Apparently, yes! Thanks to Tilo Winkler for providing an example of spawning DenyHosts from TCPWRAPPERS.

DenyHosts is a Python script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system. It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host. Additionally, upon discovering a repeated attack host, the /etc/hosts.deny file is updated to prevent future break-in attempts from that host.

In DenyHosts v0.6.0, a new configuration parameter SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS was added to address this issue. You can refer to the included denyhosts.cfg-dist file for more information. This parameter can be set to YES or NO. The default value is YES. If you wish to change the default behavior and only report suspicious login activity from unknown ip addresses, set this value to NO.

See section 3.15 Can you give me some tips on proving things with LP?, and Sections 7.4-7.5 of [Guttag-Horning93], for other proof techniques.

I run a number of Linux servers and I noticed that one of them was hacked into. Upon browsing my sshd log I noticed that the system was targeted for some time and eventually, somebody hacked out a password. Had I been using DenyHosts, that never would've happened (if only I had the foresight to write this script before my system was compromised!). I then looked at the logs of my other servers, and noticed hundreds of break-in attempts.

DenyHosts uses a simple configuration file. An example, denyhosts.cfg-dist is supplied in the distribution. This file should be copied to denyhosts.cfg and edited to match your system configuration.

Version 0.9.0 introduces daemon mode support. If you run DenyHosts with the --daemon flag, then DenyHosts will run constantly in the background. See the previous link for more details. In addition to the deamon mode, DenyHosts can also be run periodically from the command line. If you do not wish to use the daemon mode, then I recommend that DenyHosts be run from cron on a routine basis. DenyHosts is fairly lightweight and does not put an excessive drain on system resources.

Although the AGE_RESET_* factility may be ideal for most situations, DenyHosts v2.1 introduces the optional parameter RESET_ON_SUCCESS. DenyHosts will automatically block hosts that fail to successfully login after a user configured threshold is exceeded. If RESET_ON_SUCCESS = yes then the failed login attempts will be reset to 0 for the respective ip address if a user successfully logs in from this ip address. The default is RESET_ON_SUCCESS = no In v1.1.

Some browsers automatically remember passwords for you when you type in your username. This can obviously cause a security problem when other people use your computer. In that case, we recommend that you disable this feature.

Assuming that you have logrotate installed on your system and is configured to use the /etc/logrotate.d directory for it's configuration files then you can simply create a file, /etc/logrotate.d/denyhosts, edit it and save it. If you have a nonstandard DenyHosts installation then you will need to account for this yourself.

Go to the Tools menu, then Options... , then File Manager. Select the Use virus scanner to scan the downloaded file(s) checkbox. Now specify the path of the required exe file and its instruction variable. For example:

When run for the first time, DenyHosts will create a work directory. The work directory will ultimately store the data collected and the files are in a human readable format, for each editing, if necessary. DenyHosts then processes the sshd server log (typically, this is /var/log/secure, /var/log/auth.log, etc) and determines which hosts have unsuccessfully attempted to gain access to the ssh server. Additionally, it notes the user and whether or not that user is root, otherwise valid (eg.

Most likely it will work with your configuration. However, please see the ssh configuration page for more details.

The DenyHosts logo was designed by Curtis Taylor. Many thanks to Curtis for the logo. Incidentally, Curtis also designed the ReleaseForge logo.

I'm not a Gentoo user so I can't provide a package for Gentoo. However, Mike Kelly has released a Gentoo package for DenyHosts.

Yes. There are plenty of other tools that have the same goal as DenyHosts but have different implementations. Here is a short list of those that I am aware of:

Presumably, you will need to run DenyHosts as root (in order for DenyHosts to update /etc/hosts.deny and read entries from /var/log), so you first must become root. Once you have either logged in as root (or used su - root, for instance) you can then run the following command: The above command will launch the crontab editor. To launch DenyHosts every 20 minutes you would then add the following line to the crontab: You will need to substitute your site-specific paths above.

Based on a patch contributed by Mike Kelly, DenyHosts 0.7 and greater will successfully parse syslog and metalog log formats. This feature is implemented in a seemless manner so there is no further configuration necessary in order to use DenyHosts with metalog.

Yes. According to Frencesca Smith, DenyHosts 0.7 and greater will work under FreeBSD. DenyHosts automatically detects if you are running it under FreeBSD and if so, will append your deny entries with " : deny". You should also update your HOSTS_DENY configuration value to "/etc/hosts.allow" since FreeBSD does not recognize the default "/etc/hosts.deny" file that many other vendors use.