最後更新: 2019-10-03
介紹
對比起 fail2ban, DenyHosts 是專為保護 ssh 而設
它是 python script 來
Can be run from the cli, cron or as a daemon
Upon each run, the script will load the previously saved data and re-use it to append new failures.
Version
denyhosts --version
DenyHosts version: 2.6
設定
/etc/denyhosts.conf
# HOSTS_DENY HOSTS_DENY = /etc/hosts.deny # BLOCK_SERVICE BLOCK_SERVICE = sshd # the log file that contains sshd logging info(Debian) SECURE_LOG = /var/log/auth.log # Unit: # s: seconds # m: minutes # h: hours # d: days # w: weeks # y: years #################################### # 幾耐 polling 一次 SECURE_LOG 去決定 Block 邊個 DAEMON_SLEEP = 30s #################################### # 當不是 DAEMON 時, 相當於行cmd "denyhosts --purge" 一次 # 設定 DAEMON 幾耐清一次 DAEMON_PURGE = 1h # 每次清幾耐次前的 record PURGE_DENY = 1h #################################### # failed login (invalid user login attempts) DENY_THRESHOLD_INVALID = 3 # failed login (valid login, except "root") DENY_THRESHOLD_VALID = 10 # applies to "root" DENY_THRESHOLD_ROOT = 3 # Block WORK_DIR/restricted-usernames file 內的 user 登入次數 DENY_THRESHOLD_RESTRICTED = 5 # WORK_DIR WORK_DIR = /var/lib/denyhosts #################################### # 幾耐失憶唔記得之前的 fail AGE_RESET_INVALID=1h AGE_RESET_VALID=1h AGE_RESET_ROOT=1h AGE_RESET_RESTRICTED=1h # The default is RESET_ON_SUCCESS = no RESET_ON_SUCCESS = yes
# if a suspicious login attempt results from an allowed-host then it is considered suspicious.
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=NO
ALLOWED_HOSTS
WORK_DIR/allowed-hosts
#1.1.1.1 #1.1.1.* # 1.1.1.6 to 1.1.1.23 #1.1.1.[6-23] # host #foo
Daemon Mode
執行:
ps aux | grep denyhosts
python /usr/sbin/denyhosts --daemon --purge --config=/etc/denyhosts.conf
- daemon mode (--daemon flag)
log:
/var/log/denyhosts
設定:
# DAEMON 有開的設定 DAEMON_SLEEP = 30s DAEMON_PURGE = 1h