Install DenyHosts on Ubuntu 18.04 | 20.04
DenyHosts: Protecting Your Server from Brute-Force Attacks
If you manage a Linux server, you know that brute-force attacks are one of the biggest threats to your security. These attacks occur when a hacker tries to gain access to your server by repeatedly guessing usernames and passwords until they find the right combination. This can lead to compromised data, unauthorized access, and other security risks.
Fortunately, there is an appliance that can help protect your server from brute-force attacks: DenyHosts. In this essay, we’ll look at what DenyHosts is, how it works, and how to use it to safeguard your server.
What is DenyHosts?
DenyHosts is a free, open-source tool that helps protect against brute-force attacks by monitoring authentication logs and blocking IP addresses that repeatedly fail to authenticate. When DenyHosts detects multiple failed login attempts from a single IP address, it adds that IP address to a blocklist, effectively blocking all further access.
DenyHosts can also send email notifications when an IP address is blocked, allowing you to take further action if needed. This can help you identify and respond to potential security threats more quickly.
How does DenyHosts work?
DenyHosts monitor authentication logs on your server, which contain information about successful and failed login attempts. DenyHosts analyzes these logs and keeps track of the IP addresses associated with failed login attempts. If an IP address exceeds a configurable number of failed login attempts within a specified period, DenyHosts adds that IP address to a blocklist.
Once an IP address is blocked, any further attempts to connect to your server from that address will be automatically blocked. This can help prevent hackers from continuing to guess passwords and gain unauthorized access to your server.
How to use DenyHosts
Using DenyHosts is relatively straightforward. Here’s how to get started:
A Python-based tool for preventing attacks on SSH servers, DenyHosts provides log-based intrusion prevention. This security solution aims to prevent brute-force attacks on SSH servers by monitoring attempted logins and blocking associated IP addresses.
So here we’ll explain how to install denyhosts on Ubuntu 18.04, 20.04.
So let’s start,
Step 1: Getting your system up and running
- Sign in to your system or register a newly created one by logging in to your VPSie account.
- Connect by SSH using the credentials we emailed you.
- Once you have logged into your Ubuntu instance, run these commands to update your system.
apt-get update && apt-get upgrade -y
Step 2: Install DenyHosts
The installation can be done by running the command,
sudo apt-get install denyhosts
OR
sudo apt install denyhosts
Step 3: Add your IP address to an allowlist
Edit /etc/hosts.allow file and add client IP addresses. Make sure you are not blocked,
sudo vi /etc/hosts.allow
Please add your IP addresses to this syntax and continue,
sshd: whitelist-ip1, whitelist-ip2, ...., whitelist-ipN
Please save the file and close it.
Step 4: Configure denyhosts
The default mode of operation on a Debian or Ubuntu Linux system is daemon mode, configured in /etc/denyhosts.conf,
sudo vi /etc/denyhosts.conf
Set SECURE_LOG, HOSTS_DENY as follows,
SECURE_LOG = /var/log/auth.log HOSTS_DENY = /etc/hosts.deny
To block only sshd,
BLOCK_SERVICE = sshd
Deny login attempts at a certain threshold,
DENY_THRESHOLD_INVALID = 3 DENY_THRESHOLD_VALID = 10 DENY_THRESHOLD_ROOT = 1 DENY_THRESHOLD_RESTRICTED = 1
Step 5: Restart the denyhosts service
Run the following command,
sudo systemctl restart denyhosts.service
Enable the denyhosts service.
sudo systemctl enable denyhosts.service
Step 5: View a list of blocked hosts
Run the following command,
sudo cat /etc/hosts.deny
Step 6: Stop the denyhosts service
Run the following command,
sudo systemctl stop denyhosts.service
With DenyHosts running on your server, you can rest assured that you’re taking steps to protect against brute-force attacks and safeguard your data.
Features of DenyHosts:
DenyHosts has several features that make it a popular choice among server administrators. Some of the critical components of DenyHosts are:
- Brute-force attack prevention: DenyHosts is designed to prevent brute-force attacks by analyzing the system logs and blocking suspicious IP addresses.
- Configurable: DenyHosts is highly configurable, and users can customize it to meet their needs.
