Setting up denyhosts in centos 6

Denyhosts is a script that checks logs for brute force login attacks. If an IP goes over a certain number of failures denyhosts will add the IP to /etc/hosts.deny blocking that host from accessing the server.

yum install denyhosts

If you have a static IP or one that doesn’t change very often you should add it to /etc/hosts.allow. This prevents denyhosts from blocking that IP if you fail to login. To find out what your external IP address is go to a site like whatismyip. Your IP will be displayed on the page. Add a line like: sshd: to /etc/hosts.allow. Replace with the IP you received.

The denyhosts config file is located in /etc/denyhosts/denyhosts.cfg. The config file explains all the settings. You can set it up to send out email reports. Also thresholds for failed logins can be changed. I usually just leave it alone.

Leave a Reply