+3 votes
215 views
How to install Denyhost to prevent SSH attacks on Linux

in Linux / Unix by (482k points)
reopened | 215 views

1 Answer

+4 votes
Best answer

1. Install DenyHosts on Ubuntu 17 Linux

Implementing new security measures will be of great help in improving the levels of availability and privacy in any operating system since we will be creating tasks that are ready to face any threat, both internal and external, in the system..

One of the attacks at the network level that may be more critical are SSH attacks which use secure connections, which are difficult to detect and thus can penetrate the network and there do any malicious action that affects its optimal behavior.

Today in TechnoWikis we will analyze an application that has been developed to create a filter that prevents attacks of this type and is the DenyHosts tool..

What is DenyHosts
DenyHosts is a script which has been developed in order to be executed by system administrators in order to help stop attacks on the SSH server, attacks that we also know as dictionary-based attacks and brute force attacks.

To get an idea of ​​the number of attacks of this type that we can receive, just look at the / var / log / secure directory in RedHat or CentOS 7 or the /var/log/auth.log directory in Ubuntu or Debian and we'll see what next:

image

Although these were simply attempts, in case anyone can access the system we could face a really critical security situation.

In these cases it is useful to implement the DenyHosts solution to help us manage this type of access and avoid unpleasant surprises in our management task..

DenyHosts features
Some of the features of DenyHosts are:
  • It can be executed from the command line, cron or as a daemon.
  • Log all failed login attempts for the user and host to offend.
  • In case any host exceeds a threshold count, the malicious host is registered.
  • You can track each non-existent user when a login attempt fails.
  • It is able to keep track of each existing user when a login attempt fails.
  • Track each offending host.
  • It tracks suspicious logins, those logins that were successful for a host in which many logon failures were recorded.
  • Track file scrolling, to re-track the same file (/ var / log / secure) continuously.
  • When the log file is rotated, the script will detect it and analyze its security from the beginning.
  • Add /etc/hosts.deny and add recently banned hosts.
  • Optionally, send an email from recently banned hosts and suspicious logins for more precise control.
  • Keep a history of all users, hosts and suspicious logins that include the data and the number of failed logon attempts corresponding to them.
  • It stores valid and invalid invalid login attempts in separate files, so it is easy to see which valid user is being attacked.
  • After each execution, the script loads the previously saved data and will use it again to append existing new faults.
  • Resolve IP addresses to host names, if available.
  • The /etc/hosts.deny entries can be expired at any time specified by the user.
  • FreeBSD support

1. Install DenyHosts on Ubuntu 17 Linux


To install DenyHosts on Ubuntu 17.10 we will run the following line:
 sudo apt install denyhosts 

image

image

Login Join up!


by (3m points)
edited

Related questions

+5 votes
1 answer
+5 votes
1 answer
asked Dec 28, 2021 in Guides by backtothefuture (482k points) | 14 views
+5 votes
1 answer
asked Sep 23, 2020 in Linux / Unix by backtothefuture (482k points) | 254 views
+4 votes
1 answer
asked Jul 10, 2020 in Linux / Unix by backtothefuture (482k points) | 229 views
+4 votes
1 answer
asked Sep 29, 2019 in Linux / Unix by backtothefuture (482k points) | 188 views
Sponsored articles cost $40 per post. You can contact us via Feedback
9,258 questions
9,367 answers
472 comments
2 users