- Integration with system logs: DenyHosts integrates with the system logs, making monitoring and analyzing system activity easy.
- Automatic updates: DenyHosts is regularly updated with new features and security patches, ensuring it remains effective against the latest threats.
Advantages of DenyHosts:
- Practical: DenyHosts effectively prevents brute-force attacks and unauthorized access to Linux and UNIX-based servers.
- Easy to install and configure: DenyHosts is easy to install and configure, making it accessible to users of all skill levels.
- Customizable: DenyHosts is highly customizable, and users can configure it to meet their needs.
- Open-source: DenyHosts is open-source software, meaning it is free to use and can be customized and modified by users.
Disadvantages of DenyHosts:
- False positives: DenyHosts may sometimes block legitimate IP addresses, resulting in false positives.
- Incompatibility with some systems: DenyHosts may not be compatible with some systems, especially those with non-standard log file formats.
- Resource-intensive: DenyHosts can be resource-intensive, especially on servers with high traffic.
Use cases of DenyHosts:
DenyHosts is a popular security tool widely used in various industries and applications. Some of the everyday use cases of DenyHosts are:
- Web servers: DenyHosts is commonly used to protect web servers from unauthorized access and brute-force attacks.
- File servers: DenyHosts protects file servers from unauthorized access and data breaches.
- Database servers: DenyHosts protects database servers from unauthorized access and data breaches.
- Cloud servers: DenyHosts protects cloud servers from unauthorized access and data breaches.
How does DenyHosts compare to other similar systems?
Several other similar systems are used to prevent brute-force attacks and unauthorized access to servers. Some of the most popular methods compared to DenyHosts are Fail2ban, SSHGuard, and BlockHosts.
Fail2ban is another popular security tool that is similar to DenyHosts. It analyzes log files and blocks IP addresses that repeatedly attempt to log in with incorrect credentials. Fail2ban also supports many protocols, including SSH, FTP, and HTTP. While both Fail2ban and DenyHosts effectively prevent brute-force attacks, Fail2ban is more flexible and offers more features than DenyHosts. Fail2ban also has a larger user community and is more actively maintained.
SSHGuard is another security tool that prevents brute-force attacks on servers. It analyzes system logs and blocks IP addresses that repeatedly attempt to log in with incorrect credentials. SSHGuard also supports many protocols, including SSH, FTP, and HTTP. While SSHGuard is similar to DenyHosts in terms of functionality, SSHGuard is more lightweight and consumes fewer system resources than DenyHosts.
BlockHosts is another security tool that prevents brute-force attacks on servers. It analyzes system logs and blocks IP addresses that repeatedly attempt to log in with incorrect credentials. BlockHosts is similar to DenyHosts in terms of functionality, but it is less flexible and only supports as many protocols as DenyHosts.
Conclusion
Brute-force attacks are a serious threat to the security of your Linux server, but with tools like DenyHosts, you can take steps to mitigate this risk. By monitoring authentication logs and automatically blocking IP addresses associated with failed login attempts, DenyHosts helps keep your server secure and your data safe.
Whether you’re a seasoned server administrator or just getting started, DenyHosts is an essential tool to have in your security arsenal.
Thanks for reading! I hope it was informative for you!
Ubuntu Sofware Center on Ubuntu
DenyHosts is a security tool that helps protect against brute-force attacks by monitoring authentication logs and blocking IP addresses that repeatedly fail to authenticate.
You can install DenyHosts on Ubuntu by running the following instruct in the terminal: sudo apt-get install denyhosts
DenyHosts configuration file is located at /etc/denyhosts.conf on Ubuntu. You can edit this file to customize DenyHosts settings, such as the allowed number of failed login attempts and the time to block an IP address.
DenyHosts logs can be found in Ubuntu’s/var/log/denyhosts directory. You can view these logs using the tail command in the terminal.
You can safelist IP addresses in the DenyHosts configuration file by adding them to the allowed_hosts list.
To uninstall DenyHosts on Ubuntu, you can run the following instruct in the terminal: sudo apt-get remove denyhosts. This will remove the DenyHosts package from your system.
DenyHosts is a cross-platform tool that can also be used on other Linux distributions. However, the installation and configuration steps may vary depending on the distribution.
