Oct 18

Denyhosts on CentOS

In general, I install fail2ban and denyhosts on all of my external linux servers that have port 22 open.  This is generally only because sftp is also installed on these systems because marketing people don’t know any other options like S3 on AWS.

I want to point out the files that need to be looked at before you enable the deamon mode via: sudo service denyhosts start.

First is the config located at /etc/denyhosts.conf.  That tells it to look at your /var/log/secure and update the /etc/host.deny file among other things

If you have IP’s or hosts that need to be whitelisted, you need to add them to a file that belongs to denyhosts.  It’s at: /var/lib/denyhosts/allowed-hosts

Once you start the service it will list all of the hosts that will be denied, verify that the list doesn’t include anything that matters to you.  If it does then you need to stop the service and delete those entries from /etc/hosts.deny and add them to /var/lib/denyhosts/allowed-hosts

Then enable it at startup with: sudo chkconfig denyhosts on

And if you on systemctl then take a look here for startup: http://digitalsos.com/?p=45


Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>