952 mkdir denyhost
953 cd denyhost/
954 ll
955 wget http://imcat.in/down/DenyHosts-2.6.tar.gz
956 ll
957 tar -zxvf DenyHosts-2.6.tar.gz
958 cd DenyHosts-2.6/
959 ll
960 python setup.py install

  1. [root@edge-node1 ~]# mkdir denyhost
  2. [root@edge-node1 ~]# cd denyhost/
  3. [root@edge-node1 denyhost]# wget http://imcat.in/down/DenyHosts-2.6.tar.gz
  4. [root@edge-node1 denyhost]# tar -zxvf DenyHosts-2.6.tar.gz
  5. [root@edge-node1 denyhost]# cd DenyHosts-2.6/
  6. [root@edge-node1 DenyHosts-2.6]# python setup.py install
  7. [root@edge-node1 DenyHosts-2.6]#  cd /usr/share/denyhosts/ 
  8. [root@edge-node1 denyhosts]# cp denyhosts.cfg-dist denyhosts.cfg 
  9. [root@edge-node1 denyhosts]# vi denyhosts.cfg

再最后加入以下内容:

  1. SECURE_LOG = /var/log/secure  
  2. HOSTS_DENY = /etc/hosts.deny
  3. PURGE_DENY = 1d
  4. BLOCK_SERVICE = sshd 
  5. DENY_THRESHOLD_INVALID = 5 
  6. DENY_THRESHOLD_VALID = 10 
  7. DENY_THRESHOLD_ROOT = 3 
  8. DENY_THRESHOLD_RESTRICTED = 1 
  9. WORK_DIR = /usr/local/share/denyhosts/data 
  10. SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES 
  11. HOSTNAME_LOOKUP=YES 
  12. LOCK_FILE = /var/lock/subsys/denyhosts 
  13. HOSTNAME_LOOKUP=NO 
  14. ADMIN_EMAIL = 837448792@qq.com
  15. DAEMON_LOG = /var/log/denyhosts 
  16. DAEMON_PURGE = 10m
  1. [root@edge-node1 denyhosts]# 
  2. [root@edge-node1 denyhosts]# 
  3. [root@edge-node1 denyhosts]# cp daemon-control-dist daemon-control
  4. [root@edge-node1 denyhosts]# ll
  5. total 112
  6. -rw-r--r-- 1 root root 16549 Dec  8  2006 CHANGELOG.txt
  7. -rwxr-xr-x 1 root root  4076 Oct  8 23:40 daemon-control
  8. -rwxr-xr-x 1 root root  4076 Apr 22  2006 daemon-control-dist
  9. -rw-r--r-- 1 root root 22264 Oct  8 23:40 denyhosts.cfg
  10. -rw-r--r-- 1 root root 20830 Aug 20  2006 denyhosts.cfg-dist
  11. -rw-r--r-- 1 root root 18009 Dec 17  2005 LICENSE.txt
  12. drwxr-xr-x 2 root root  4096 Oct  8 23:38 plugins
  13. -rw-r--r-- 1 root root  3575 Feb  3  2006 README.txt
  14. drwxr-xr-x 2 root root  4096 Oct  8 23:38 scripts
  15. -rw-r--r-- 1 root root  1522 Apr  5  2006 setup.py
  16. [root@edge-node1 denyhosts]#  chown root daemon-control
  17. [root@edge-node1 denyhosts]# chmod 700 daemon-control
  18. [root@edge-node1 denyhosts]# ./daemon-control start
  19. starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  20. Error processing configuration parameter DENY_THRESHOLD_INVALID: invalid literal for int() with base 10: '5 #\xe5\x85\x81\xe8\xae\xb8\xe6\x97\xa0\xe6\x95\x88\xe7\x94\xa8\xe6\x88\xb7\xe7\x99\xbb\xe5\xbd\x95\xe5\xa4\xb1\xe8\xb4\xa5\xe7\x9a\x84\xe6\xac\xa1\xe6\x95\xb0'
  21. [root@edge-node1 denyhosts]# 
  22. [root@edge-node1 denyhosts]# ll
  23. total 112
  24. -rw-r--r-- 1 root root 16549 Dec  8  2006 CHANGELOG.txt
  25. -rwx------ 1 root root  4076 Oct  8 23:40 daemon-control
  26. -rwxr-xr-x 1 root root  4076 Apr 22  2006 daemon-control-dist
  27. -rw-r--r-- 1 root root 22264 Oct  8 23:40 denyhosts.cfg
  28. -rw-r--r-- 1 root root 20830 Aug 20  2006 denyhosts.cfg-dist
  29. -rw-r--r-- 1 root root 18009 Dec 17  2005 LICENSE.txt
  30. drwxr-xr-x 2 root root  4096 Oct  8 23:38 plugins
  31. -rw-r--r-- 1 root root  3575 Feb  3  2006 README.txt
  32. drwxr-xr-x 2 root root  4096 Oct  8 23:38 scripts
  33. -rw-r--r-- 1 root root  1522 Apr  5  2006 setup.py
  34. [root@edge-node1 denyhosts]# 
  35. [root@edge-node1 denyhosts]# vim denyhosts.cfg
  36. [root@edge-node1 denyhosts]# 
  37. [root@edge-node1 denyhosts]# ./daemon-control start
  38. starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  39. Error processing configuration parameter DENY_THRESHOLD_RESTRICTED: invalid literal for int() with base 10: '1 #\xe8\xae\xbe\xe5\xae\x9a deny host \xe5\x86\x99\xe5\x85\xa5\xe5\x88\xb0\xe8\xaf\xa5\xe8\xb5\x84\xe6\x96\x99\xe5\xa4\xb9'
  40. [root@edge-node1 denyhosts]# vim denyhosts.cfg
  41. [root@edge-node1 denyhosts]# 
