为了减少软件扫描ssh登陆 还是用这个比较好点  默认端口号22 也要改 登陆密码也不要使用 弱口令 123456 这样的

Description

DenyHosts is a python program that automatically blocks ssh attacks by adding entries to /etc/hosts.deny.

DenyHosts will also inform Linux administrators about offending hosts, attacked users and suspicious logins.

官网地址 http://denyhosts.sourceforge.net/

下载地址

http://sourceforge.net/projects/denyhosts/

http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz

[root@localhost src]# cd /usr/local/src

没有安装wget的请使用 yum -install -y wget 安装

下载DenyHosts

[root@localhost src]# wget http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
--2015-03-28 15:39:28-- http://jaist.dl.sourceforge.net/project/denyhosts/denyhosts/2.6/DenyHosts-2.6.tar.gz
正在解析主机 jaist.dl.sourceforge.net (jaist.dl.sourceforge.net)... 150.65.7.130, 2001:df0:2ed:feed::feed
正在连接 jaist.dl.sourceforge.net (jaist.dl.sourceforge.net)|150.65.7.130|:80... 已连接。
已发出 HTTP 请求,正在等待回应... 200 OK
长度:42667 (42K) [application/x-gzip]
正在保存至: “DenyHosts-2.6.tar.gz”

100%[======================================>] 42,667 42.4KB/s 用时 1.0s

2015-03-28 15:39:30 (42.4 KB/s) - 已保存 “DenyHosts-2.6.tar.gz” [42667/42667])

解压DenyHosts

[root@localhost src]# tar -zxvf DenyHosts-2.6.tar.gz -C /usr/local/bin
DenyHosts-2.6/
DenyHosts-2.6/PKG-INFO
DenyHosts-2.6/denyhosts.py
DenyHosts-2.6/denyhosts.cfg-dist
DenyHosts-2.6/setup.py
DenyHosts-2.6/DenyHosts/
DenyHosts-2.6/DenyHosts/prefs.py
DenyHosts-2.6/DenyHosts/report.py
DenyHosts-2.6/DenyHosts/lockfile.py
DenyHosts-2.6/DenyHosts/__init__.py
DenyHosts-2.6/DenyHosts/plugin.py
DenyHosts-2.6/DenyHosts/denyfileutil.py
DenyHosts-2.6/DenyHosts/deny_hosts.py
DenyHosts-2.6/DenyHosts/regex.py
DenyHosts-2.6/DenyHosts/sync.py
DenyHosts-2.6/DenyHosts/counter.py
DenyHosts-2.6/DenyHosts/old-daemon.py
DenyHosts-2.6/DenyHosts/util.py
DenyHosts-2.6/DenyHosts/daemon.py
DenyHosts-2.6/DenyHosts/python_version.py
DenyHosts-2.6/DenyHosts/allowedhosts.py
DenyHosts-2.6/DenyHosts/filetracker.py
DenyHosts-2.6/DenyHosts/loginattempt.py
DenyHosts-2.6/DenyHosts/restricted.py
DenyHosts-2.6/DenyHosts/purgecounter.py
DenyHosts-2.6/DenyHosts/version.py
DenyHosts-2.6/DenyHosts/constants.py
DenyHosts-2.6/CHANGELOG.txt
DenyHosts-2.6/LICENSE.txt
DenyHosts-2.6/daemon-control-dist
DenyHosts-2.6/plugins/
DenyHosts-2.6/plugins/README.contrib
DenyHosts-2.6/plugins/shorewall_allow.sh
DenyHosts-2.6/plugins/shorewall_deny.sh
DenyHosts-2.6/plugins/test_deny.py
DenyHosts-2.6/scripts/
DenyHosts-2.6/scripts/restricted_from_invalid.py
DenyHosts-2.6/scripts/restricted_from_passwd.py
DenyHosts-2.6/README.txt
DenyHosts-2.6/MANIFEST.in

