How To Install DenyHosts on CentOS 7

ByLinux-Team

We explain all the steps you need to install DenyHosts in CentOS 7 and avoid attacks to the ssh

What is DenyHosts?

DenyHosts is a script that is used by many administrators and IT staff to avoid attacks on SSH servers, which can be known as dictionary-based or brute-force attacks because of the ability to decrypt the password.

As administrators, we can visualize in the CentOS 7 route the access attempts that have occurred to the system, and although as a general rule these accesses were not satisfactory it is better to prevent this type of efforts since some of them can occur and have serious security flaws.

/var/log/secure

Install DenyHosts in CentOS 7

First of all, we recommend updating the system using the command:

sudo yum update

Once the system is upgraded, we proceed to download the DenyHosts elements from the official repositories using the following command:

sudo rpm -Uvh http://mirror.metrocast.net/fedora/epel/6/i386/epel-release-6-8.noarch.rpm

Next we will install the DenyHosts packages using the following command:

sudo yum install denyhosts

Configure Parameters DenyHosts

Access the following route:

sudo nano /etc/hosts.allow

There it is necessary that we enter the IP address of our team, in this case it is 192.168.0.33 at the end of the file using the SSHD parameter:

sshd 192.168.0.33

Save Changes: Ctrl + O

Exit the editor: Ctrl + X

Then we will access the following file for its edition:

sudo nano /etc/hosts.deny

There we must add the next line to the end of the file:

sshd: ALL **

Save the changes. Once applied these changes we will use the following command to restart the service:

/etc/init.d/denyhosts restart

Main Configuration DenyHosts

Finally we can access the next route to adjust all DenyHosts values:

sudo nano /etc/denyhosts.conf

We will see the following:

There we can configure values such as:

PURGE_DENY: It allows us to define the time in which the IP addresses that have been blocked will be deleted.

BLOCK_SERVICE: Using this option we can define what services will be blocked to those devices that try to access without authorization.

DENY_THRESHOLD_INVALID: Using this alternative we can define the number of failed attempts of an account that does not exist

DENY_THRESHOLD_VALID: It does the same job as DENY_THRESHOLD_INVALID = but only for root users.

ADMIN_EMAIL: Through this option, we can define an email to receive reports about failed connections.

In the same way we can configure the parameters according to our needs.

Similar Posts

Leave a Reply

Your email address will not be published. Required fields are marked *