amuck-landowner

Assisted setup script for DenyHosts on CentOS and Debian Linux distributions

TheLinuxBug

New Member
Hello All,

I have been working on some scripts to help assist new Linux and VPS users in setting up DenyHosts on their server. Below I am including these scripts for you all to use:

Some info on DenyHosts for those of you who don't know what it is:

What is DenyHosts?

DenyHosts is a script intended to be run by Linux system administrators to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks).

If you've ever looked at your ssh log (/var/log/secure on Redhat, /var/log/auth.log on Mandrake, etc...) you may be alarmed to see how many hackers attempted to gain access to your server. Hopefully, none of them were successful (but then again, how would you know?). Wouldn't it be better to automatically prevent that attacker from continuing to gain entry into your system?

DenyHosts attempts to address the above... and more.

DenyHosts was the Unix Review: Tool of the Month for August 2005

It is a free project and you can get the package directly from their Sourceforge repo if you like: http://denyhosts.sourceforge.net/

I have written two scripts, one for Debian and one for CentOS to assist with setting up DenyHosts.  The script provides the following assistance:

1. It installs all packages required by the Linux Distribution to run DenyHosts.

2. It sets DenyHosts up to start at boot of your server.

3. It provides for novice users interactive configuration of the config file with suggested settings.

4. Assists with adding a host to your /etc/hosts.allow that you do not want to become blocked. 

5. Prompts you with the ability to modify the the config file and control file your self . 

6. Can be re-ran at any time to be used to reconfigure DenyHosts

Note: these scripts were written in my spare time and come with no guarantee/warranty or otherwise. The scripts are free to be used and modified as you like.  Let me know of any bugs you see and I would be happy to update the script and fix any issues.


For quick install on your server:


Debian:

wget http://phoenix.phix-it.com/denyhosts/denyhost-debian.sh ; chmod +x denyhost-debian.sh ; ./denyhost-debian.sh

CentOS:

wget http://phoenix.phix-it.com/denyhosts/denyhost-centos.sh ; chmod +x denyhost-centos.sh ; ./denyhost-centos.sh

Please feel free to leave any feedback or bug requests below.  ;)
 
Last edited by a moderator:

TheLinuxBug

New Member
I have made a few modifications to the Debian installer, it is now version 0.1k.  Changes are documented at the top of the script.

Cheers!
 

24/7/365

New Member
Verified Provider
Just curious, is there any reason you wouldn't use the version in the repositories? Wouldn't that make it more maintainable?
 

TheLinuxBug

New Member
The script is really easy to change, if you want you can change the file it downloads.  I wrote this to work with version 2.6 and if they change the configuration in future versions it will likely need modified.  It is pulling the tarball directly from a Sourceforge mirror.

Edit: Feel free to change the code/upgrade it/make it better and re-post. I am open to seeing the script get better. Possibly here in the future it will go on the GIT repository for vpsBoard, I just haven't had the time to sort all that out.  This was one of those late night "I need a script to do this, lets make it happen!" projects that turned into a really usable script for novice users. So as I said, if you have some time to help improve the script, please, be my guest :)

Cheers!
 
Last edited by a moderator:

peterw

New Member
Cool script. I like to remove the Python fail2ban service and now found a valid alternative.
 
Top
amuck-landowner