denyhosts

http://denyhosts.sourceforge.net/
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install                #安装
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg    #创建配置文件
cp daemon-control-dist daemon-control  #启动文件副本
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts # 创建软连接
设置Denyhosts为开机自动启动
chkconfig --add denyhosts  # 添加denyhosts服务
chkconfig denyhosts on     # 设置denyhosts在各等级为开启状态
chkconfig --list denyhosts # 查询是否设置成功

修改配置文件
vim denyhosts.cfg
egrep -v "(^$|^#)" /usr/share/denyhosts/denyhosts.cfg
PURGE_DENY = 1w
BLOCK_SERVICE  = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 5
DENY_THRESHOLD_ROOT = 5
DENY_THRESHOLD_RESTRICTED = 1
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /var/lock/subsys/denyhosts
AGE_RESET_VALID=1d
AGE_RESET_ROOT=1d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1w

启动denyhosts服务
systemctl start denyhosts  # 启动denyhosts服务
systemctl status denyhosts # 查询denyhosts服务状态

移除黑名单
systemctl stop denyhosts
在 /etc/hosts.deny /usr/share/denyhosts/data中删除你想取消的主机IP
systemctl restart denyhosts

暴力添加白名单
vim /etc/hosts.allow
sshd:117.78.49.95:allow
posted @ 2020-05-19 10:13  kylingx  阅读(112)  评论(0编辑  收藏  举报