centos7安裝DenyHosts-

centos安全日誌文件/var/log/secure包含了系統驗證和受權方面信息,包括sshd的登陸信息,經過分析該文件能夠及時發現網絡攻擊行爲.

DenyHosts能夠分析系統日誌文件，當發現重複的攻擊時就會記錄IP到/etc/hosts.deny文件，從而自動屏蔽IP。

一、下載安裝包

官方下載地址：http://denyhosts.sourceforge.net/

二、解壓

tar -zxvf DenyHosts-2.6.tar.gz

三、執行安裝

cd DenyHosts-2.6/

python setup.py install

四、設置配置文件

cp ～/DenyHosts-2.6 /usr/share/denyhosts/denyhosts.cfg

配置文件中的參數能夠根據須要修改

############ THESE SETTINGS ARE REQUIRED ############

########################################################################
# 記錄sshd日誌信息文件
# SECURE_LOG: the log file that contains sshd logging info
# if you are not sure, grep "sshd:" /var/log/*
#
# The file to process can be overridden with the --file command line
# argument
#
# Redhat or Fedora Core:
SECURE_LOG = /var/log/secure
#
# Mandrake, FreeBSD or OpenBSD: 
#SECURE_LOG = /var/log/auth.log
#
# SuSE:
#SECURE_LOG = /var/log/messages
#
# Mac OS X (v10.4 or greater - 
#   also refer to:   http://www.denyhosts.net/faq.html#macos
#SECURE_LOG = /private/var/log/asl.log
#
# Mac OS X (v10.3 or earlier):
#SECURE_LOG=/private/var/log/system.log
#
########################################################################

########################################################################
# 控制用戶登錄的文件（記錄屏蔽的IP文件）
# HOSTS_DENY: the file which contains restricted host access information
#
# Most operating systems:
HOSTS_DENY = /etc/hosts.deny
#
# Some BSD (FreeBSD) Unixes:
#HOSTS_DENY = /etc/hosts.allow
#
# Another possibility (also see the next option):
#HOSTS_DENY = /etc/hosts.evil
#######################################################################


########################################################################
# 多久清除屏蔽的IP的記錄。
# PURGE_DENY: removed HOSTS_DENY entries that are older than this time
#             when DenyHosts is invoked with the --purge flag
#
#      format is: i[dhwmy]
#      Where 'i' is an integer (eg. 7) 
#            'm' = minutes
#            'h' = hours
#            'd' = days
#            'w' = weeks
#            'y' = years
#
# never purge:
#PURGE_DENY =       #表示全部條目永遠不刪除 
#
# purge entries older than 1 week
#PURGE_DENY = 1w   #一週刪除
#
# purge entries older than 5 days
PURGE_DENY = 5d    #5天刪除
#######################################################################

#######################################################################
# 定義某個host最多被清除幾回。 超過PURGE_THRESHOLD值就不會被清理
# PURGE_THRESHOLD: defines the maximum times a host will be purged.  
# Once this value has been exceeded then this host will not be purged. 
# Setting this parameter to 0 (the default) disables this feature.
#
# default: a denied host can be purged/re-added indefinitely
#PURGE_THRESHOLD = 0
#
# a denied host will be purged at most 2 times. 
#PURGE_THRESHOLD = 2 
#
#######################################################################


#######################################################################
# 配置須要分析的服務
# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
# 
# man 5 hosts_access for details
#
# eg.   sshd: 127.0.0.1  # will block sshd logins from 127.0.0.1
#
# To block all services for the offending host:
#BLOCK_SERVICE = ALL
# To block only sshd:
BLOCK_SERVICE  = sshd #默認只分析sshd
# To only record the offending host and nothing else (if using
# an auxilary file to list the hosts).  Refer to: 
# http://denyhosts.sourceforge.net/faq.html#aux
#BLOCK_SERVICE =    
#
#######################################################################


#######################################################################
# 容許無效用戶登陸失敗的次數
# DENY_THRESHOLD_INVALID: block each host after the number of failed login 
# attempts has exceeded this value.  This value applies to invalid
# user login attempts (eg. non-existent user accounts)
#
DENY_THRESHOLD_INVALID = 5
#
#######################################################################

#######################################################################
# 容許有效（普通用戶）用戶登錄失敗的次數
# DENY_THRESHOLD_VALID: block each host after the number of failed 
# login attempts has exceeded this value.  This value applies to valid
# user login attempts (eg. user accounts that exist in /etc/passwd) except
# for the "root" user
#
DENY_THRESHOLD_VALID = 10
#
#######################################################################

#######################################################################
# 容許root登陸失敗的次數。
# DENY_THRESHOLD_ROOT: block each host after the number of failed 
# login attempts has exceeded this value.  This value applies to 
# "root" user login attempts only.
#
DENY_THRESHOLD_ROOT = 1
#
#######################################################################

五、設置開機自啓動

cp ～/DenyHosts-2.6/daemon-control-dist /etc/init.d/denyhosts

chown root /etc/init.d/denyhosts

chmod 755 /etc/init.d/denyhosts

chkconfig --add denyhosts

chkconfig denyhosts on