[root@localhost src]# cd /usr/local/bin

进入解压文件夹

cd DenyHosts-2.6

确认python编译工具安装

yun install -y python  centos 7默认已经安装python-2.7.5

开始编译安装setup.py

python setup.py install

[root@localhost DenyHosts-2.6]# python setup.py install

running install

running build

running build_py

creating build

creating build/lib

creating build/lib/DenyHosts

copying DenyHosts/prefs.py -> build/lib/DenyHosts

copying DenyHosts/report.py -> build/lib/DenyHosts

copying DenyHosts/lockfile.py -> build/lib/DenyHosts

copying DenyHosts/__init__.py -> build/lib/DenyHosts

copying DenyHosts/plugin.py -> build/lib/DenyHosts

copying DenyHosts/denyfileutil.py -> build/lib/DenyHosts

copying DenyHosts/deny_hosts.py -> build/lib/DenyHosts

copying DenyHosts/regex.py -> build/lib/DenyHosts

copying DenyHosts/sync.py -> build/lib/DenyHosts

copying DenyHosts/counter.py -> build/lib/DenyHosts

copying DenyHosts/old-daemon.py -> build/lib/DenyHosts

copying DenyHosts/util.py -> build/lib/DenyHosts

copying DenyHosts/daemon.py -> build/lib/DenyHosts

copying DenyHosts/python_version.py -> build/lib/DenyHosts

copying DenyHosts/allowedhosts.py -> build/lib/DenyHosts

copying DenyHosts/filetracker.py -> build/lib/DenyHosts

copying DenyHosts/loginattempt.py -> build/lib/DenyHosts

copying DenyHosts/restricted.py -> build/lib/DenyHosts

copying DenyHosts/purgecounter.py -> build/lib/DenyHosts

copying DenyHosts/version.py -> build/lib/DenyHosts

copying DenyHosts/constants.py -> build/lib/DenyHosts

running build_scripts

creating build/scripts-2.7

copying and adjusting denyhosts.py -> build/scripts-2.7

changing mode of build/scripts-2.7/denyhosts.py from 644 to 755

running install_lib

creating /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/prefs.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/report.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/lockfile.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/__init__.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/plugin.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/denyfileutil.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/deny_hosts.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/regex.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/sync.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/counter.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/old-daemon.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/util.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/daemon.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/python_version.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/allowedhosts.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/filetracker.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/loginattempt.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/restricted.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/purgecounter.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/version.py -> /usr/lib/python2.7/site-packages/DenyHosts

copying build/lib/DenyHosts/constants.py -> /usr/lib/python2.7/site-packages/DenyHosts

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/prefs.py to prefs.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/report.py to report.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/lockfile.py to lockfile.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/__init__.py to __init__.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/plugin.py to plugin.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/denyfileutil.py to denyfileutil.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/deny_hosts.py to deny_hosts.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/regex.py to regex.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/sync.py to sync.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/counter.py to counter.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/old-daemon.py to old-daemon.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/util.py to util.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/daemon.py to daemon.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/python_version.py to python_version.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/allowedhosts.py to allowedhosts.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/filetracker.py to filetracker.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/loginattempt.py to loginattempt.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/restricted.py to restricted.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/purgecounter.py to purgecounter.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/version.py to version.pyc

byte-compiling /usr/lib/python2.7/site-packages/DenyHosts/constants.py to constants.pyc

