RHEL BasedRocky Linux

How To Install DenyHosts on Rocky Linux 9

Install DenyHosts on Rocky Linux 9

In today’s digital landscape, securing your server against unauthorized access is more critical than ever. One effective way to enhance the security of your SSH server is by using DenyHosts, a powerful tool designed to prevent brute force attacks. This article will guide you through the process of installing and configuring DenyHosts on Rocky Linux 9, ensuring that your server remains safe from potential threats.

Understanding DenyHosts

DenyHosts is an open-source security application that helps protect Linux servers from brute force attacks, particularly those targeting SSH. By monitoring login attempts, it identifies and blocks suspicious IP addresses, adding them to a deny list. This proactive approach significantly reduces the risk of unauthorized access.

Unlike other security tools such as Fail2ban, which can be more complex to configure, DenyHosts offers a straightforward installation and configuration process. Its primary benefits include:

  • Simple Configuration: Easy to set up with minimal adjustments needed.
  • Effective Monitoring: Continuously tracks login attempts and blocks malicious IPs.
  • Customizable: Allows for tailored settings to meet specific security needs.

Prerequisites for Installation

Before installing DenyHosts on Rocky Linux 9, ensure that your system meets the following prerequisites:

  • Your server should be running Rocky Linux 9.
  • The system must be updated to the latest packages.
  • You should have root or sudo access to install software and modify configurations.

To prepare your system, start by updating all existing packages. Open your terminal and execute the following command:

sudo dnf update

Install DenyHosts on Rocky Linux 9

The installation process for DenyHosts on Rocky Linux 9 is straightforward. Follow these steps carefully to ensure a successful installation:

1. Enable EPEL Repository

DenyHosts is available in the EPEL (Extra Packages for Enterprise Linux) repository. To enable this repository, run the following command:

sudo dnf install epel-release

This command installs the EPEL repository, allowing you to access additional software packages not included in the default repositories.

2. Install DenyHosts

Once the EPEL repository is enabled, you can proceed with installing DenyHosts. Run the following command:

sudo dnf install denyhosts

This command downloads and installs DenyHosts along with any necessary dependencies. After installation, you can verify that DenyHosts has been installed successfully by checking its version:

denyhosts --version

3. Verify Installation

If the command returns a version number, it confirms that DenyHosts is installed correctly on your system.

Configuring DenyHosts

The next step involves configuring DenyHosts to suit your security requirements. The main configuration file can be found at /etc/denyhosts.conf. Here’s how to edit it:

1. Editing the Configuration File

Open the configuration file using a text editor of your choice (for example, nano or vi):

sudo nano /etc/denyhosts.conf

In this file, you will find various settings that control how DenyHosts operates. Key settings to consider include:

  • DenyThreshold: The number of failed login attempts before an IP is blocked (default is 5).
  • DenyInterval: The time interval (in seconds) during which failed attempts are counted (default is 3600).
  • <strong<AllowUsers:: Specify which users are allowed to log in via SSH.

You may want to adjust these settings based on your server’s usage patterns and security needs.

2. Setting Up Hosts.allow and Hosts.deny

DenyHosts utilizes the /etc/hosts.allow and /etc/hosts.deny files to manage access control. You can edit these files to specify which IP addresses are allowed or denied access to your server.

sudo nano /etc/hosts.allow
sudo nano /etc/hosts.deny

An example entry in /etc/hosts.allow might look like this:

sshd: ALL: allow

This allows all hosts access to SSH.

An example entry in /etc/hosts.deny might look like this:

sshd: 192.168.1.*: deny

This denies all hosts from the specified subnet access to SSH.

3. Starting DenyHosts Service

The final step in configuration is starting the DenyHosts service and enabling it to run at boot time. Use the following commands:

sudo systemctl start denyhosts
sudo systemctl enable denyhosts

This ensures that DenyHosts will automatically start whenever your server boots up.

Monitoring and Managing DenyHosts

After installation and configuration, it’s essential to monitor DenyHosts’ activity regularly. You can check logs for blocked IP addresses by executing:

tail -f /var/log/denyhosts

This command displays real-time logs of denied login attempts, allowing you to identify potential threats quickly.

Banning and Unbanning IPs

If you need to manage banned IPs, you can manually remove an IP address from the deny list using the following command:

sudo /usr/bin/denyhosts --remove [IP_ADDRESS]

This command allows legitimate users who may have been mistakenly blocked to regain access quickly.

Best Practices for Monitoring and Adjusting Settings Over Time

  • Regularly Review Logs: Make it a habit to review logs periodically for any unusual activity.
  • Tweak Configuration Settings: Adjust thresholds based on observed login patterns.
  • Create Backup Configurations: Before making significant changes, back up your configuration files.

Advanced Configuration Options

DenyHosts offers several advanced features that enhance its functionality beyond basic blocking of malicious IPs. Here are some options worth exploring:

Email Notifications

You can configure DenyHosts to send email notifications whenever an IP address gets blocked. This feature keeps you informed about potential threats in real time. To enable email notifications, modify the following line in the configuration file (/etc/denyhosts.conf):

#EMAIL_ALERT = "your-email@example.com"

Remove the ‘#’ symbol and replace “your-email@example.com” with your actual email address.

Error Logging Customization

DenyHosts allows customization of logging settings as well. You can change log verbosity levels or specify different log file locations according to your preferences by modifying relevant lines in the configuration file.

Troubleshooting Common Issues

Even with careful installation and configuration, issues may arise when using DenyHosts on Rocky Linux 9. Here are common problems and their solutions:

DenyHosts Service Not Starting Properly

If you encounter issues with starting the DenyHosts service, check its status using this command:

sudo systemctl status denyhosts

If there are errors reported in the output, review them carefully for clues about what might be wrong.

Ineffective Blocking of Malicious IPs

If you notice that malicious IPs are not being blocked as expected, ensure that:

  • The configuration settings (DenyThreshold and DenyInterval) are set appropriately.
  • The service has been restarted after making changes:
    sudo systemctl restart denyhosts 
  • No conflicting security software is interfering with DenyHosts’ functionality.
  • You have sufficient permissions set on log files so they can be accessed by DenyHosts.
  • You regularly check logs for any anomalies or patterns indicating missed attacks.

Congratulations! You have successfully installed DenyHosts. Thanks for using this tutorial for installing DenyHosts on the Roxky Linux 9 system. For additional help or useful information, we recommend you check the official DenyHosts website.

VPS Manage Service Offer
If you don’t have time to do all of this stuff, or if this is not your area of expertise, we offer a service to do “VPS Manage Service Offer”, starting from $10 (Paypal payment). Please contact us to get the best deal!

r00t

r00t is an experienced Linux enthusiast and technical writer with a passion for open-source software. With years of hands-on experience in various Linux distributions, r00t has developed a deep understanding of the Linux ecosystem and its powerful tools. He holds certifications in SCE and has contributed to several open-source projects. r00t is dedicated to sharing her knowledge and expertise through well-researched and informative articles, helping others navigate the world of Linux with confidence.
Back to top button