Download and Install
--------------------
[Head over to
Sourceforge](http://sourceforge.net/project/showfiles.php?group_id=131204)
to download an RPM. Make sure that the major version of Python required
for the RPM matches that installed on your system.
python --version
Now install the RPM:
rpm -ivH DenyHosts-2.6-python2.4.noarch.rpm
Configuration
-------------
By default, the installation is placed in `/usr/share/denyhosts`. A few
steps are required before starting the daemon.
### denyhosts.cfg
This is the main config file. A sample file is provided and is called
`denyhosts.cfg-dist`. Make a copy of this file and start editing it:
cp denyhosts.cfg-dist denyhosts.cfg
vim denyhosts.cfg
The file is beautifully self-explanatory, [as are the
FAQs](http://denyhosts.sourceforge.net/faq.html). Any further
explanation of the settings would be superfluous.
### The denyhosts daemon
Like the config file, copy the daemon:
cp daemon-control-dist daemon-control
chown root daemon-control
chmod 700 daemon-control
No further configuration is necessary for the daemon if you're on RHEL.
### Starting the service
A symlink is necessary within `/etc/init.d`
cd /etc/init.d/
ln -s /usr/share/denyhosts/daemon-control denyhosts
./denyhosts start
### Run at startup
chkconfig --add denyhosts
chkconfig denyhosts on
Other Notes
-----------
### Trusted IPs
The default `WORK_DIR` is `/usr/share/denyhosts/data`. An alternative is
`/var/lib/denyhosts`. An important consideration is the `allowed-hosts`
file, which lets you add an IP/range or domain as a 'trusted' source
which won't be banned (this can be fine-tuned in the `denyhosts.cfg`
file.) For example:
19.67.35.*
jhu.edu
### Removing IPs
If ever you need to do this, you will have to remove them from these
files:
/etc/hosts.deny
/var/lib/denyhosts/hosts
/var/lib/denyhosts/hosts-restricted
/var/lib/denyhosts/hosts-root
/var/lib/denyhosts/hosts-valid
/var/lib/denyhosts/users-hosts
It is a good idea to add trusted hosts to the `allowed-hosts` file after
this and restart the service. You can also use this script:
```bash
#!/bin/bash
# denyhosts-remove.sh
#
# AUTHOR: Tommy Butler, email: $ echo YWNlQHRvbW15YnV0bGVyLm1lCg==|base64 -d
# VERSION: 1.0
#
# SUMMARY:
# Use this script to Remove an IP address ban that has been errantly blacklisted
# by denyhosts - the ubiquitous and unforgiving brute-force attack protection
# service so often used on Linux boxen.
#
# INSTALL:
# Usage: Put this script somewhere in your $PATH, and execute it as root or
# with sudo. Call it directly or with an IP address argument. Multiple IP
# address arguments are not supported. You'll need to `chmod +x` it first.
#
# LICENSE:
# GNU GPL 1.0
# Copyright 2011 Tommy Butler, All rights reserved
BASE_PATH="/var/lib/denyhosts";
IP=$1
if [[ "`/usr/bin/id -u`" != "0" ]]; then
echo "Run this script as root or with sudo or app can't run correctly. Aborted."
exit 1;
fi
cd $BASE_PATH
if [[ "`pwd`" != "$BASE_PATH" ]]; then
echo "Couldn't cd to $BASE_PATH. Abort."
exit 1;
fi
if [[ "$IP" == "" ]]; then
echo "Enter the IP address you want to un-ban"
read IP
fi
if [[ "$IP" == "" ]]; then
echo "No IP address given. Abort."
exit 1;
fi
/etc/init.d/denyhosts stop
/usr/bin/perl -pi -e "s/^.*?$IP.*\n//g" /etc/hosts.deny *
/etc/init.d/denyhosts start
exit $?
```
### Using netfilter itself
While `denyhosts` is pretty good with regard to features, you can do a
basic 'bounce' with the IPT\_RECENT module.
iptables -N SSH_CHECK
iptables -A INPUT -p tcp --dport 22 -m state --state NEW -j SSH_CHECK
iptables -A SSH_CHECK -m state --state NEW -m recent --set --name SSH
iptables -A SSH_CHECK -m state --state NEW -m recent --update --seconds 60 --hitcount 4 --name SSH
iptables -A SSH_CHECK -m state --state NEW -m recent --rcheck --seconds 60 --hitcount 4 --name SSH -j DROP
### Test, test, test, test...
Enough said :)