安装denyhost防止SSH和FTP被暴力破解

Cat

做人到低调啊,我其实很低调的嘛,不知道得罪了哪个人,我的SSH和FTP一直被人扫描,而且还是那种多线程的,导致我的SSH和FTP开启了多进程来应付它的暴力破解,无奈之下还有改了端口了.
不过这是治标不治本的啦,Google一翻,终于给我找到了这个软件DenyHosts,DenyHosts是用Python语言编写的一个程序,它会分析你的日志文件,当发现重复的错误登录时就会记录IP到/etc/hosts.deny文件,然后自动屏蔽IP.功能很不错吧,下面是安装过程 (环境CentOS 5.5, DenyHosts 2.6)

下载:

1. wget http://imcat.in/down/DenyHosts-2.6.tar.gz

复制代码

安装:

1. tar -zxvf DenyHosts-2.6.tar.gz
   
2. cd DenyHosts-2.6
   
3. python setup.py install

复制代码

修改配置文件:

1. cp /usr/share/denyhosts/denyhosts.cfg-dist /usr/share/denyhosts/denyhosts.cfg
   
2. vi /usr/share/denyhosts/denyhosts.cfg

复制代码

配置文件比较长,需要修改的,我都做了注释,自己看吧

1. ############ THESE SETTINGS ARE REQUIRED ####################################################################################
   
2. #
   
3. # SECURE_LOG: the log file that contains sshd logging info
   
4. # if you are not sure, grep "sshd:" /var/log/*
   
5. #
   
6. # The file to process can be overridden with the --file command line
   
7. # argument
   
8. #
   
9. # Redhat or Fedora Core:
   
10. #日志文件,根据这个文件来判断
    
11. SECURE_LOG = /var/log/secure
    
12. #
    
13. # Mandrake, FreeBSD or OpenBSD:
    
14. #SECURE_LOG = /var/log/auth.log
    
15. #
    
16. # SuSE:
    
17. #SECURE_LOG = /var/log/messages
    
18. #
    
19. # Mac OS X (v10.4 or greater -
    
20. #   also refer to:   [url]http://www.denyhosts.net/faq.html#macos[/url]
    
21. #SECURE_LOG = /private/var/log/asl.log
    
22. #
    
23. # Mac OS X (v10.3 or earlier):
    
24. #SECURE_LOG=/private/var/log/system.log
    
25. #
    
26. ########################################################################
    
27. 
    
28. ########################################################################
    
29. #
    
30. # HOSTS_DENY: the file which contains restricted host access information
    
31. #
    
32. # Most operating systems:
    
33. #记录屏蔽的IP文件
    
34. HOSTS_DENY = /etc/hosts.deny
    
35. #
    
36. # Some BSD (FreeBSD) Unixes:
    
37. #HOSTS_DENY = /etc/hosts.allow
    
38. #
    
39. # Another possibility (also see the next option):
    
40. #HOSTS_DENY = /etc/hosts.evil
    
41. #######################################################################
    
42. 
    
43. ########################################################################
    
44. #
    
45. # PURGE_DENY: removed HOSTS_DENY entries that are older than this time
    
46. #             when DenyHosts is invoked with the --purge flag
    
47. #
    
48. #      format is: i[dhwmy]
    
49. #      Where 'i' is an integer (eg. 7)
    
50. #            'm' = minutes
    
51. #            'h' = hours
    
52. #            'd' = days
    
53. #            'w' = weeks
    
54. #            'y' = years
    
55. #
    
56. # never purge:
    
57. #多久清除屏蔽的IP,我设置一天
    
58. PURGE_DENY = 1d
    
59. #
    
60. # purge entries older than 1 week
    
61. #PURGE_DENY = 1w
    
62. #
    
63. # purge entries older than 5 days
    
64. #PURGE_DENY = 5d
    
65. #######################################################################
    
66. 
    
67. #######################################################################
    
68. #
    
69. # PURGE_THRESHOLD: defines the maximum times a host will be purged.
    
70. # Once this value has been exceeded then this host will not be purged.
    
71. # Setting this parameter to 0 (the default) disables this feature.
    
72. #
    
73. # default: a denied host can be purged/re-added indefinitely
    
74. #PURGE_THRESHOLD = 0
    
75. #
    
76. # a denied host will be purged at most 2 times.
    
