Linux/Centos how to block SSH bruteforce/dictionary attacks automatically with denyhosts

A lot of people become nervous (and understandably so) when checking their auth or security logs, in Centos /var/log/secure and see dozens, hundreds of even thousands of attempted logins to various services, especially SSH.

Of course you could manually block these people/IPs but no one has time to read the logs like that, what if some program or script could do it for you?

This is what denyhosts does for you, it checks the logs and based on a certain number of failed SSH attempts, automatically adds an entry with the offending IPs to /etc/hosts.deny

How to install denyhosts

yum -y install denyhosts

chkconfig denyhosts on

service denyhosts on

That's all there is to it and your system becomes more secure in just 3 commands and a few seconds of your time, in my opinion most Linux distros should have this enabled by default.  Just make sure you don't get you own IP blocked by numerous SSH auth failures.


Tags:

linux, centos, ssh, bruteforce, dictionary, attacks, automatically, denyhostsa, understandably, auth, logs, var, dozens, logins, various, manually, ips, denyhosts, attempts, adds, entry, offending, etc, hosts, install, yum, chkconfig, commands, distros, enabled, default, ip, blocked, numerous, failures,

Latest Articles

  • Linux Ubuntu Cannot Print Large Images
  • Cannot Print PDF Solution and Howto Resize
  • Linux Console Login Screen TTY Change Message
  • Apache Cannot Start Listening Already on 0.0.0.0
  • MySQL Bash Query to pipe input directly without using heredoc trick
  • CentOS 6 and 7 / RHEL Persistent DHCP Solution
  • Debian Ubuntu Mint rc-local service startup error solution rc-local.service: Failed at step EXEC spawning /etc/rc.local: Exec format error
  • MySQL Cheatsheet Guide and Tutorial
  • bash script kill whois or other command that is running for too long
  • Linux tftp listens on all interfaces and IPs by DEFAULT Security Risk Hole Solution
  • python import docx error
  • Cisco Unified Communications Manager Express Cheatsheet CUCME CME
  • Linux Ubuntu Debian Missing privilege separation directory: /var/run/sshd
  • bash how to count the number of columns or words in a line
  • bash if statement how to test program output without assigning to variable
  • RTNETLINK answers: Network is unreachable
  • Centos 7 how to save iptables rules like Centos 6
  • nfs tuning maximum amount of connections
  • qemu-kvm error "Could not initialize SDL(No available video device) - exiting"
  • Centos 7 tftpd will not work with selinux enabled