Denyhosts我們通常用來抵御ssh字典攻擊册烈。
Denyhosts是采用python寫的，需要python環(huán)境(現(xiàn)在linux都有python環(huán)境)
Denyhosts是通過分析/var/log/secure日志文件中登陸失敗骂倘，結(jié)合設(shè)置的策略眼滤，進(jìn)行對應(yīng)防護(hù)措施（比如：檢測到同一IP，在一分鐘之內(nèi)嘗試錯(cuò)誤連接100次历涝，很明顯就應(yīng)該拒絕此IP繼續(xù)ssh連接诅需，拒絕的策略是寫入到/etc/hosts.deny配置文件中）

安裝：

# epel源中
# yum install denyhosts -y
# rpm -ql denyhosts
#     /etc/denyhosts.conf       //規(guī)則配置文件
#     /etc/rc.d/init.d/denyhosts       //服務(wù)腳本
#     /var/log/denyhosts       //日志文件
#     /var/lib/denyhosts       //denyhost 工作目錄
#  denyhosts數(shù)據(jù)文件，看名字大概知道
#  /var/lib/denyhosts/allowed-hosts
#  /var/lib/denyhosts/allowed-warned-hosts
#  /var/lib/denyhosts/hosts
#  /var/lib/denyhosts/hosts-restricted
#  /var/lib/denyhosts/hosts-root
#  /var/lib/denyhosts/hosts-valid
#  /var/lib/denyhosts/offset
#  /var/lib/denyhosts/suspicious-logins
#  /var/lib/denyhosts/sync-hosts
#  /var/lib/denyhosts/users-hosts
#  /var/lib/denyhosts/users-invalid
#  /var/lib/denyhosts/users-valid

配置

# grep -Ev '^#|^$' /etc/denyhosts.conf   
 ############ THESE SETTINGS ARE REQUIRED ############
SECURE_LOG = /var/log/secure
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 4w        // ip被禁止之后荧库，多久可以釋放(w表示周堰塌，d表示天，h表示小時(shí)电爹，m表示分鐘)
BLOCK_SERVICE  = sshd     // 檢測的服務(wù)
DENY_THRESHOLD_INVALID = 5     // 無效用戶嘗試次數(shù)之后即被鎖定
DENY_THRESHOLD_VALID = 10      //  有效普通用戶嘗試次數(shù)
DENY_THRESHOLD_ROOT = 1       //   root用戶嘗試次數(shù)
DENY_THRESHOLD_RESTRICTED = 1    // 設(shè)定denyhosts將數(shù)據(jù)寫入到/etc/hosts.deny文件中
WORK_DIR = /var/lib/denyhosts      //denyhosts工作數(shù)據(jù)目錄
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES     // 域名解析
LOCK_FILE = /var/lock/subsys/denyhosts
 ############ THESE SETTINGS ARE OPTIONAL ############
ADMIN_EMAIL = root
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts <nobody@localhost>
SMTP_SUBJECT = DenyHosts Report from $[HOSTNAME]
AGE_RESET_VALID=5d           //普通有效用戶登陸計(jì)數(shù)清零時(shí)間
AGE_RESET_ROOT=25d        //root用戶登陸計(jì)數(shù)清零時(shí)間
AGE_RESET_RESTRICTED=25d     // /etc/hosts.deny文件清除數(shù)據(jù)時(shí)間
AGE_RESET_INVALID=10d
 ######### THESE SETTINGS ARE SPECIFIC TO DAEMON MODE  ##########
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1h
 #########   THESE SETTINGS ARE SPECIFIC TO     ##########
 #########       DAEMON SYNCHRONIZATION         ##########

啟動服務(wù)

# service denyhosts start
# chkconfig denyhosts on

測試

開啟兩個(gè)ssh進(jìn)程蔫仙，一個(gè)用來測試，一個(gè)用來等會解除限制
多次嘗試無效用戶登陸丐箩，發(fā)現(xiàn)之后就不會在讓你到輸入用戶密碼界面摇邦，檢查數(shù)據(jù)
# cat /etc/hosts.deny
# DenyHosts: Wed Feb 22 16:15:51 2017 | sshd: 113.102.163.146
sshd: 113.102.163.146
# cat /var/lib/denyhosts/* | grep 113.102.163.146
# 113.102.163.146:7:Wed Feb 22 16:15:51 2017
# 113.102.163.146:0:Wed Feb 22 16:13:51 2017
# 113.102.163.146:0:Wed Feb 22 16:13:51 2017
# 113.102.163.146:0:Wed Feb 22 16:13:51 2017

denyhosts恢復(fù)

清楚文件對應(yīng)的數(shù)據(jù)，重啟rsyslog服務(wù)器重置計(jì)數(shù)器
# sed -i '/113.102.163.146/d' /etc/hosts.deny
# sed -i '/113.102.163.146/d' /var/lib/denyhosts/*
# service rsyslog restart