running install_scripts

copying build/scripts-2.7/denyhosts.py -> /usr/bin

changing mode of /usr/bin/denyhosts.py to 755

running install_data

creating /usr/share/denyhosts

copying denyhosts.cfg-dist -> /usr/share/denyhosts

copying setup.py -> /usr/share/denyhosts

copying daemon-control-dist -> /usr/share/denyhosts

copying CHANGELOG.txt -> /usr/share/denyhosts

copying README.txt -> /usr/share/denyhosts

creating /usr/share/denyhosts/scripts

copying scripts/restricted_from_invalid.py -> /usr/share/denyhosts/scripts

copying scripts/restricted_from_passwd.py -> /usr/share/denyhosts/scripts

creating /usr/share/denyhosts/plugins

copying plugins/README.contrib -> /usr/share/denyhosts/plugins

copying plugins/shorewall_allow.sh -> /usr/share/denyhosts/plugins

copying plugins/shorewall_deny.sh -> /usr/share/denyhosts/plugins

copying plugins/test_deny.py -> /usr/share/denyhosts/plugins

copying LICENSE.txt -> /usr/share/denyhosts

running install_egg_info

Writing /usr/lib/python2.7/site-packages/DenyHosts-2.6-py2.7.egg-info

[root@localhost DenyHosts-2.6]#

编辑配置文件denyhosts.cfg

[root@localhost DenyHosts-2.6]# cd /usr/share/denyhosts/

[root@localhost denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg

    [root@localhost denyhosts]# cp daemon-control-dist daemon-control

 vi denyhost.cfg

该配置文件结构比较简单,简要说明主要参数如下:
PURGE_DENY:当一个IP被阻止以后,过多长时间被自动解禁。可选如3m(三分钟)、5h(5小时)、2d(两天)、8w(8周)、1y(一年);
PURGE_THRESHOLD:定义了某一IP最多被解封多少次。即某一IP由于暴力破解SSH密码被阻止/解封达到了PURGE_THRESHOLD次,则会被永久禁止;
BLOCK_SERVICE:需要阻止的服务名;
DENY_THRESHOLD_INVALID:某一无效用户名(不存在的用户)尝试多少次登录后被阻止;
DENY_THRESHOLD_VALID:某一有效用户名尝试多少次登陆后被阻止(比如账号正确但密码错误),root除外;
DENY_THRESHOLD_ROOT:root用户尝试登录多少次后被阻止;
HOSTNAME_LOOKUP:是否尝试解析源IP的域名;

