使用denyhosts防止暴力破解ssh

下载安装denyhosts

github上有软件及安装说明，使用python开发的：
https://github.com/denyhosts/denyhosts
当前最新版提供deb包和rpm包，方便debain/ubuntu和redhat/centos系统安装
这里我使用deb包：
wget https://github.com/denyhosts/denyhosts/releases/download/v3.1/denyhosts_3.1.2-2_all.deb
安装
dpkg -i denyhosts_3.1.2-2_all.deb

路径说明

默认安装路径：
配置文件denyhost.conf：/etc/denyhost.conf
执行文件denyhost.py: /usr/local/bin/denyhost.py
控制文件daemon-control-dist: /usr/local/bin/daemon-control-dist

修改denyhost.conf

egrep -v "^$|#" /etc/denyhosts.conf

SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY =
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 10
DENY_THRESHOLD_ROOT = 1
DENY_THRESHOLD_RESTRICTED = 1
DETECT_DOVECOT_LOGIN_ATTEMPTS = NO
WORK_DIR = /var/lib/denyhosts
ETC_DIR = /etc
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /run/denyhosts.pid
IPTABLES = /sbin/iptables
ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
SYNC_UPLOAD = no
SYNC_DOWNLOAD = no

修改daemon-control-dist

vim /usr/local/bin/daemon-control-dist

DENYHOSTS_BIN = "/usr/local/bin/denyhosts.py"
DENYHOSTS_LOCK = "/run/denyhosts.pid"
DENYHOSTS_CFG = "/etc/denyhosts.conf"

PYTHON_BIN = "/usr/bin/env python"

新版本默认使用python3，这里改为python

运行daemon-control-dist

默认denyhost.py使用daemon-control-dist来控制，可以加入开机自动启动，这里先手动启动：
daemon-control-dist start
如果报module xxx not found，是python没有安装对应的库，需要手动安装下：
pip install xxx
使用python3的话就执行
pip3 install xxx
然后重新运行下就行

查看hosts.deny

被block的IP地址会放到/etc/hosts.deny里面，可以查看。