How To Install DenyHosts on CentOS

If you’re managing a server on CentOS, securing it against unauthorized access is crucial. One of the most effective ways to enhance your server’s security is by using DenyHosts, a security tool that helps to prevent SSH brute-force attacks. In this blog post, we’ll walk you through the steps to install and configure DenyHosts on your CentOS system.

What is DenyHosts?

DenyHosts is a Python script that analyzes login attempts, looks for failed login attempts, and blocks the offending IP addresses in the /etc/hosts.deny file. It’s a lightweight solution that can significantly enhance the security of your server. By default, DenyHosts works by monitoring log files for failed SSH login attempts, making the process of securing your server automated and hassle-free.

Prerequisites

Before we begin, ensure that you have the following:

1. A CentOS server (version 7 or 8 is recommended).
2. Root or sudo access to the server.
3. SSH access to your server.

Step 1: Update Your System

Start by updating your system packages to ensure that you have the latest security patches and software. You can do this by executing the following command:

sudo yum update -y

Step 2: Install EPEL Repository

DenyHosts is available in the EPEL (Extra Packages for Enterprise Linux) repository. If the EPEL repository is not already installed on your system, you can do so by running:

sudo yum install epel-release -y

Step 3: Install DenyHosts

Once the EPEL repository is enabled, you can easily install DenyHosts by executing:

sudo yum install denyhosts -y

Step 4: Configure DenyHosts

The default configuration file for DenyHosts is located at /etc/denyhosts.conf. You may want to edit this configuration file to customize its behavior. Here’s how you can do that:

sudo nano /etc/denyhosts.conf

Key settings you might want to change include:

• SECURE_LOG: If you have SSH installed in a different directory or specific configurations, you might change the log file here.
• ADMIN_EMAIL: Set up an email address to receive notifications. This way, you’ll be notified whenever an IP is blocked.
• DENY_THRESHOLD_INVALID: This setting determines how many invalid login attempts before an IP is blocked. Adjust this according to your needs.

Example Configuration

Here’s an example of a DenyHosts configuration:

SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
# Optional: Change the email address
ADMIN_EMAIL = [email protected]
DENY_THRESHOLD_INVALID = 3

After editing the configuration file, save and exit.

Step 5: Start and Enable DenyHosts

You can start the DenyHosts service and enable it to start at boot with the following commands:

sudo systemctl start denyhosts
sudo systemctl enable denyhosts

Step 6: Verify DenyHosts is Running

To ensure that DenyHosts is running properly, you can use the following command:

sudo systemctl status denyhosts

You should see an output indicating that the service is active and running.

Step 7: Monitor DenyHosts Logs

DenyHosts writes logs to /var/log/denyhosts. You can monitor this log file for any activity:

sudo tail -f /var/log/denyhosts

This command allows you to view the most recent entries in real-time. You’ll see information about blocked IP addresses and login attempts.

Conclusion

Installing DenyHosts on your CentOS server is a straightforward process that can significantly reduce the risk of unauthorized access via SSH. By following the steps outlined above, you’ll bolster your server security and gain peace of mind.

Remember, while DenyHosts provides an extra layer of protection, it’s essential to also implement other security measures such as using strong passwords, disabling root login via SSH, and utilizing fail2ban for more comprehensive security. For more guides on enhancing your server security, stay tuned to the Greenhost.Cloud blog!

Happy securing!