[root@localhost denyhosts]# vi denyhost.cfg

       ############ THESE SETTINGS ARE REQUIRED ############

########################################################################

#

# SECURE_LOG: the log file that contains sshd logging info

# if you are not sure, grep "sshd:" /var/log/*

#

# The file to process can be overridden with the --file command line

# argument

#

# Redhat or Fedora Core:

SECURE_LOG = /var/log/secure

#

# Mandrake, FreeBSD or OpenBSD:

#SECURE_LOG = /var/log/auth.log

#

# SuSE:

#SECURE_LOG = /var/log/messages

#

# Mac OS X (v10.4 or greater -

#   also refer to:   http://www.denyhosts.net/faq.html#macos

#SECURE_LOG = /private/var/log/asl.log

#

# Mac OS X (v10.3 or earlier):

#SECURE_LOG=/private/var/log/system.log

#

########################################################################

########################################################################

#

# HOSTS_DENY: the file which contains restricted host access information

#

# Most operating systems:

HOSTS_DENY = /etc/hosts.deny

#

# Some BSD (FreeBSD) Unixes:

#HOSTS_DENY = /etc/hosts.allow

#

# Another possibility (also see the next option):

#HOSTS_DENY = /etc/hosts.evil

#######################################################################

########################################################################

#

# PURGE_DENY: removed HOSTS_DENY entries that are older than this time

#             when DenyHosts is invoked with the --purge flag

#

#      format is: i[dhwmy]

#      Where 'i' is an integer (eg. 7)

#            'm' = minutes

#            'h' = hours

#            'd' = days

#            'w' = weeks

#            'y' = years

#

# never purge:

PURGE_DENY = 100y

#

# purge entries older than 1 week

#PURGE_DENY = 1w

#

# purge entries older than 5 days

#PURGE_DENY = 5d

#######################################################################

#######################################################################

#

# PURGE_THRESHOLD: defines the maximum times a host will be purged.

# Once this value has been exceeded then this host will not be purged.

# Setting this parameter to 0 (the default) disables this feature.

#

# default: a denied host can be purged/re-added indefinitely

#PURGE_THRESHOLD = 0

#

# a denied host will be purged at most 2 times.

#PURGE_THRESHOLD = 2

#

#######################################################################

#######################################################################

#

# BLOCK_SERVICE: the service name that should be blocked in HOSTS_DENY

#

# man 5 hosts_access for details

#

# eg.   sshd: 127.0.0.1  # will block sshd logins from 127.0.0.1

#

# To block all services for the offending host:

#BLOCK_SERVICE = ALL

# To block only sshd:

BLOCK_SERVICE  = sshd

# To only record the offending host and nothing else (if using

# an auxilary file to list the hosts).  Refer to:

# http://denyhosts.sourceforge.net/faq.html#aux

#BLOCK_SERVICE =

#

#######################################################################

#######################################################################

#

# DENY_THRESHOLD_INVALID: block each host after the number of failed login

# attempts has exceeded this value.  This value applies to invalid

# user login attempts (eg. non-existent user accounts)

#

DENY_THRESHOLD_INVALID = 5

#

#######################################################################

#######################################################################

#

# DENY_THRESHOLD_VALID: block each host after the number of failed

# login attempts has exceeded this value.  This value applies to valid

# user login attempts (eg. user accounts that exist in /etc/passwd) except

# for the "root" user

#

DENY_THRESHOLD_VALID = 10

#

#######################################################################

#######################################################################

#

# DENY_THRESHOLD_ROOT: block each host after the number of failed

# login attempts has exceeded this value.  This value applies to

# "root" user login attempts only.

#

DENY_THRESHOLD_ROOT = 10

#

#######################################################################

#######################################################################

#

# DENY_THRESHOLD_RESTRICTED: block each host after the number of failed

# login attempts has exceeded this value.  This value applies to

# usernames that appear in the WORK_DIR/restricted-usernames file only.

#

DENY_THRESHOLD_RESTRICTED = 1

#

#######################################################################

#######################################################################

#

# WORK_DIR: the path that DenyHosts will use for writing data to

# (it will be created if it does not already exist).

#

# Note: it is recommended that you use an absolute pathname

# for this value (eg. /home/foo/denyhosts/data)

#

WORK_DIR = /usr/share/denyhosts/data

#

#######################################################################

#######################################################################

#

# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS

#

# SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES|NO

# If set to YES, if a suspicious login attempt results from an allowed-host

# then it is considered suspicious.  If this is NO, then suspicious logins

# from allowed-hosts will not be reported.  All suspicious logins from

# ip addresses that are not in allowed-hosts will always be reported.

#

SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES

######################################################################

######################################################################

#

# HOSTNAME_LOOKUP

#

# HOSTNAME_LOOKUP=YES|NO

# If set to YES, for each IP address that is reported by Denyhosts,

# the corresponding hostname will be looked up and reported as well

# (if available).

#

HOSTNAME_LOOKUP=YES

#

######################################################################

######################################################################

#

# LOCK_FILE

#

# LOCK_FILE=/path/denyhosts

# If this file exists when DenyHosts is run, then DenyHosts will exit

# immediately.  Otherwise, this file will be created upon invocation

# and deleted upon exit.  This ensures that only one instance is

# running at a time.

#

# Redhat/Fedora:

LOCK_FILE = /var/lock/subsys/denyhosts

#

# Debian

#LOCK_FILE = /var/run/denyhosts.pid

#

# Misc

#LOCK_FILE = /tmp/denyhosts.lock

#

######################################################################

       ############ THESE SETTINGS ARE OPTIONAL ############

#######################################################################

#

# ADMIN_EMAIL: if you would like to receive emails regarding newly

# restricted hosts and suspicious logins, set this address to

# match your email address.  If you do not want to receive these reports

# leave this field blank (or run with the --noemail option)

#

# Multiple email addresses can be delimited by a comma, eg:

# ADMIN_EMAIL = foo@bar.com, bar@foo.com, etc@foobar.com

#

ADMIN_EMAIL =

#

#######################################################################

#######################################################################

#######################################################################

#

# SMTP_HOST and SMTP_PORT: if DenyHosts is configured to email

# reports (see ADMIN_EMAIL) then these settings specify the

# email server address (SMTP_HOST) and the server port (SMTP_PORT)

#

#

SMTP_HOST = localhost

SMTP_PORT = 25

#

#######################################################################

#######################################################################

#

# SMTP_USERNAME and SMTP_PASSWORD: set these parameters if your

# smtp email server requires authentication

#

#SMTP_USERNAME=foo

#SMTP_PASSWORD=bar

#

######################################################################

#######################################################################

#

# SMTP_FROM: you can specify the "From:" address in messages sent

# from DenyHosts when it reports thwarted abuse attempts

#

SMTP_FROM = DenyHosts <nobody@localhost>

#

#######################################################################

#######################################################################

#

# SMTP_SUBJECT: you can specify the "Subject:" of messages sent

# by DenyHosts when it reports thwarted abuse attempts

SMTP_SUBJECT = DenyHosts Report

#

######################################################################

######################################################################

#

# SMTP_DATE_FORMAT: specifies the format used for the "Date:" header

# when sending email messages.

#

# for possible values for this parameter refer to: man strftime

#

# the default:

#

#SMTP_DATE_FORMAT = %a, %d %b %Y %H:%M:%S %z

#

######################################################################

######################################################################

#

# SYSLOG_REPORT

#

# SYSLOG_REPORT=YES|NO

# If set to yes, when denied hosts are recorded the report data

# will be sent to syslog (syslog must be present on your system).

# The default is: NO

#

#SYSLOG_REPORT=NO

#

#SYSLOG_REPORT=YES

#

######################################################################

######################################################################

#

# ALLOWED_HOSTS_HOSTNAME_LOOKUP

#

# ALLOWED_HOSTS_HOSTNAME_LOOKUP=YES|NO

# If set to YES, for each entry in the WORK_DIR/allowed-hosts file,

# the hostname will be looked up.  If your versions of tcp_wrappers

# and sshd sometimes log hostnames in addition to ip addresses

# then you may wish to specify this option.

#

#ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO

#

######################################################################

######################################################################

#

# AGE_RESET_VALID: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0.  This value applies to login attempts

# to all valid users (those within /etc/passwd) with the

# exception of root.  If not defined, this count will never

# be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_VALID=5d

#

######################################################################