  42. [root@edge-node1 denyhosts]# ./daemon-control start
  43. starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  44. Error sending email
  45. [Errno 99] Cannot assign requested address
  46. Email message follows:
  47. From: DenyHosts <nobody@localhost>
  48. To: 837448792@qq.com
  49. Subject: DenyHosts Report
  50. Date: Thu, 08 Oct 2020 23:42:29 +0800
  52. Added the following hosts to /etc/hosts.deny:
  54. 47.94.101.199
  55. 47.94.206.19
  57. ----------------------------------------------------------------------
  59. [root@edge-node1 denyhosts]# ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
  60. [root@edge-node1 denyhosts]# chkconfig add denyhosts
  61. chkconfig version 1.7.4 - Copyright (C) 1997-2000 Red Hat, Inc.
  62. This may be freely redistributed under the terms of the GNU Public License.
  64. usage:   chkconfig [--list] [--type <type>] [name]
  65.          chkconfig --add <name>
  66.          chkconfig --del <name>
  67.          chkconfig --override <name>
  68.          chkconfig [--level <levels>] [--type <type>] <name> <on|off|reset|resetpriorities>
  69. [root@edge-node1 denyhosts]# chkconfig add denyhosts
  70. chkconfig version 1.7.4 - Copyright (C) 1997-2000 Red Hat, Inc.
  71. This may be freely redistributed under the terms of the GNU Public License.
  73. usage:   chkconfig [--list] [--type <type>] [name]
  74.          chkconfig --add <name>
  75.          chkconfig --del <name>
  76.          chkconfig --override <name>
  77.          chkconfig [--level <levels>] [--type <type>] <name> <on|off|reset|resetpriorities>
  78. [root@edge-node1 denyhosts]# chkconfig --add denyhosts
  79. [root@edge-node1 denyhosts]# chkconfig denyhosts on
  80. [root@edge-node1 denyhosts]# service denyhosts start
  81. starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  82. DenyHosts could not obtain lock (pid: 2069)
  83. [Errno 17] File exists: '/var/lock/subsys/denyhosts'
  84. [root@edge-node1 denyhosts]# 
  85. [root@edge-node1 denyhosts]# ps -ef | grep host
  86. root      2069     1  0 23:42 ?        00:00:00 python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  87. root      2175  1338  0 23:43 pts/1    00:00:00 grep --color=auto host
  88. [root@edge-node1 denyhosts]# kill 2069
  89. [root@edge-node1 denyhosts]# 
  90. [root@edge-node1 denyhosts]# ps -ef | grep host
  91. root      2189  1338  0 23:43 pts/1    00:00:00 grep --color=auto host
  92. [root@edge-node1 denyhosts]# 
  93. [root@edge-node1 denyhosts]# 
  94. [root@edge-node1 denyhosts]# service denyhosts start
  95. starting DenyHosts:    /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  96. [root@edge-node1 denyhosts]# ps -ef | grep host
  97. root      2204     1  0 23:43 ?        00:00:00 python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg
  98. root      2208  1338  0 23:43 pts/1    00:00:00 grep --color=auto host
  99. [root@edge-node1 denyhosts]# 
  100. [root@edge-node1 denyhosts]# 
  101. [root@edge-node1 denyhosts]# cat /etc/host
  102. host.conf    hostname     hosts        hosts.allow  hosts.deny   
  103. [root@edge-node1 denyhosts]# cat /etc/hosts.deny 
  104. #
  105. # hosts.deny    This file contains access rules which are used to
  106. #        deny connections to network services that either use
  107. #        the tcp_wrappers library or that have been
  108. #        started through a tcp_wrappers-enabled xinetd.
  109. #
  110. #        The rules in this file can also be set up in
  111. #        /etc/hosts.allow with a 'deny' option instead.
  112. #
  113. #        See 'man 5 hosts_options' and 'man 5 hosts_access'
  114. #        for information on rule syntax.
  115. #        See 'man tcpd' for information on tcp_wrappers
  116. #
  117. # DenyHosts: Thu Oct  8 23:42:29 2020 | sshd: 47.94.101.199
  118. sshd: 47.94.101.199
  119. # DenyHosts: Thu Oct  8 23:42:29 2020 | sshd: 47.94.206.19
  120. sshd: 47.94.206.19

