Any advice on denyhosts for SuSE 10.2?
I'm just getting ready to install denyhosts on SuSE 10.2
I couldn't find any SuSE specific rpm's. This either means denyhosts is so generic it runs on anything. Or that there's no way to install it on SuSE 10.2 that won't leave your computer a smoking ruin, with a little Mel Gibson driving thru the post-apocolytic remains. :) Any one with any experience of deny hosts? |
DenyHosts comes as a "tar.gz" archive to, yes, install on anything.
Here's the top portion of the README.txt file: Code:
If you downloaded the source distribution file (DenyHosts-#.#.#-tar.gz) You need to read README.txt for complete instructions and that's pretty much that; I've been using it for a year or two and it works just fine. |
Quote:
I tried installing the rpm thru YAST, but that didn't work. I'll try this then. |
Well, the thing with SuSE is you have to install from one of their rpm's. I don't know why. However, a search on opensuse.org found a SuSE rpm. I mistakenly installed the 10.3 version on 10.2, but it seemed to work fine.
When it first started up it added 30 some hosts right away. Where did these come from? Have I already been hacked? I access my server remotely all the time. I really should have done this long ago. |
At last count there are 2,816 entries in /etc/hosts.deny on my system. Look at the documentation, it talks about how DenyHosts updates every DenyHosts site by merging all the bad actors from individual sites around the world. You can expect /etc/hosts.deny to grow (and get cleaned out, too) as time goes on.
You haven't necessarily been hacked, but 30+ somebody's been trying... |
Quote:
Man, this denyhosts is a must have. I changed my root password just in case. :) |
You'll find, if you look at the entries in /etc/hosts.deny and use the whois utility on the addresses, that most, if not all, attempts are coming from Asia, particularly but not limited to China. You'll also find that over time you won't see many messages in /var/log/messages (or wherever your system stores failed password attempt messages) because the content of /etc/hosts.deny just rejects the bastards before they ever get to ssh.
They won't stop trying, that you can count on, but DenyHosts in my experience is the slickest way I've found to at least keep them at bay. Let it run, it's automagic (you don't have to fool with it) and you can sleep at night. Best of luck with it. |
All times are GMT -5. The time now is 09:23 PM. |