######################################################################

#

# AGE_RESET_ROOT: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0.  This value applies to all login

# attempts to the "root" user account.  If not defined,

# this count will never be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_ROOT=25d

#

######################################################################

######################################################################

#

# AGE_RESET_RESTRICTED: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0.  This value applies to all login

# attempts to entries found in the WORK_DIR/restricted-usernames file.

# If not defined, the count will never be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_RESTRICTED=25d

#

######################################################################

######################################################################

#

# AGE_RESET_INVALID: Specifies the period of time between failed login

# attempts that, when exceeded will result in the failed count for

# this host to be reset to 0.  This value applies to login attempts

# made to any invalid username (those that do not appear

# in /etc/passwd).  If not defined, count will never be reset.

#

# See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to:  http://denyhosts.sourceforge.net/faq.html#timespec

#

AGE_RESET_INVALID=10d

#

######################################################################

######################################################################

#

# RESET_ON_SUCCESS: If this parameter is set to "yes" then the

# failed count for the respective ip address will be reset to 0

# if the login is successful.

#

# The default is RESET_ON_SUCCESS = no

#

#RESET_ON_SUCCESS = yes

#

#####################################################################

######################################################################

#

# PLUGIN_DENY: If set, this value should point to an executable

# program that will be invoked when a host is added to the

# HOSTS_DENY file.  This executable will be passed the host

# that will be added as it's only argument.

#

#PLUGIN_DENY=/usr/bin/true

#

######################################################################

######################################################################

#

# PLUGIN_PURGE: If set, this value should point to an executable

# program that will be invoked when a host is removed from the

# HOSTS_DENY file.  This executable will be passed the host

# that is to be purged as it's only argument.

#

#PLUGIN_PURGE=/usr/bin/true

#

######################################################################

######################################################################

#

# USERDEF_FAILED_ENTRY_REGEX: if set, this value should contain

# a regular expression that can be used to identify additional

# hackers for your particular ssh configuration.  This functionality

# extends the built-in regular expressions that DenyHosts uses.

# This parameter can be specified multiple times.

# See this faq entry for more details:

#    http://denyhosts.sf.net/faq.html#userdef_regex

#

#USERDEF_FAILED_ENTRY_REGEX=

#

#

######################################################################

   ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########

#######################################################################

#

# DAEMON_LOG: when DenyHosts is run in daemon mode (--daemon flag)

# this is the logfile that DenyHosts uses to report it's status.

# To disable logging, leave blank.  (default is: /var/log/denyhosts)

#

DAEMON_LOG = /var/log/denyhosts

#

# disable logging:

#DAEMON_LOG =

#

######################################################################

#######################################################################

#

# DAEMON_LOG_TIME_FORMAT: when DenyHosts is run in daemon mode

# (--daemon flag) this specifies the timestamp format of

# the DAEMON_LOG messages (default is the ISO8061 format:

# ie. 2005-07-22 10:38:01,745)

#

# for possible values for this parameter refer to: man strftime

#

# Jan 1 13:05:59

#DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S

#

# Jan 1 01:05:59

#DAEMON_LOG_TIME_FORMAT = %b %d %I:%M:%S

#

######################################################################

#######################################################################

#

# DAEMON_LOG_MESSAGE_FORMAT: when DenyHosts is run in daemon mode

# (--daemon flag) this specifies the message format of each logged

# entry.  By default the following format is used:

#

# %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s

#

# Where the "%(asctime)s" portion is expanded to the format

# defined by DAEMON_LOG_TIME_FORMAT

#

# This string is passed to python's logging.Formatter contstuctor.

# For details on the possible format types please refer to:

# http://docs.python.org/lib/node357.html

#

# This is the default:

#DAEMON_LOG_MESSAGE_FORMAT = %(asctime)s - %(name)-12s: %(levelname)-8s %(message)s