安装DenyHosts-3.1.2

centos8自带的是python3,需要安装较新的DenyHosts-3.1.2,http://denyhosts.sourceforge.net/这个里下载,但需要tizi;

  1. [root@10-0-9-52 /]# mv DenyHosts-3.1.2.tar.gz /data/denyhost/
  2. [root@10-0-9-52 /]# cd /data/denyhost/
  3. [root@10-0-9-52 denyhost]# ll
  4. total 100
  5. drwxr-x--- 6  500  500  4096 Oct  9 17:19 DenyHosts-2.6
  6. -rw-r--r-- 1 root root 42667 Dec  8  2006 DenyHosts-2.6.tar.gz
  7. -rw-r--r-- 1 root root 53086 Oct  9 17:33 DenyHosts-3.1.2.tar.gz
  8. [root@10-0-9-52 denyhost]# tar -zxf DenyHosts-3.1.2.tar.gz 
  9. [root@10-0-9-52 denyhost]# ll
  10. total 104
  11. drwxr-x--- 6  500  500  4096 Oct  9 17:19 DenyHosts-2.6
  12. -rw-r--r-- 1 root root 42667 Dec  8  2006 DenyHosts-2.6.tar.gz
  13. drwxr-xr-x 5 root root  4096 May  8 22:38 DenyHosts-3.1.2
  14. -rw-r--r-- 1 root root 53086 Oct  9 17:33 DenyHosts-3.1.2.tar.gz
  15. [root@10-0-9-52 denyhost]# cd DenyHosts-
  16. -bash: cd: DenyHosts-: No such file or directory
  17. [root@10-0-9-52 denyhost]# cd DenyHosts-3.1.2/
  18. [root@10-0-9-52 DenyHosts-3.1.2]# ll
  19. total 112
  20. -rw-r--r-- 1 2017 2017 24010 May  8 22:20 CHANGELOG.txt
  21. -rwxr-xr-x 1 2017 2017  4834 May  8 22:20 daemon-control-dist
  22. drwxr-xr-x 2 root root  4096 May  8 22:38 DenyHosts
  23. -rw-r--r-- 1 2017 2017 24489 May  8 22:20 denyhosts.conf
  24. -rwxr-xr-x 1 2017 2017  9488 May  8 22:20 denyhosts.py
  25. -rw-r--r-- 1 2017 2017 17953 May  8 22:20 LICENSE.txt
  26. -rw-r--r-- 1 2017 2017   353 May  8 22:20 MANIFEST.in
  27. -rw-r--r-- 1 root root   532 May  8 22:38 PKG-INFO
  28. drwxr-xr-x 2 root root  4096 May  8 22:38 plugins
  29. drwxr-xr-x 2 root root  4096 May  8 22:38 scripts
  30. -rw-r--r-- 1 2017 2017  2120 May  8 22:20 setup.py
  31. [root@10-0-9-52 DenyHosts-3.1.2]# vim denyhosts.conf 
  32. [root@10-0-9-52 DenyHosts-3.1.2]# ll
  33. total 112
  34. -rw-r--r-- 1 2017 2017 24010 May  8 22:20 CHANGELOG.txt
  35. -rwxr-xr-x 1 2017 2017  4834 May  8 22:20 daemon-control-dist
  36. drwxr-xr-x 2 root root  4096 May  8 22:38 DenyHosts
  37. -rw-r--r-- 1 2017 2017 24489 May  8 22:20 denyhosts.conf
  38. -rwxr-xr-x 1 2017 2017  9488 May  8 22:20 denyhosts.py
  39. -rw-r--r-- 1 2017 2017 17953 May  8 22:20 LICENSE.txt
  40. -rw-r--r-- 1 2017 2017   353 May  8 22:20 MANIFEST.in
  41. -rw-r--r-- 1 root root   532 May  8 22:38 PKG-INFO
  42. drwxr-xr-x 2 root root  4096 May  8 22:38 plugins
  43. drwxr-xr-x 2 root root  4096 May  8 22:38 scripts
  44. -rw-r--r-- 1 2017 2017  2120 May  8 22:20 setup.py
  45. [root@10-0-9-52 DenyHosts-3.1.2]# vim daemon-control-dist 
  46. [root@10-0-9-52 DenyHosts-3.1.2]# 
  47. [root@10-0-9-52 DenyHosts-3.1.2]# 
  48. [root@10-0-9-52 DenyHosts-3.1.2]# ll
  49. total 112
  50. -rw-r--r-- 1 2017 2017 24010 May  8 22:20 CHANGELOG.txt
  51. -rwxr-xr-x 1 2017 2017  4834 May  8 22:20 daemon-control-dist
  52. drwxr-xr-x 2 root root  4096 May  8 22:38 DenyHosts
  53. -rw-r--r-- 1 2017 2017 24489 May  8 22:20 denyhosts.conf
  54. -rwxr-xr-x 1 2017 2017  9488 May  8 22:20 denyhosts.py
  55. -rw-r--r-- 1 2017 2017 17953 May  8 22:20 LICENSE.txt
  56. -rw-r--r-- 1 2017 2017   353 May  8 22:20 MANIFEST.in
  57. -rw-r--r-- 1 root root   532 May  8 22:38 PKG-INFO
