Setting up denyhosts in centos 6

Denyhosts is a script that checks logs for brute force login attacks. If an IP goes over a certain number of failures denyhosts will add the IP to /etc/hosts.deny blocking that host from accessing the server.

Installation
yum install denyhosts

Configuration
If you have a static IP or one that doesn’t change very often you should add it to /etc/hosts.allow. This prevents denyhosts from blocking that IP if you fail to login. To find out what your external IP address is go to a site like whatismyip. Your IP will be displayed on the page. Add a line like: sshd:123.123.123.123 to /etc/hosts.allow. Replace 123.123.123.123 with the IP you received.

The denyhosts config file is located in /etc/denyhosts/denyhosts.cfg. The config file explains all the settings. You can set it up to send out email reports. Also thresholds for failed logins can be changed. I usually just leave it alone.