1. Denyhosts 란?
Denyhosts는 Messages, Secure 로그파일을 읽어들여 공격한 아이피가 있으면 /etc/hosts.deny 에 아이피를 넣어
접근을 차단해주는 패키지입니다.
2. Denyhosts 다운로드
http://sourceforge.net/projects/denyhosts/files/
http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz/download
최근 버전은 2.6 입니다.
3. Denyhosts 설치
tar xvfz DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install
4. Denyhosts 설정파일 생성
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg
아래 이외 차단 설정값은 서버환경에 맞게 적절하게 적어줍니다.
SECURE_LOG = /var/log/secure
secure 로그파일
HOSTS_DENY = /etc/hosts.deny
접근 차단파일
BLOCK_SERVICE = sshd vsftpd saslauthd
차단할 서비스 열거
ADMIN_EMAIL = master@seroot.com
리포팅 받을 메일 주소
SMTP_SUBJECT = [123.123.12.12] DenyHosts Report
리포팅 메일 제목
DAEMON_LOG = /var/log/denyhosts
로그파일
5. Denyhosts 데몬파일 생성
cp daemon-control-dist daemon-control
vi daemon-control
아래와 같은지 확인합니다.
DENYHOSTS_BIN = “/usr/bin/denyhosts.py”
DENYHOSTS_LOCK = “/var/run/denyhosts.pid”
DENYHOSTS_CFG = “/usr/share/denyhosts/denyhosts.cfg”
chown root.root daemon-control
chmod 700 daemon-control
6. Denyhosts 데몬 부팅시 시작할 수 있게 등록
cd /etc/init.d
ln -s /usr/share/daenyhosts/daemon-control denyhosts
update-rc.d denyhosts defaults
7. Denyhosts 시작
/etc/init.d/denyhosts start
8. Denyhosts 적용 확인
/var/log/denyhosts
2014-12-02 13:57:q!:03,288 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,315 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,317 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,317 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,319 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,319 – denyhosts : ERROR regex pattern ( User (?P<user>.*) not allowed because not listed in AllowUsers ) is missing ‘host’ group
2014-12-02 13:57:03,380 – denyhosts : INFO new denied hosts: [‘103.41.124.43’]
/etc/hosts.deny
sshd vsftpd saslauthd: 219.153.15.122
sshd vsftpd saslauthd: 103.41.124.33
sshd vsftpd saslauthd: 190.95.196.213
sshd vsftpd saslauthd: 103.41.124.43
sshd vsftpd saslauthd: 115.238.55.163
sshd vsftpd saslauthd: 103.41.124.19
sshd vsftpd saslauthd: 1.93.29.135
sshd vsftpd saslauthd: 124.95.165.186
9. Denyhosts FAQ Link
http://denyhosts.sourceforge.net/faq.html
[polldaddy rating=”7739789″]