DenyHosts

DenyHosts is a script that is intended to help thwart SSH server attacks (also known as dictionary based attacks and brute force attacks). This is a daemon that runs on your server and watches for failed authentication attempts. Once it sees a certain amount of failures from a particular IP address, it blocks that IP address by adding it to /etc/hosts.deny.

On CentOS simply, enable EPEL/RPMforge repositories and install from there. It will automatically create /etc/init.d/denyhosts and /etc/denyhosts.conf.

yum install denyhosts

If repository is not available, download the DenyHosts RPM package, install and create configuration files

rpm -Uvh DenyHosts-2.6-python2.4.rpm
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg
cp daemon-control-dist daemon-control

Edit

SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
LOCK_FILE = /var/run/denyhosts.pid

Also, you’ll see that there is a set of Syncronization settings in there. This script has the ability to send the list of IPs that you blocked up to a centralized server. It then keeps a running list of all the IPs that have been blocked by all the DenyHosts users and gives you the option to have all of those IPs automatically blocked by your server.

Next, edit daemon-control. The only thing you should have to modify in this file is DENYHOSTS_LOCK:

DENYHOSTS_LOCK = “/var/run/denyhosts.pid”

Next, we have to make sure that /etc/hosts.allow and /etc/hosts.deny exist: 

touch /etc/hosts.allow
touch /etc/hosts.deny

Finally, we need to make sure DenyHosts runs automatically on startup. First, create a symbolic link in /etc/init.d:

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control DenyHosts

Set DenyHosts to run on startup.