CentOSLinuxTutorials

How To Install DenyHost on CentOS 6

Install DenyHost on CentOS 6

In this tutorial, we will show you how to install DenyHost on CentOS 6. For those of you who didn’t know, DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is intended to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses. Due to the simplicity of DenyHost and the ability to manually configure your rules it is widely used as an alternative to Fail2ban which is a bit more complicated to use and configure.

This article assumes you have at least basic knowledge of Linux, know how to use the shell, and most importantly, you host your site on your own VPS. The installation is quite simple. I will show you the step-by-step installation DenyHost on CentOS  6 server.

Prerequisites

  • A server running one of the following operating systems: CentOS  6.
  • It’s recommended that you use a fresh OS install to prevent any potential issues.
  • SSH access to the server (or just open Terminal if you’re on a desktop).
  • A non-root sudo user or access to the root user. We recommend acting as a non-root sudo user, however, as you can harm your system if you’re not careful when acting as the root.

Install DenyHost on CentOS 6

Step 1. First, you need to enable the EPEL repository on your system and make sure that all packages are up to date.

## RHEL/CentOS 6 64-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm
## RHEL/CentOS 6 32-Bit ##
# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
# rpm -ivh epel-release-6-8.noarch.rpm

Step 2. Install DenyHost.

Install DenyHosts from the EPEL repository by using the following command:

yum install denyhosts

Step 3. Configure DenyHosts.

Once the Denyhosts are installed, make sure to whitelist your own IP address, so you will never get locked out. To do this, open a file /etc/hosts.allow:

nano /etc/hosts.allow

Below the description, add each IP address one by one on a separate line, that you never want to block. The format should be as follows:

# hosts.allow   This file contains access rules which are used to
#               allow or deny connections to network services that
#               either use the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 114.124.37.154
sshd: 172.16.25.155
sshd: 172.16.25.156

You can further configure any settings in the DenyHosts.conf file by going to the following and updating according to your preference:

nano /etc/denyhosts.conf

Save your work and restart DenyHosts with the following command:

service denyhosts start
chkconfig denyhosts on

View DenyHosts logs:

tail -f /var/log/denyhosts
tail -f /var/log/secure

Congratulations! You have successfully installed DenyHost. Thanks for using this tutorial for installing DenyHost on CentOS 6 system. For additional help or useful information, we recommend you check the official DenyHost website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is a seasoned Linux system administrator with a wealth of experience in the field. Known for his contributions to idroot.us, r00t has authored numerous tutorials and guides, helping users navigate the complexities of Linux systems. His expertise spans across various Linux distributions, including Ubuntu, CentOS, and Debian. r00t's work is characterized by his ability to simplify complex concepts, making Linux more accessible to users of all skill levels. His dedication to the Linux community and his commitment to sharing knowledge makes him a respected figure in the field.
Back to top button