11月 042013
接压缩并执行安装程序 [root@linuxwalk tarball]# tar xzf DenyHosts-2.6.tar.gz [root@linuxwalk DenyHosts-2.6]# python setup.py install
查看生成的目录及文件
[root@linuxwalk DenyHosts-2.6]# ll /usr/share/denyhosts/ total 84 -rw-r--r-- 1 root root 16549 Dec 8 2006 CHANGELOG.txt -rwxr-xr-x 1 root root 4076 Apr 22 2006 daemon-control-dist -rw-r--r-- 1 root root 20830 Aug 20 2006 denyhosts.cfg-dist -rw-r--r-- 1 root root 18009 Dec 17 2005 LICENSE.txt drwxr-xr-x 2 root root 4096 Nov 4 10:23 plugins -rw-r--r-- 1 root root 3575 Feb 3 2006 README.txt drwxr-xr-x 2 root root 4096 Nov 4 10:23 scripts -rw-r--r-- 1 root root 1522 Apr 5 2006 setup.py [root@linuxwalk DenyHosts-2.6]#
修改配置文件
[root@linuxwalk DenyHosts-2.6]# cd /usr/share/denyhosts/ [root@linuxwalk denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg [root@linuxwalk denyhosts]# vi denyhosts.cfg
默认配置文件中已启用的配置条目
通过读取/var/log/secure中的sshd登录信息判断登录类型 SECURE_LOG = /var/log/secure 储存限制登录主机地址的配置文件 HOSTS_DENY = /etc/hosts.deny 从不清楚以记录的限制地址 PURGE_DENY = BLOCK_SERVICE = sshd 对于系统中不存在的用户(非法尝试登录)登录尝试锁定次数 DENY_THRESHOLD_INVALID = 5
除root以外的有效系统用户登录尝试锁定次数 DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1 WORK_DIR = /usr/share/denyhosts/data SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES HOSTNAME_LOOKUP=YES LOCK_FILE = /var/lock/subsys/denyhosts ADMIN_EMAIL = SMTP_HOST = localhost SMTP_PORT = 25 SMTP_FROM = DenyHosts <nobody@localhost> SMTP_SUBJECT = DenyHosts Report 除root以外的有效系统用户登录尝试锁定后的计数清零时间 AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s DAEMON_PURGE = 1h
从示例文件添加启动脚本
[root@linuxwalk denyhosts]# cp daemon-control-dist daemon-control [root@linuxwalk denyhosts]# vi daemon-control
根据系统环境指定一下路径配置
DENYHOSTS_BIN = "/usr/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"
修改器启动脚本存取权限
[root@linuxwalk denyhosts]# chown root daemon-control [root@linuxwalk denyhosts]# chmod 700 daemon-control
手工启动denyhosts程序后查看已增加的限制主机列表
[root@linuxwalk denyhosts]# ./daemon-control start starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg [root@linuxwalk denyhosts]# cat /etc/hosts.deny # # hosts.deny This file contains access rules which are used to # deny connections to network services that either use # the tcp_wrappers library or that have been # started through a tcp_wrappers-enabled xinetd. # # The rules in this file can also be set up in # /etc/hosts.allow with a 'deny' option instead. # # See 'man 5 hosts_options' and 'man 5 hosts_access' # for information on rule syntax. # See 'man tcpd' for information on tcp_wrappers # sshd: 211.141.113.237 sshd: 61.164.110.115 sshd: 222.186.52.49 sshd: 61.160.200.54 sshd: 218.26.89.179 sshd: 23.88.104.125 [root@linuxwalk denyhosts]#
增加denyhosts为系统自启动服务
[root@linuxwalk denyhosts]# cd /etc/init.d/ [root@linuxwalk init.d]# ln -s /usr/share/denyhosts/daemon-control denyhosts [root@linuxwalk init.d]# chkconfig --add denyhosts [root@linuxwalk init.d]# service denyhosts status DenyHosts is running with pid = 4888 [root@linuxwalk init.d]# chkconfig --list denyhosts denyhosts 0:off 1:off 2:on 3:on 4:on 5:on 6:off [root@linuxwalk init.d]#
相关下载:
(1) Denyhosts 2.6