DenyHosts is a script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system.
It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.
It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
- Parses /var/log/secure to find all login attempts and filters failed and successful attempts.
- Synchronization mode allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
- Can be run from the command line, cron or as a daemon.
- Records all failed login attempts for the user and offending host.
- For each host that exceeds a threshold count, records the evil host.
- Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host.
- Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures).
- Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
- When the log file is rotated, the script will detect it and parse from the beginning.
- Appends /etc/hosts.deny and adds the newly banned hosts.
- Optionally sends an email of newly banned hosts and suspicious logins.
- Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
- Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it’s default shell to something like /sbin/nologin.
- Upon each run, the script will load the previously saved data and re-use it to append new failures.
- Resolves IP addresses to hostnames, if available.
- /etc/hosts.deny entries can be expired (purge) at a user specified time.
|New to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.|
|The largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you make informed decisions.|
|Hundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.|
|Replace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.|
|Getting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.|
|Essential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.|
|Linux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.|
|Home computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.|
|Now and Then examines how promising open source software fared over the years. It can be a bumpy ride.|
|Linux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.|
|Linux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.|
|Best Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.|
|These best free books accelerate your learning of every programming language. Learn a new language today!|
|These free tutorials offer the perfect tonic to our free programming books series.|
|Stars and Stripes is an occasional series looking at the impact of Linux in the USA.|