77. #PURGE_THRESHOLD = 2
    
78. #
    
79. #######################################################################
    
80. 
    
81. #######################################################################
    
82. #
    
83. # BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY
    
84. #
    
85. # man 5 hosts_access for details
    
86. #
    
87. # eg.   sshd: 127.0.0.1  # will block sshd logins from 127.0.0.1
    
88. #
    
89. # To block all services for the offending host:
    
90. #BLOCK_SERVICE = ALL
    
91. # To block only sshd:
    
92. #禁止的服务,我设置为全部,禁止登录SSH和/FTP
    
93. BLOCK_SERVICE  = ALL
    
94. # To only record the offending host and nothing else (if using
    
95. # an auxilary file to list the hosts).  Refer to:
    
96. # [url]http://denyhosts.sourceforge.net/faq.html#aux[/url]
    
97. #BLOCK_SERVICE =
    
98. #
    
99. #######################################################################
    
100. 
     
101. #######################################################################
     
102. #
     
103. # DENY_THRESHOLD_INVALID: block each host after the number of failed login
     
104. # attempts has exceeded this value.  This value applies to invalid
     
105. # user login attempts (eg. non-existent user accounts)
     
106. #
     
107. #允许无效用户失败的数次
     
108. DENY_THRESHOLD_INVALID = 1
     
109. #
     
110. #######################################################################
     
111. 
     
112. #######################################################################
     
113. #
     
114. # DENY_THRESHOLD_VALID: block each host after the number of failed
     
115. # login attempts has exceeded this value.  This value applies to valid
     
116. # user login attempts (eg. user accounts that exist in /etc/passwd) except
     
117. # for the "root" user
     
118. #允许普通用户失败的次数
     
119. DENY_THRESHOLD_VALID = 1
     
120. #
     
121. #######################################################################
     
122. 
     
123. #######################################################################
     
124. #
     
125. # DENY_THRESHOLD_ROOT: block each host after the number of failed
     
126. # login attempts has exceeded this value.  This value applies to
     
127. # "root" user login attempts only.
     
128. #允许root用户失败的次数
     
129. DENY_THRESHOLD_ROOT = 3
     
130. #
     
131. #######################################################################
     
132. 
     
133. #######################################################################
     
134. #
     
135. # DENY_THRESHOLD_RESTRICTED: block each host after the number of failed
     
136. # login attempts has exceeded this value.  This value applies to
     
137. # usernames that appear in the WORK_DIR/restricted-usernames file only.
     
138. #
     
139. DENY_THRESHOLD_RESTRICTED = 1
     
140. #
     
141. #######################################################################
     
142. 
     
143. #######################################################################
     
144. #
     
145. # WORK_DIR: the path that DenyHosts will use for writing data to
     
146. # (it will be created if it does not already exist).
     
147. #
     
148. # Note: it is recommended that you use an absolute pathname
     
149. # for this value (eg. /home/foo/denyhosts/data)
     
150. #
     
151. WORK_DIR = /usr/share/denyhosts/data
     
152. #
     
153. #######################################################################
     
154. 
     
155. #######################################################################
     
156. #
     
157. # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS
     
158. #
     
159. # SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO
     
160. # If set to YES, if a suspicious login attempt results from an allowed-host
     
161. # then it is considered suspicious.  If this is NO, then suspicious logins
     
162. # from allowed-hosts will not be reported.  All suspicious logins from
     
163. # ip addresses that are not in allowed-hosts will always be reported.
     
164. #
     
165. SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
     
166. ######################################################################
     
167. 
     
168. ######################################################################
     
169. #
     
170. # HOSTNAME_LOOKUP
     
171. #
     
172. # HOSTNAME_LOOKUP=YES|NO
     
173. # If set to YES, for each IP address that is reported by Denyhosts,
     
174. # the corresponding hostname will be looked up and reported as well
     
175. # (if available).
     
176. #是否做域名反解析
     
177. HOSTNAME_LOOKUP=NO
     
178. #
     
179. ######################################################################
     
180. 
     
181. ######################################################################
     
182. #
     
183. # LOCK_FILE
     
184. #
     
185. # LOCK_FILE=/path/denyhosts
     
186. # If this file exists when DenyHosts is run, then DenyHosts will exit
     
187. # immediately.  Otherwise, this file will be created upon invocation
     
188. # and deleted upon exit.  This ensures that only one instance is
     
189. # running at a time.
     
