[CentOS] denyhosts configuration

Wed Aug 26 20:39:16 UTC 2009
Rick Barnes <linux at sitevision.com>

Dave wrote:
> Hello,
> 	I've installed denyhosts on centos 5.3 trying to block automated
> attacks on ssh. It appears to be working in that entries are being added to
> /etc/hosts.deny yet the daily emails sent from denyhosts show only one ip
> being added perday when the total is many more than that. My config is
> below, i've gone over it and am not seeing what i missed. Suggestions
> welcome.
> 	I was also wondering if denyhosts can block other types of robot
> attacks such as smtp or port 80?

It can deny access to any service that uses hosts.deny if you change it
to ALL instead of sshd. It is configured to watch /var/log/secure, so if
smtpd logs login failures there, then it can be used to add to the deny
list.

Apache does not use hosts.allow or hosts.deny by default. Some googling
suggested this might be done with xinetd but I haven't tried it.

> BLOCK_SERVICE  = sshd
> SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
> SYNC_INTERVAL = 1h
> SYNC_UPLOAD = yes
> SYNC_DOWNLOAD = yes

I believe the IP entries being added are because you using the sync
feature. The email only notifies new entries added due to active
attempts against your server, not those added by the sync, IIRC.

Rick