  58. drwxr-xr-x 2 root root  4096 May  8 22:38 plugins
  59. drwxr-xr-x 2 root root  4096 May  8 22:38 scripts
  60. -rw-r--r-- 1 2017 2017  2120 May  8 22:20 setup.py
  61. [root@10-0-9-52 DenyHosts-3.1.2]# python3 setup.py install
  62. running install
  63. running build
  64. running build_py
  65. creating build
  66. creating build/lib
  67. creating build/lib/DenyHosts
  68. copying DenyHosts/filetracker.py -> build/lib/DenyHosts
  69. copying DenyHosts/__init__.py -> build/lib/DenyHosts
  70. copying DenyHosts/deny_hosts.py -> build/lib/DenyHosts
  71. copying DenyHosts/sync.py -> build/lib/DenyHosts
  72. copying DenyHosts/util.py -> build/lib/DenyHosts
  73. copying DenyHosts/constants.py -> build/lib/DenyHosts
  74. copying DenyHosts/plugin.py -> build/lib/DenyHosts
  75. copying DenyHosts/version.py -> build/lib/DenyHosts
  76. copying DenyHosts/regex.py -> build/lib/DenyHosts
  77. copying DenyHosts/purgecounter.py -> build/lib/DenyHosts
  78. copying DenyHosts/prefs.py -> build/lib/DenyHosts
  79. copying DenyHosts/daemon.py -> build/lib/DenyHosts
  80. copying DenyHosts/restricted.py -> build/lib/DenyHosts
  81. copying DenyHosts/loginattempt.py -> build/lib/DenyHosts
  82. copying DenyHosts/denyfileutil.py -> build/lib/DenyHosts
  83. copying DenyHosts/report.py -> build/lib/DenyHosts
  84. copying DenyHosts/lockfile.py -> build/lib/DenyHosts
  85. copying DenyHosts/python_version.py -> build/lib/DenyHosts
  86. copying DenyHosts/counter.py -> build/lib/DenyHosts
  87. copying DenyHosts/allowedhosts.py -> build/lib/DenyHosts
  88. running build_scripts
  89. creating build/scripts-3.6
  90. copying and adjusting denyhosts.py -> build/scripts-3.6
  91. copying and adjusting daemon-control-dist -> build/scripts-3.6
  92. changing mode of build/scripts-3.6/denyhosts.py from 644 to 755
  93. changing mode of build/scripts-3.6/daemon-control-dist from 644 to 755
  94. running install_lib
  95. copying build/lib/DenyHosts/filetracker.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  96. copying build/lib/DenyHosts/__init__.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  97. copying build/lib/DenyHosts/deny_hosts.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  98. copying build/lib/DenyHosts/sync.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  99. copying build/lib/DenyHosts/util.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  100. copying build/lib/DenyHosts/constants.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  101. copying build/lib/DenyHosts/plugin.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  102. copying build/lib/DenyHosts/version.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  103. copying build/lib/DenyHosts/regex.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  104. copying build/lib/DenyHosts/purgecounter.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  105. copying build/lib/DenyHosts/prefs.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  106. copying build/lib/DenyHosts/daemon.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  107. copying build/lib/DenyHosts/restricted.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  108. copying build/lib/DenyHosts/loginattempt.