190. #
     
191. # Redhat/Fedora:
     
192. LOCK_FILE = /var/lock/subsys/denyhosts
     
193. #
     
194. # Debian
     
195. #LOCK_FILE = /var/run/denyhosts.pid
     
196. #
     
197. # Misc
     
198. #LOCK_FILE = /tmp/denyhosts.lock
     
199. #
     
200. ######################################################################
     
201. 
     
202. ############ THESE SETTINGS ARE OPTIONAL ############
     
203. 
     
204. #######################################################################
     
205. #
     
206. # ADMIN_EMAIL: if you would like to receive emails regarding newly
     
207. # restricted hosts and suspicious logins, set this address to
     
208. # match your email address.  If you do not want to receive these reports
     
209. # leave this field blank (or run with the --noemail option)
     
210. #
     
211. # Multiple email addresses can be delimited by a comma, eg:
     
212. # ADMIN_EMAIL = [email][email protected][/email], [email][email protected][/email], [email][email protected][/email]
     
213. #管理员Email
     
214. ADMIN_EMAIL =
     
215. #
     
216. #######################################################################
     
217. 
     
218. #######################################################################
     
219. #
     
220. # SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email
     
221. # reports (see ADMIN_EMAIL) then these settings specify the
     
222. # email server address (SMTP_HOST) and the server port (SMTP_PORT)
     
223. #
     
224. #
     
225. SMTP_HOST = localhost
     
226. SMTP_PORT = 25
     
227. #
     
228. #######################################################################
     
229. 
     
230. #######################################################################
     
231. #
     
232. # SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your
     
233. # smtp email server requires authentication
     
234. #
     
235. #SMTP_USERNAME=foo
     
236. #SMTP_PASSWORD=bar
     
237. #
     
238. ######################################################################
     
239. 
     
240. #######################################################################
     
241. #
     
242. # SMTP_FROM: you can specify the "From:" address in messages sent
     
243. # from DenyHosts when it reports thwarted abuse attempts
     
244. #
     
245. SMTP_FROM = DenyHosts <nobody@localhost>
     
246. #
     
247. #######################################################################
     
248. 
     
249. #######################################################################
     
250. #
     
251. # SMTP_SUBJECT: you can specify the "Subject:" of messages sent
     
252. # by DenyHosts when it reports thwarted abuse attempts
     
253. SMTP_SUBJECT = DenyHosts Report
     
254. #
     
255. ######################################################################
     
256. 
     
257. ######################################################################
     
258. #
     
259. # SMTP_DATE_FORMAT: specifies the format used for the "Date:" header
     
260. # when sending email messages.
     
261. #
     
262. # for possible values for this parameter refer to: man strftime
     
263. #
     
264. # the default:
     
265. #
     
266. #SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z
     
267. #
     
268. ######################################################################
     
269. 
     
270. ######################################################################
     
271. #
     
272. # SYSLOG_REPORT
     
273. #
     
274. # SYSLOG_REPORT=YES|NO
     
275. # If set to yes, when denied hosts are recorded the report data
     
276. # will be sent to syslog (syslog must be present on your system).
     
277. # The default is: NO
     
278. #
     
279. #SYSLOG_REPORT=NO
     
280. #
     
281. #SYSLOG_REPORT=YES
     
282. #
     
283. ######################################################################
     
284. 
     
285. ######################################################################
     
286. #
     
287. # ALLOWED_HOSTS_HOSTNAME_LOOKUP
     
288. #
     
289. # ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO
     
290. # If set to YES, for each entry in the WORK_DIR/allowed-hosts file,
     
291. # the hostname will be looked up.  If your versions of tcp_wrappers
     
292. # and sshd sometimes log hostnames in addition to ip addresses
     
293. # then you may wish to specify this option.
     
294. #
     
295. #ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
     
296. #
     
297. ######################################################################
     
298. 
     
299. ######################################################################
     
300. #
     
301. # AGE_RESET_VALID: Specifies the period of time between failed login
     
302. # attempts that, when exceeded will result in the failed count for
     
303. # this host to be reset to 0.  This value applies to login attempts
     
304. # to all valid users (those within /etc/passwd) with the
     
305. # exception of root.  If not defined, this count will never
     
306. # be reset.
     
