Question

How to install Denyhost to prevent SSH attacks on Linux

Answer 1

1. Install DenyHosts on Ubuntu 17 Linux

---

Implementing new security measures will be of great help in improving the levels of availability and privacy in any operating system since we will be creating tasks that are ready to face any threat, both internal and external, in the system..

One of the attacks at the network level that may be more critical are SSH attacks which use secure connections, which are difficult to detect and thus can penetrate the network and there do any malicious action that affects its optimal behavior.

Today in TechnoWikis we will analyze an application that has been developed to create a filter that prevents attacks of this type and is the DenyHosts tool..

What is DenyHosts

DenyHosts is a script which has been developed in order to be executed by system administrators in order to help stop attacks on the SSH server, attacks that we also know as dictionary-based attacks and brute force attacks.

To get an idea of ​​the number of attacks of this type that we can receive, just look at the / var / log / secure directory in RedHat or CentOS 7 or the /var/log/auth.log directory in Ubuntu or Debian and we'll see what next:

Although these were simply attempts, in case anyone can access the system we could face a really critical security situation.

In these cases it is useful to implement the DenyHosts solution to help us manage this type of access and avoid unpleasant surprises in our management task..

DenyHosts features

Some of the features of DenyHosts are:

• It can be executed from the command line, cron or as a daemon.

• Log all failed login attempts for the user and host to offend.

• In case any host exceeds a threshold count, the malicious host is registered.

• You can track each non-existent user when a login attempt fails.

• It is able to keep track of each existing user when a login attempt fails.

• Track each offending host.

• It tracks suspicious logins, those logins that were successful for a host in which many logon failures were recorded.

• Track file scrolling, to re-track the same file (/ var / log / secure) continuously.

• When the log file is rotated, the script will detect it and analyze its security from the beginning.

• Add /etc/hosts.deny and add recently banned hosts.

• Optionally, send an email from recently banned hosts and suspicious logins for more precise control.

• Keep a history of all users, hosts and suspicious logins that include the data and the number of failed logon attempts corresponding to them.

• It stores valid and invalid invalid login attempts in separate files, so it is easy to see which valid user is being attacked.

• After each execution, the script loads the previously saved data and will use it again to append existing new faults.

• Resolve IP addresses to host names, if available.

• The /etc/hosts.deny entries can be expired at any time specified by the user.

• FreeBSD support

1. Install DenyHosts on Ubuntu 17 Linux

To install DenyHosts on Ubuntu 17.10 we will run the following line:

 sudo apt install denyhosts 

Login Join up!

---