#

#

######################################################################

#######################################################################

#

# DAEMON_SLEEP: when DenyHosts is run in daemon mode (--daemon flag)

# this is the amount of time DenyHosts will sleep between polling

# the SECURE_LOG.  See the comments in the PURGE_DENY section (above)

# for details on specifying this value or for complete details

# refer to:    http://denyhosts.sourceforge.net/faq.html#timespec

#

#

DAEMON_SLEEP = 30s

#

#######################################################################

#######################################################################

#

# DAEMON_PURGE: How often should DenyHosts, when run in daemon mode,

# run the purge mechanism to expire old entries in HOSTS_DENY

# This has no effect if PURGE_DENY is blank.

#

DAEMON_PURGE = 1h

#

#######################################################################

   #########   THESE SETTINGS ARE SPECIFIC TO     ##########

   #########       DAEMON SYNCHRONIZATION         ##########

#######################################################################

#

# Synchronization mode allows the DenyHosts daemon the ability

# to periodically send and receive denied host data such that

# DenyHosts daemons worldwide can automatically inform one

# another regarding banned hosts.   This mode is disabled by

# default, you must uncomment SYNC_SERVER to enable this mode.

#

# for more information, please refer to:

#        http:/denyhosts.sourceforge.net/faq.html#sync

#

#######################################################################

#######################################################################

#

# SYNC_SERVER: The central server that communicates with DenyHost

# daemons.  Currently, denyhosts.net is the only available server

# however, in the future, it may be possible for organizations to

# install their own server for internal network synchronization

#

# To disable synchronization (the default), do nothing.

#

# To enable synchronization, you must uncomment the following line:

#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911

#

#######################################################################

#######################################################################

#

# SYNC_INTERVAL: the interval of time to perform synchronizations if

# SYNC_SERVER has been uncommented.  The default is 1 hour.

#

#SYNC_INTERVAL = 1h

#

#######################################################################

#######################################################################

#

# SYNC_UPLOAD: allow your DenyHosts daemon to transmit hosts that have

# been denied?  This option only applies if SYNC_SERVER has

# been uncommented.

# The default is SYNC_UPLOAD = yes

#

#SYNC_UPLOAD = no

#SYNC_UPLOAD = yes

#

#######################################################################

#######################################################################

#

# SYNC_DOWNLOAD: allow your DenyHosts daemon to receive hosts that have

# been denied by others?  This option only applies if SYNC_SERVER has

# been uncommented.

# The default is SYNC_DOWNLOAD = yes

#

#SYNC_DOWNLOAD = no

#SYNC_DOWNLOAD = yes

#

#

#

#######################################################################

#######################################################################

#

# SYNC_DOWNLOAD_THRESHOLD: If SYNC_DOWNLOAD is enabled this parameter

# filters the returned hosts to those that have been blocked this many

# times by others.  That is, if set to 1, then if a single DenyHosts

# server has denied an ip address then you will receive the denied host.

#

# See also SYNC_DOWNLOAD_RESILIENCY

#

#SYNC_DOWNLOAD_THRESHOLD = 10

#

# The default is SYNC_DOWNLOAD_THRESHOLD = 3

#

#SYNC_DOWNLOAD_THRESHOLD = 3

#

#######################################################################

#######################################################################

#

# SYNC_DOWNLOAD_RESILIENCY:  If SYNC_DOWNLOAD is enabled then the

# value specified for this option limits the downloaded data

# to this resiliency period or greater.

#

# Resiliency is defined as the timespan between a hackers first known

# attack and it's most recent attack.  Example:

#

# If the centralized   denyhosts.net server records an attack at 2 PM

# and then again at 5 PM, specifying a SYNC_DOWNLOAD_RESILIENCY = 4h

# will not download this ip address.

#

# However, if the attacker is recorded again at 6:15 PM then the

# ip address will be downloaded by your DenyHosts instance.

#

# This value is used in conjunction with the SYNC_DOWNLOAD_THRESHOLD

# and only hosts that satisfy both values will be downloaded.

# This value has no effect if SYNC_DOWNLOAD_THRESHOLD = 1

#

# The default is SYNC_DOWNLOAD_RESILIENCY = 5h (5 hours)

#

# Only obtain hackers that have been at it for 2 days or more:

#SYNC_DOWNLOAD_RESILIENCY = 2d

# Only obtain hackers that have been at it for 5 hours or more:

#SYNC_DOWNLOAD_RESILIENCY = 5h

#

#######################################################################

启动DenyHosts和添加自启动


目录 /usr/share/denyhosts

./daemon-control start 

添加自启动服务

[root@localhost denyhosts]# cd /etc/init.d

[root@localhost init.d]# ls

functions  iprdump  iprinit  iprupdate  netconsole  network  README

[root@localhost init.d]# ln -s /usr/share/denyhosts/daemon-control denyhosts

[root@localhost init.d]# ls

denyhosts  functions  iprdump  iprinit  iprupdate  netconsole  network  README

[root@localhost init.d]# chkconfig --add denyhosts

[root@localhost init.d]# chkconfig denyhosts on

[root@localhost init.d]# chkconfig --list denyhosts

注意:该输出结果只显示 SysV 服务,并不包含原生 systemd 服务。SysV 配置数据可能被原生 systemd 配置覆盖。

      如果您想列出 systemd 服务,请执行 'systemctl list-unit-files'。

      欲查看对特定 target 启用的服务请执行

      'systemctl list-dependencies [target]'。

denyhosts       0:关    1:关    2:开    3:开    4:开    5:开    6:关

  





这样就完成了

												


											
centos 7 DenyHosts 安装 防暴力破解ssh登陆的更多相关文章
	

    
								
  1. DenyHosts  安全限制ssh防暴力破解
		
    DenyHosts是Python语言写的一个程序,它会分析sshd的日志文件(/var/log/secure),当发现重 复的攻击时就会记录IP到/etc/hosts.deny文件,从而达到自动屏IP ...
    
		
    2. 
						
  2. openssh安装、设置指定端口号、免密码登录、变量传递、防暴力破解
		
    首先确保机器挂在好光盘镜像,然后查看软件包信息 [root@xuegod63 ~]# df -hFilesystem      Size  Used Avail Use% Mounted on/dev ...
    
		
    3. 
						
  3. Centos6.4 安装fail2ban防暴力破解
		
    Centos6.4 安装fail2ban防暴力破解 一. 安装 curl -O https://codeload.github.com/fail2ban/fail2ban/tar.gz/0.9.0 m ...
    
		
    4. 
						
  4. centos7防暴力破解五种方法
		
    什么是暴力破解,简单来说就是对一个服务器进行无数次尝试登陆,并用不同的密码进行登陆直到可以登陆成功.暴力破解的基本步骤可以分为以下几步: 1. 找到对应的linux服务器    Ip地址 2.扫描端口 ...
    
		
    5. 
						
  5. fail2ban的使用以及防暴力破解与邮件预警
		
    fail2ban可以监视你的系统日志,然后匹配日志的错误信息(正则式匹配)执行相应的屏蔽动作(一般情况下是防火墙),而且可以发送e-mail通知系统管理员! fail2ban运行机制:简单来说其功能就 ...
    
		
    6. 
						