307. #
     
308. # See the comments in the PURGE_DENY section (above)
     
309. # for details on specifying this value or for complete details
     
310. # refer to:  [url]http://denyhosts.sourceforge.net/faq.html#timespec[/url]
     
311. #
     
312. AGE_RESET_VALID=5d
     
313. #
     
314. ######################################################################
     
315. 
     
316. ######################################################################
     
317. #
     
318. # AGE_RESET_ROOT: Specifies the period of time between failed login
     
319. # attempts that, when exceeded will result in the failed count for
     
320. # this host to be reset to 0.  This value applies to all login
     
321. # attempts to the "root" user account.  If not defined,
     
322. # this count will never be reset.
     
323. #
     
324. # See the comments in the PURGE_DENY section (above)
     
325. # for details on specifying this value or for complete details
     
326. # refer to:  [url]http://denyhosts.sourceforge.net/faq.html#timespec[/url]
     
327. #
     
328. AGE_RESET_ROOT=25d
     
329. #
     
330. ######################################################################
     
331. 
     
332. ######################################################################
     
333. #
     
334. # AGE_RESET_RESTRICTED: Specifies the period of time between failed login
     
335. # attempts that, when exceeded will result in the failed count for
     
336. # this host to be reset to 0.  This value applies to all login
     
337. # attempts to entries found in the WORK_DIR/restricted-usernames file.
     
338. # If not defined, the count will never be reset.
     
339. #
     
340. # See the comments in the PURGE_DENY section (above)
     
341. # for details on specifying this value or for complete details
     
342. # refer to:  [url]http://denyhosts.sourceforge.net/faq.html#timespec[/url]
     
343. #
     
344. AGE_RESET_RESTRICTED=25d
     
345. #
     
346. ######################################################################
     
347. 
     
348. ######################################################################
     
349. #
     
350. # AGE_RESET_INVALID: Specifies the period of time between failed login
     
351. # attempts that, when exceeded will result in the failed count for
     
352. # this host to be reset to 0.  This value applies to login attempts
     
353. # made to any invalid username (those that do not appear
     
354. # in /etc/passwd).  If not defined, count will never be reset.
     
355. #
     
356. # See the comments in the PURGE_DENY section (above)
     
357. # for details on specifying this value or for complete details
     
358. # refer to:  [url]http://denyhosts.sourceforge.net/faq.html#timespec[/url]
     
359. #
     
360. AGE_RESET_INVALID=10d
     
361. #
     
362. ######################################################################
     
363. 
     
364. ######################################################################
     
365. #
     
366. # RESET_ON_SUCCESS: If this parameter is set to "yes" then the
     
367. # failed count for the respective ip address will be reset to 0
     
368. # if the login is successful.
     
369. #
     
370. # The default is RESET_ON_SUCCESS = no
     
371. #
     
372. #RESET_ON_SUCCESS = yes
     
373. #
     
374. #####################################################################
     
375. 
     
376. ######################################################################
     
377. #
     
378. # PLUGIN_DENY: If set, this value should point to an executable
     
379. # program that will be invoked when a host is added to the
     
380. # HOSTS_DENY file.  This executable will be passed the host
     
381. # that will be added as it's only argument.
     
382. #
     
383. #PLUGIN_DENY=/usr/bin/true
     
384. #
     
385. ######################################################################
     
386. 
     
387. ######################################################################
     
388. #
     
389. # PLUGIN_PURGE: If set, this value should point to an executable
     
390. # program that will be invoked when a host is removed from the
     
391. # HOSTS_DENY file.  This executable will be passed the host
     
392. # that is to be purged as it's only argument.
     
393. #
     
394. #PLUGIN_PURGE=/usr/bin/true
     
395. #
     
396. ######################################################################
     
397. 
     
398. ######################################################################
     
399. #
     
400. # USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain
     
401. # a regular expression that can be used to identify additional
     
402. # hackers for your particular ssh configuration.  This functionality
     
403. # extends the built-in regular expressions that DenyHosts uses.
     
404. # This parameter can be specified multiple times.
     
405. # See this faq entry for more details:
     
406. #    [url]http://denyhosts.sf.net/faq.html#userdef_regex[/url]
     
407. #
     
408. #USERDEF_FAILED_ENTRY_REGEX=
     
409. #
     
410. #
     
411. ######################################################################
     
412. 
     
413. ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
     
414. 
     
415. #######################################################################
     
416. #
     
417. # DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)
     
418. # this is the logfile that DenyHosts uses to report it's status.
     
419. # To disable logging, leave blank.  (default is: /var/log/denyhosts)
     
420. #
     
421. DAEMON_LOG = /var/log/denyhosts
     
422. #
     
423. # disable logging:
     
424. #DAEMON_LOG =
     
425. #
     
426. ######################################################################
     
427. 
     
428. #######################################################################
     
429. #
     
430. # DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode
     
431. # (--daemon flag) this specifies the timestamp format of
     
432. # the DAEMON_LOG messages (default is the ISO8061 format:
     
433. # ie. 2005-07-22 10:38:01,745)
     
434. #
     
435. # for possible values for this parameter refer to: man strftime
     
436. #
     
437. # Jan 1 13:05:59
     
438. #DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
     
439. #
     
440. # Jan 1 01:05:59
     
441. #DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S
     
442. #
     
443. ######################################################################
     
444. 
     
445. #######################################################################
     
446. #
     
447. # DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode
     
448. # (--daemon flag) this specifies the message format of each logged
     
449. # entry.  By default the following format is used:
     
450. #
     
451. # %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
     
452. #
     
453. # Where the "%(asctime)s" portion is expanded to the format
     
454. # defined by DAEMON_LOG_TIME_FORMAT
     
455. #
     
456. # This string is passed to python's logging.Formatter contstuctor.
     
457. # For details on the possible format types please refer to:
     
458. # [url]http://docs.python.org/lib/node357.html[/url]
     
459. #
     
460. # This is the default:
     
461. #DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s
     
462. #
     
463. #
     
464. ######################################################################
     
465. 
     
466. #######################################################################
     
467. #
     
468. # DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)
     
469. # this is the amount of time DenyHosts will sleep between polling
     
470. # the SECURE_LOG.  See the comments in the PURGE_DENY section (above)
     
471. # for details on specifying this value or for complete details
     
472. # refer to:    [url]http://denyhosts.sourceforge.net/faq.html#timespec[/url]
     
473. #
     
474. #
     
475. DAEMON_SLEEP = 30s
     
476. #
     
477. #######################################################################
     
478. 
     
479. #######################################################################
     
480. #
     
481. # DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,
     
482. # run the purge mechanism to expire old entries in HOSTS_DENY
     
483. # This has no effect if PURGE_DENY is blank.
     
484. #
     
485. DAEMON_PURGE = 1h
     
486. #
     
487. #######################################################################
     
488. 
     
489. #########   THESE SETTINGS ARE SPECIFIC TO     ##########
     
490. #########       DAEMON SYNCHRONIZATION         ##########
     
491. 
     
492. #######################################################################
     
493. #
     
494. # Synchronization mode allows the DenyHosts daemon the ability
     
495. # to periodically send and receive denied host data such that
     
496. # DenyHosts daemons worldwide can automatically inform one
     
497. # another regarding banned hosts.   This mode is disabled by
     
498. # default, you must uncomment SYNC_SERVER to enable this mode.
     
499. #
     
500. # for more information, please refer to:
     
501. #        http:/denyhosts.sourceforge.net/faq.html#sync
     
502. #
     
503. #######################################################################
     
504. 
     
505. #######################################################################
     
506. #
     
507. # SYNC_SERVER: The central server that communicates with DenyHost
     
508. # daemons.  Currently, denyhosts.net is the only available server
     
509. # however, in the future, it may be possible for organizations to
     
510. # install their own server for internal network synchronization
     
511. #
     
512. # To disable synchronization (the default), do nothing.
     
513. #
     
514. # To enable synchronization, you must uncomment the following line:
     
515. #SYNC_SERVER = [url]http://xmlrpc.denyhosts.net:9911[/url]
     
516. #
     
517. #######################################################################
     
518. 
     
519. #######################################################################
     
520. #
     
521. # SYNC_INTERVAL: the interval of time to perform synchronizations if
     
522. # SYNC_SERVER has been uncommented.  The default is 1 hour.
     
523. #
     
524. #SYNC_INTERVAL = 1h
     
525. #
     
526. #######################################################################
     
527. 
     
