Linux Commands and Scripts

How To Install and Configure DenyHosts in CentOS 7

DenyHosts is an open-source python-based tool developed by Phil Schwartz intended to prevent brute-force attacks and dictionary-based attacks on SSH servers. It is a log-based security tool.
It is simple and the ability to configure rules manually.

DenyHosts is widely used as an alternative to Fail2ban. If there have been too many invalid SSH login attempts it assume that it’s brute-force attacks or dictionary-based attacks and prevents the IP address from making any further attempts by adding it to /etc/hosts.deny on the server.

(Learn To Install Fail2ban on CentOS 7)

Install and configure denyhost in centos 7 from Github Repo

First, install git

# yum install git

Now, cloud the denyhosts Github repo

# git clone https://github.com/denyhosts/denyhosts

After cloning the files from the Github, install it.

# cd denyhosts

# python setup.py install

This will install the DenyHosts modules into python’s site-packages directory.

Let’s configure DenyHosts

We need to create a configuration file before it can function. The sample configuration file denyhosts.conf contains most of the possible settings and we need to copy it and edit the file.

# cp denyhosts.conf /etc

# vim /etc/denyhosts.conf

The sample configuration file contains informational comments that should help you quickly configure DenyHosts. After you have edited your configuration file, save it.

Next, we need to copy the sample daemon-control.dist script as such to daemon-control and modify the recommended section as per your configuration file location.

# cp daemon-control-dist daemon-control

Edit the daemon-control file. You should only need to edit this section near the top:

install denyhosts in centos 7

###############################################
#### Edit these to suit your configuration ####
###############################################

DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts"
DENYHOSTS_CFG = "/etc/denyhosts.conf"

Once you have edited the configuration and daemon control files make sure that the daemon control script it executable.

Now start DenyHosts manually

# ./daemon-control start

You should refer to the daemon log (typically /var/log/denyhosts) to ensure that DenyHosts is running successfully.

To start DenyHosts automatically

Create a symbolic link from /etc/init.d such as:

# cd /etc/init.d
# ln -s /usr/share/denyhosts/daemon-control denyhosts

Now, we can manage denyhosts service from systemctl command

To enable DenyHosts

# systemctl enable denyhosts

To start

# systemctl start denyhosts

To check the status

# systemctl status denyhosts

Today, we’ve see how our Support Engineers install and configure DenyHosts in CentOS 7using Github Repo and configured it.

[Need assistance to fix this error or install tools? We’ll help you.]

Related Articles