  6. fail2ban 防暴力破解总结
		
    公司服务器安全问题一直是个令人头疼的问题,许多运维的小伙伴一直在用脚本来监控服务器登录状态,然而脚本编写比较麻烦,今天就给大家推荐一款小而精致的防暴力破解工具 fail2ban ,他可以监控系统日志, ...
    
		
    7. 
						
  7. WordPress防暴力破解:安全插件和用.htpasswd保护WordPress控制面板
		
    正在用Wordpress的博主们一定知道最近全球兴起的一波黑客锁定Wordpress暴力破解控制面板密码的风波了,据CloudFlare执行长Matthew Prince所说,所谓的暴力密码攻击是输入 ...
    
		
    8. 
						
  8. [典型漏洞分享]YS的防暴力破解设计存在缺陷
		
    YS使用的防暴力破解机制存在缺陷,该缺陷可被用于暴力破解其它用户密码[高] 问题描述: YS在用户登录页面设置了验证码机制,当用户输入密码错误次数达到3次时,再次登录需要验证码以防止攻击者进行暴力破解 ...
    
		
    9. 
						
  9. 使用Medusa美杜莎暴力破解SSH密码
		
    使用Medusa美杜莎暴力破解SSH密码 1.Medusa简介 Medusa(美杜莎)是一个速度快,支持大规模并行,模块化的爆力破解工具.可以同时对多个主机,用户或密码执行强力测试.Medusa和hy ...
    
		
    10. 
		

	


随机推荐
	

    
									
  1. sql-将一个表中的数导入另一个表中
			
    1.如果2张表的字段一致,并且希望插入全部数据 可以用这种方法: INSERT INTO 目标表 SELECT * FROM 来源表;例: insert into insertTest select  ...
    
			
    2. 
						
  2. 使用IDEA自带的rest client参数传递乱码问题
			
     在idea使用rest client(idea自带的访问请求地址工具)调试的时候,有时出现中文会乱码的情况    解决方法如下:   1.打开IDEA安装路径下的bin文件夹里面的idea64.ex ...
    
			
    3. 
						
  3. Spark 与 MapReduce的区别
			
    学习参考自 http://spark-internals.books.yourtion.com/markdown/4-shuffleDetails.html 1.  Shuffle read 边 fe ...
    
			
    4. 
						
  4. leetcode 402. Remove K Digits
			
    Given a non-negative integer num represented as a string, remove k digits from the number so that th ...
    
			
    5. 
						
  5. css选择器(选择<div>内所有<p>元素)
			
    情况1:<div><p></div> 情况2:<div><a><p></p></a></div&g ...
    
			
    6. 
						
  6. 洛谷P2246 SAC#1 - Hello World(升级版)
			
    题目背景 T1答案要mod1000000007(10^9+7),请重新提交,非常抱歉! 一天,智障的pipapi正在看某辣鸡讲义学程序设计. 题目描述 在讲义的某一面,他看见了一篇文章.这篇文章由英文 ...
    
			
    7. 
						
  7. Spring表单参数绑定中对“is”开头的boolean类型字段的的处理
			
    之前在新浪微博上面发了一个微薄: 弱弱的发现在定义boolean类型的时候最好不要使用“is”开头,可以避免一些问题哦 然后有一些朋友朋友问我为什么,当时比较忙,现在写篇文章举一个例子,回复一下这个问 ...
    
			
    8. 
						
  8. Linux Command Line Basics
			
    Most of this note comes from the Beginning the Linux Command Line, Second Edition by Sander van Vugt ...
    
			
    9. 
						
  9. 数据结构1 线段树查询一个区间的O(log N) 复杂度的证明
			
    线段树属于二叉树, 其核心特征就是支持区间加法,这样就可以把任意待查询的区间$[L, R]$分解到线段树的节点上去,再把这些节点的信息合并起来从而得到区间$[L,R]$的信息. 下面证明在线段树上查询 ...
    
			
    10. 
						
  10. Ubuntu学习总结-05 安装和学习MySQL
			
    1 更新源列表 在终端窗口输入以下命令更新安装源. sudo apt-get update 效果如下图所示: 2 安装MySQL 在终端输入如下命令安装MySQL, sudo apt-get inst ...
    
			
    11.