In general, I install fail2ban and denyhosts on all of my external linux servers that have port 22 open. This is generally only because sftp is also installed on these systems because marketing people don’t know any other options like S3 on AWS.
I want to point out the files that need to be looked at before you enable the deamon mode via: sudo service denyhosts start.
First is the config located at /etc/denyhosts.conf. That tells it to look at your /var/log/secure and update the /etc/host.deny file among other things
If you have IP’s or hosts that need to be whitelisted, you need to add them to a file that belongs to denyhosts. It’s at: /var/lib/denyhosts/allowed-hosts
Once you start the service it will list all of the hosts that will be denied, verify that the list doesn’t include anything that matters to you. If it does then you need to stop the service and delete those entries from /etc/hosts.deny and add them to /var/lib/denyhosts/allowed-hosts
Then enable it at startup with: sudo chkconfig denyhosts on
And if you on systemctl then take a look here for startup: http://digitalsos.com/?p=45
Recent Comments