Lesson 13

Date: 6/28/2017
Linux Network Security
Linux System Administration


Denyhosts

DenyHosts is a log-based intrusion prevention security tool for SSH servers written in Python. It is designed to prevent brute-force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses using /etc/hosts.deny and iptables on Linux server.

Exercise

  • On testub VM, clear the logs:
    cp /dev/null /var/log/auth.log
    
  • On testub VM, install denyhosts service:
    apt-get install denyhosts
    
    Edit file /etc/denyhosts and comment the line with iptables
    #IPTABLES = /sbin/iptables
    

    Restart denyhosts:
    systemctl restart denyhosts
    

  • On the desktop, run ncrack on testub VM, then check the content of /etc/hosts.deny. You should see the IP address of the desktop, 192.168.122.1 denied accessing sshd. Try ssh-ing from the desktop to testub

  • On testcent VM, clear the logs and install denyhosts
    cp /dev/null /var/log/secure
    rpm -Uvh http://dl.fedoraproject.org/pub/epel/7Server/x86_64/e/epel-release-7-9.noarch.rpm
    yum install denyhosts
    
    Run ncrack on testcent VM, then check its /etc/hosts.deny content.



  • Take me to the Course Website