LinuxQuestions.org - Any advice on denyhosts for SuSE 10.2?

- Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)

- - Any advice on denyhosts for SuSE 10.2? (https://www.linuxquestions.org/questions/linux-software-2/any-advice-on-denyhosts-for-suse-10-2-a-617201/)

dougnc

01-29-2008 01:09 PM

Any advice on denyhosts for SuSE 10.2?

I'm just getting ready to install denyhosts on SuSE 10.2

I couldn't find any SuSE specific rpm's. This either means denyhosts is so generic it runs on anything. Or that there's no way to install it on SuSE 10.2 that won't leave your computer a smoking ruin, with a little Mel Gibson driving thru the post-apocolytic remains. :)

Any one with any experience of deny hosts?

tronayne

01-29-2008 02:44 PM

DenyHosts comes as a "tar.gz" archive to, yes, install on anything.

Here's the top portion of the README.txt file:

Code:

If you downloaded the source distribution file (DenyHosts-#.#.#-tar.gz)

then:



$ tar zxvf DenyHosts-#.#.#-tar.gz      (Where #.#.# is the version)



$ cd DenyHosts-#.#.#



as root:



# python setup.py install



This will install the DenyHosts modules into python's site-packages

directory.

Pretty straight-forward...

You need to read README.txt for complete instructions and that's pretty much that; I've been using it for a year or two and it works just fine.

dougnc

01-30-2008 06:50 AM

Quote:

Originally Posted by tronayne (Post 3039097)

DenyHosts comes as a "tar.gz" archive to, yes, install on anything.

Here's the top portion of the README.txt file:

Code:

If you downloaded the source distribution file (DenyHosts-#.#.#-tar.gz)

then:



$ tar zxvf DenyHosts-#.#.#-tar.gz      (Where #.#.# is the version)



$ cd DenyHosts-#.#.#



as root:



# python setup.py install



This will install the DenyHosts modules into python's site-packages

directory.

Pretty straight-forward...

You need to read README.txt for complete instructions and that's pretty much that; I've been using it for a year or two and it works just fine.

Thank you!

I tried installing the rpm thru YAST, but that didn't work. I'll try this then.

dougnc

02-03-2008 02:49 PM

Well, the thing with SuSE is you have to install from one of their rpm's. I don't know why. However, a search on opensuse.org found a SuSE rpm. I mistakenly installed the 10.3 version on 10.2, but it seemed to work fine.

When it first started up it added 30 some hosts right away. Where did these come from? Have I already been hacked?

I access my server remotely all the time. I really should have done this long ago.

tronayne

02-03-2008 03:48 PM

At last count there are 2,816 entries in /etc/hosts.deny on my system. Look at the documentation, it talks about how DenyHosts updates every DenyHosts site by merging all the bad actors from individual sites around the world. You can expect /etc/hosts.deny to grow (and get cleaned out, too) as time goes on.

You haven't necessarily been hacked, but 30+ somebody's been trying...

dougnc

02-05-2008 06:55 AM

Quote:

Originally Posted by tronayne (Post 3044892)

I just got an e-mail about another ip trying to log in.

Man, this denyhosts is a must have. I changed my root password just in case. :)

tronayne

02-05-2008 07:15 AM

You'll find, if you look at the entries in /etc/hosts.deny and use the whois utility on the addresses, that most, if not all, attempts are coming from Asia, particularly but not limited to China. You'll also find that over time you won't see many messages in /var/log/messages (or wherever your system stores failed password attempt messages) because the content of /etc/hosts.deny just rejects the bastards before they ever get to ssh.

They won't stop trying, that you can count on, but DenyHosts in my experience is the slickest way I've found to at least keep them at bay. Let it run, it's automagic (you don't have to fool with it) and you can sleep at night.

Best of luck with it.

All times are GMT -5. The time now is 09:23 PM.