Install DenyHosts on Ubuntu 18.04 | 20.04
DenyHosts: Protecting Your Server from Brute-Force Attacks
If you manage a Linux server, you know that brute-force attacks are one of the biggest threats to your security. These attacks occur when a hacker tries to gain access to your server by repeatedly guessing usernames and passwords until they find the right combination. This can lead to compromised data, unauthorized access, and other security risks.
Fortunately, there is an appliance that can help protect your server from brute-force attacks: DenyHosts. In this essay, we’ll look at what DenyHosts is, how it works, and how to use it to safeguard your server.
What is DenyHosts?
DenyHosts is a free, open-source tool that helps protect against brute-force attacks by monitoring authentication logs and blocking IP addresses that repeatedly fail to authenticate. When DenyHosts detects multiple failed login attempts from a single IP address, it adds that IP address to a blocklist, effectively blocking all further access.
DenyHosts can also send email notifications when an IP address is blocked, allowing you to take further action if needed. This can help you identify and respond to potential security threats more quickly.
How does DenyHosts work?
DenyHosts monitor authentication logs on your server, which contain information about successful and failed login attempts. DenyHosts analyzes these logs and keeps track of the IP addresses associated with failed login attempts. If an IP address exceeds a configurable number of failed login attempts within a specified period, DenyHosts adds that IP address to a blocklist.
Once an IP address is blocked, any further attempts to connect to your server from that address will be automatically blocked. This can help prevent hackers from continuing to guess passwords and gain unauthorized access to your server.
How to use DenyHosts
Using DenyHosts is relatively straightforward. Here’s how to get started:
A Python-based tool for preventing attacks on SSH servers, DenyHosts provides log-based intrusion prevention. This security solution aims to prevent brute-force attacks on SSH servers by monitoring attempted logins and blocking associated IP addresses.
So here we’ll explain how to install denyhosts on Ubuntu 18.04, 20.04.
So let’s start,
Step 1: Getting your system up and running
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y
Step 2: Install DenyHosts
The installation can be done by running the command,
sudo apt-get install denyhosts
OR
sudo apt install denyhosts
Step 3: Add your IP address to an allowlist
Edit /etc/hosts.allow file and add client IP addresses. Make sure you are not blocked,
sudo vi /etc/hosts.allow
Please add your IP addresses to this syntax and continue,
sshd: whitelist-ip1, whitelist-ip2, ...., whitelist-ipN
Please save the file and close it.
Step 4: Configure denyhosts
The default mode of operation on a Debian or Ubuntu Linux system is daemon mode, configured in /etc/denyhosts.conf,
sudo vi /etc/denyhosts.conf
Set SECURE_LOG, HOSTS_DENY as follows,
SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.deny
To block only sshd,
BLOCK_SERVICE = sshd
Deny login attempts at a certain threshold,
DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1
Step 5: Restart the denyhosts service
Run the following command,
sudo systemctl restart denyhosts.service
Enable the denyhosts service.
sudo systemctl enable denyhosts.service
Step 5: View a list of blocked hosts
Run the following command,
sudo cat /etc/hosts.deny
Step 6: Stop the denyhosts service
Run the following command,
sudo systemctl stop denyhosts.service
With DenyHosts running on your server, you can rest assured that you’re taking steps to protect against brute-force attacks and safeguard your data.
Conclusion
Brute-force attacks are a serious threat to the security of your Linux server, but with tools like DenyHosts, you can take steps to mitigate this risk. By monitoring authentication logs and automatically blocking IP addresses associated with failed login attempts, DenyHosts helps keep your server secure and your data safe.
Whether you’re a seasoned server administrator or just getting started, DenyHosts is an essential tool to have in your security arsenal.
Thanks for reading! I hope it was informative for you!
DenyHosts is a security tool that helps protect against brute-force attacks by monitoring authentication logs and blocking IP addresses that repeatedly fail to authenticate.
You can install DenyHosts on Ubuntu by running the following instruct in the terminal: sudo apt-get install denyhosts
DenyHosts configuration file is located at /etc/denyhosts.conf on Ubuntu. You can edit this file to customize DenyHosts settings, such as the allowed number of failed login attempts and the time to block an IP address.
DenyHosts logs can be found in Ubuntu’s/var/log/denyhosts directory. You can view these logs using the tail command in the terminal.
You can safelist IP addresses in the DenyHosts configuration file by adding them to the allowed_hosts list.
To uninstall DenyHosts on Ubuntu, you can run the following instruct in the terminal: sudo apt-get remove denyhosts. This will remove the DenyHosts package from your system.
DenyHosts is a cross-platform tool that can also be used on other Linux distributions. However, the installation and configuration steps may vary depending on the distribution.
