Step 1:
Before starting, we will check if our server is fully up to date by using the following command:
yum update
After being sure that the server is up to date we can start the installation.
Step 2:
Now, we will use the following command to download the EPEL repository:
sudo rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm
And to install the DenyHost packages we will use the following command:
sudo yum install denyhosts
You have to be careful that you have prevented your DenyHost’s server IP address from being denied during the installation. We will use the following command now:
nano /etc/hosts.allow
And the following command to protect our address IP, you can find your address IP within thislink. Don’t forget to replace “You_IP” with your address:
sshd: Your_IP
Now we will block everything. So we will use the nano editor to open the file:
nano /etc/hosts.deny
And using the following line we will edit the file by adding it to the button of the file:
sshd: ALL **
Then we will save and restart DenyHost using the following command:
/etc/init.d/denyhosts restart
And if you want to make any configuration of your installed DenyHost you have to open the following file and update it according to your preference:
nano /etc/denyhosts.conf
Step 3:
To check denyhosts ssh logs to know how many attackers and hackers are attempted to gain access to your server use the following command:
# tail -f /var/log/secure
And if you want to remove a banned IP address from the denyhosts, use the following command to stop denyhost firstly:
# /etc/init.d/denyhosts stop
And then use the following lines to remove or delete the banned IP address completely:
# nano /etc/hosts.deny # nano /var/lib/denyhosts/hosts # nano /var/lib/denyhosts/hosts-restricted # nano /var/lib/denyhosts/hosts-root # nano /var/lib/denyhosts/hosts-valid # nano /var/lib/denyhosts/users-hosts
After removing the banned IP address, you have to restart the denyhost using the following command:
# /etc/init.d/denyhosts start
If you want to find a specific address IP, the easiest way is to use the grep command like the following example by replacing wanted_IP with your selected address:
#cd /var/lib/denyhosts grep wanted_IP *
Conclusion
In this tutorial, we discussed how to install and configure DenyHosts on your CentOs 6 server. Also, we showed you how to defend against brute force attacks. As far as I know, It is easy to configure and it also supports email, smtp, and syslog notifications. Hope this tool will be useful for you sometime.