosts]# echo "你的IP" >>  /usr/share/denyhosts/allowed-hosts  #白名单IP      
[[email protected] denyhosts]# vim /usr/share/denyhosts/denyhosts.cfg      
       ############ THESE SETTINGS ARE REQUIRED ############      
SECURE_LOG = /var/log/secure    #sshd日志文件,denyhosts根据这个文件来判断      
HOSTS_DENY = /etc/hosts.deny    #控制用户登录的文件      
PURGE_DENY = 5m     #过多久后清除已经禁止的IP      
BLOCK_SERVICE  = sshd   #禁止的服务名      
DENY_THRESHOLD_INVALID = 3  #允许无效用户登录失败的次数      
DENY_THRESHOLD_VALID = 3    #允许普通用户登录失败的次数      
DENY_THRESHOLD_ROOT = 1 #允许root登录失败的次数      
DENY_THRESHOLD_RESTRICTED = 1      
WORK_DIR = /usr/share/denyhosts/data      
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES      
HOSTNAME_LOOKUP=NO  #是否做域名反解析      
LOCK_FILE = /var/lock/subsys/denyhosts      
       ############ THESE SETTINGS ARE OPTIONAL ############      
ADMIN_EMAIL = [email protected]      
SMTP_HOST = localhost      
SMTP_PORT = 25      
SMTP_FROM = DenyHosts <[email protected]>      
SMTP_SUBJECT = DenyHosts Report      
ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES #加上这句可以在/usr/share/denyhosts/data中写 allowed_hosts白名单    
AGE_RESET_VALID=5d      
AGE_RESET_ROOT=25d      
AGE_RESET_RESTRICTED=25d      
AGE_RESET_INVALID=10d      
   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########      
DAEMON_LOG = /var/log/denyhosts #log日志      
       
DAEMON_SLEEP = 30s      
DAEMON_PURGE = 5m   #过多久清除已禁止的IP      
   #########   THESE SETTINGS ARE SPECIFIC TO     ##########      
   #########       DAEMON SYNCHRONIZATION         ##########    

启动

/etc/init.d/denyhosts start  

邮件通知

hostdeny.png

一个解封IP的脚本

#!/bin/bash  
  
HOST=$1  
if [ -z "${HOST}" ]; then  
    echo "Usage:$0 IP"  
    exit 1  
fi  
  
/etc/init.d/denyhosts stop  
echo '  
/etc/hosts.deny  
/usr/share/denyhosts/data/hosts  
/usr/share/denyhosts/data/hosts-restricted  
/usr/share/denyhosts/data/hosts-root  
/usr/share/denyhosts/data/hosts-valid  
/usr/share/denyhosts/data/users-hosts  
' | grep -v "^$" | xargs sed -i "/${HOST}/d"  
/etc/init.d/denyhosts start