Install DenyHosts on a CentOS box

 

The world is full of bad people trying to get into your Linux server (type lastb as root to find out a little more.. it may take a while, but it'll give you a list of bad logins.. the usernames they tried, the ips they're coming from, etc..).

So - you need to catch and block these people, then let others know about it. While we're at it, we'll download a list of ips that others have found trying to log into their servers.. install DenyHosts.

yum install denyhosts

If yum can't find it, install the epel repo:

rpm -Uvh http://download.fedora.redhat.com/pub/epel/5/i386/epel-release-5-4.noarch.rpm

Then use yum to install denyhosts as shown above..

After it's installed, add your ip address to /etc/hosts.allow so we don't get locked out

ALL: 209.xx.xx.xx
ALL: 209.xx.xx.xx
ALL: 72.xx.xx.xx
ALL: 71.xx.xx.xx

Edit the denyhosts.cfg located in /etc/denyhosts/ and configure it to your liking. Here are things that we've edited in the past:

ADMIN_EMAIL = hosting@iqnection.com, rkennedy@iqnection.com
BLOCK_SERVICE = ALL
SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
SYNC_INTERVAL = 1h
SYNC_UPLOAD = yes
SYNC_DOWNLOAD = yes
DENY_THRESHOLD_ROOT = 3

Edit the WORK_DIR/allowed-hosts file and add these lines:
(WORK_DIR is sometimes /var/lib/denyhosts/)

# Don't block office Fios or comcast lines
72.xx.xx.xx
71.xx.xx.xx
# Don't block nagios box
209.xx.xx.xx
# Don't block keyserver
209.xx.xx.xx

Ok, now configure it to run on startup:

chkconfig denyhosts on

Start denyhosts:

service denyhosts start