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  109. copying build/lib/DenyHosts/denyfileutil.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  110. copying build/lib/DenyHosts/report.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  111. copying build/lib/DenyHosts/lockfile.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  112. copying build/lib/DenyHosts/python_version.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  113. copying build/lib/DenyHosts/counter.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  114. copying build/lib/DenyHosts/allowedhosts.py -> /usr/local/lib/python3.6/site-packages/DenyHosts
  115. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/filetracker.py to filetracker.cpython-36.pyc
  116. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/deny_hosts.py to deny_hosts.cpython-36.pyc
  117. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/sync.py to sync.cpython-36.pyc
  118. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/util.py to util.cpython-36.pyc
  119. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/plugin.py to plugin.cpython-36.pyc
  120. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/purgecounter.py to purgecounter.cpython-36.pyc
  121. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/prefs.py to prefs.cpython-36.pyc
  122. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/daemon.py to daemon.cpython-36.pyc
  123. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/loginattempt.py to loginattempt.cpython-36.pyc
  124. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/denyfileutil.py to denyfileutil.cpython-36.pyc
  125. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/lockfile.py to lockfile.cpython-36.pyc
  126. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/python_version.py to python_version.cpython-36.pyc
  127. byte-compiling /usr/local/lib/python3.6/site-packages/DenyHosts/allowedhosts.py to allowedhosts.cpython-36.pyc
  128. running install_scripts
  129. copying build/scripts-3.6/daemon-control-dist -> /usr/local/bin
  130. copying build/scripts-3.6/denyhosts.py -> /usr/local/bin
  131. changing mode of /usr/local/bin/daemon-control-dist to 755
  132. changing mode of /usr/local/bin/denyhosts.py to 755
  133. running install_data
  134. copying denyhosts.conf -> /etc
  135. running install_egg_info
  136. Writing /usr/local/lib/python3.6/site-packages/DenyHosts-3.1.2-py3.6.egg-info
  138. [root@10-0-9-52 DenyHosts-3.1.2]# vim /etc/denyhosts.conf

加入以下配置:

  1. SECURE_LOG = /var/log/secure  
  2. HOSTS_DENY = /etc/hosts.deny
  3. PURGE_DENY = 1d
  4. BLOCK_SERVICE = sshd 
  5. DENY_THRESHOLD_INVALID = 5 
  6. DENY_THRESHOLD_VALID = 10 
  7. DENY_THRESHOLD_ROOT = 3 
  8. DENY_THRESHOLD_RESTRICTED = 1 
  9. WORK_DIR = /usr/local/share/denyhosts/data 
  10. SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES 
  11. HOSTNAME_LOOKUP=YES 
  12. LOCK_FILE = /var/lock/subsys/denyhosts 
  13. HOSTNAME_LOOKUP=NO 
  14. ADMIN_EMAIL = 837448792@qq.com
  15. DAEMON_LOG = /var/log/denyhosts 
  16. DAEMON_PURGE = 10m

最终启动在安装目录启动:

  1. [root@10-0-9-52 DenyHosts-3.1.2]# ./daemon-control-dist start

参考

Linux 安装DenyHost防止ssh被暴力破解

https://www.jianshu.com/p/7a34992bb2ae