528. #######################################################################
     
529. #
     
530. # SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have
     
531. # been denied?  This option only applies if SYNC_SERVER has
     
532. # been uncommented.
     
533. # The default is SYNC_UPLOAD = yes
     
534. #
     
535. #SYNC_UPLOAD = no
     
536. #SYNC_UPLOAD = yes
     
537. #
     
538. #######################################################################
     
539. 
     
540. #######################################################################
     
541. #
     
542. # SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have
     
543. # been denied by others?  This option only applies if SYNC_SERVER has
     
544. # been uncommented.
     
545. # The default is SYNC_DOWNLOAD = yes
     
546. #
     
547. #SYNC_DOWNLOAD = no
     
548. #SYNC_DOWNLOAD = yes
     
549. #
     
550. #
     
551. #
     
552. #######################################################################
     
553. 
     
554. #######################################################################
     
555. #
     
556. # SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter
     
557. # filters the returned hosts to those that have been blocked this many
     
558. # times by others.  That is, if set to 1, then if a single DenyHosts
     
559. # server has denied an ip address then you will receive the denied host.
     
560. #
     
561. # See also SYNC_DOWNLOAD_RESILIENCY
     
562. #
     
563. #SYNC_DOWNLOAD_THRESHOLD = 10
     
564. #
     
565. # The default is SYNC_DOWNLOAD_THRESHOLD = 3
     
566. #
     
567. #SYNC_DOWNLOAD_THRESHOLD = 3
     
568. #
     
569. #######################################################################
     
570. 
     
571. #######################################################################
     
572. #
     
573. # SYNC_DOWNLOAD_RESILIENCY:  If SYNC_DOWNLOAD is enabled then the
     
574. # value specified for this option limits the downloaded data
     
575. # to this resiliency period or greater.
     
576. #
     
577. # Resiliency is defined as the timespan between a hackers first known
     
578. # attack and it's most recent attack.  Example:
     
579. #
     
580. # If the centralized   denyhosts.net server records an attack at 2 PM
     
581. # and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h
     
582. # will not download this ip address.
     
583. #
     
584. # However, if the attacker is recorded again at 6:15 PM then the
     
585. # ip address will be downloaded by your DenyHosts instance.
     
586. #
     
587. # This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD
     
588. # and only hosts that satisfy both values will be downloaded.
     
589. # This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1
     
590. #
     
591. # The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)
     
592. #
     
593. # Only obtain hackers that have been at it for 2 days or more:
     
594. #SYNC_DOWNLOAD_RESILIENCY = 2d
     
595. #
     
596. # Only obtain hackers that have been at it for 5 hours or more:
     
597. #SYNC_DOWNLOAD_RESILIENCY = 5h
     
598. #
     
599. #######################################################################

复制代码

最后就是设置启动脚本了

1. cp /usr/share/denyhosts/daemon-control-dist /usr/share/denyhosts/daemon-control
   
2. chown root /usr/share/denyhosts/daemon-control
   
3. chmod 755 /usr/share/denyhosts/daemon-control
   
4. ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
   
5. chkconfig --level 345 denyhosts on

复制代码

启动denyhosts

1. service denyhosts start

复制代码

这样就安装完成了,每次开机都自动启动的,自己测试下,输入几次错误的密码.然后看看cat /etc/hosts.deny 里面是否有屏蔽的IP,再然后测试下,有屏蔽IP是否还能登录SSH和FTP.我的FTP安装的是VSFTP,其他的没测试过..

http://imcat.in/ssh-ftp-install-denyhost-revent-brute-force/

[ 本帖最后由 Cat 于 2010-10-21 14:14 编辑 ]

小夜

支持一下。

dakai

顶好帖
收藏了
希望我用不上这个

yywudi

配置果然很长.....

wzhpro

原帖由 yywudi 于 2010-10-21 14:09 发表
配置果然很长.....

很多都是注释

press

不错。新手学习。收藏
！

test100

哈哈，我上个礼拜也搞了这个，每天都能封杀几个ip。无聊的人真多。

Globalization

看看

arthur548

改了ftp ssh 端口貌似这个不起作用吗

netroby

改端口是必须的，denyhosts也是必装的，安全是个大问题，事情无大小，都要好好重视才行。