#!/bin/bash
wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
mv DenyHosts-2.6 denyhost
cd denyhost/
python setup.py install
cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control
cp denyhosts.cfg-dist denyhosts.cfg
chown root daemon-control
chmod 700 daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
chkconfig denyhosts on
mv denyhosts.cfg denyhosts.cfg.bak
cat > /usr/share/denyhosts/denyhosts.cfg << EOF
#ssh日志文件
SECURE_LOG = /var/log/messages
#将阻止IP写入到hosts.deny
HOSTS_DENY = /etc/hosts.deny
#过多久后清除已经禁止的,其中w代表周,d代表天,h代表小时,s代表秒,m代表分钟
PURGE_DENY = 5m
#阻止服务名
BLOCK_SERVICE = sshd
#允许无效用户(在/etc/passwd未列出)登录失败次数,允许无效用户登录失败的次数.
DENY_THRESHOLD_INVALID = 1
#允许普通用户登录失败的次数
DENY_THRESHOLD_VALID = 5
#允许root登录失败的次数
DENY_THRESHOLD_ROOT = 3
#设定 deny host 写入到该资料夹
DENY_THRESHOLD_RESTRICTED = 1
#将deny的host或ip纪录到Work_dir中
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
#是否做域名反解
HOSTNAME_LOOKUP=NO
#将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
LOCK_FILE = /var/lock/subsys/denyhosts
#有效用户登录失败计数归零的时间
AGE_RESET_VALID=5d
#root用户登录失败计数归零的时间
AGE_RESET_ROOT=25d
#无效用户的失败登录计数重置为0的时间(/usr/share/denyhosts/data/restricted-usernames)
AGE_RESET_RESTRICTED=25d
#无效用户登录失败计数归零的时间
AGE_RESET_INVALID=10d
#日志文件
DAEMON_LOG = /var/log/denyhosts
DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
#该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间
DAEMON_SLEEP = 30s
DAEMON_PURGE = 5m
EOF
/etc/init.d/denyhosts start
wget http://sourceforge.net/projects/denyhosts/files/denyhosts/2.6/DenyHosts-2.6.tar.gz
tar -zxvf DenyHosts-2.6.tar.gz
mv DenyHosts-2.6 denyhost
cd denyhost/
python setup.py install
cd /usr/share/denyhosts/
cp daemon-control-dist daemon-control
cp denyhosts.cfg-dist denyhosts.cfg
chown root daemon-control
chmod 700 daemon-control
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts
chkconfig --add denyhosts
chkconfig denyhosts on
mv denyhosts.cfg denyhosts.cfg.bak
cat > /usr/share/denyhosts/denyhosts.cfg << EOF
#ssh日志文件
SECURE_LOG = /var/log/messages
#将阻止IP写入到hosts.deny
HOSTS_DENY = /etc/hosts.deny
#过多久后清除已经禁止的,其中w代表周,d代表天,h代表小时,s代表秒,m代表分钟
PURGE_DENY = 5m
#阻止服务名
BLOCK_SERVICE = sshd
#允许无效用户(在/etc/passwd未列出)登录失败次数,允许无效用户登录失败的次数.
DENY_THRESHOLD_INVALID = 1
#允许普通用户登录失败的次数
DENY_THRESHOLD_VALID = 5
#允许root登录失败的次数
DENY_THRESHOLD_ROOT = 3
#设定 deny host 写入到该资料夹
DENY_THRESHOLD_RESTRICTED = 1
#将deny的host或ip纪录到Work_dir中
WORK_DIR = /usr/share/denyhosts/data
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
#是否做域名反解
HOSTNAME_LOOKUP=NO
#将DenyHOts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
LOCK_FILE = /var/lock/subsys/denyhosts
#有效用户登录失败计数归零的时间
AGE_RESET_VALID=5d
#root用户登录失败计数归零的时间
AGE_RESET_ROOT=25d
#无效用户的失败登录计数重置为0的时间(/usr/share/denyhosts/data/restricted-usernames)
AGE_RESET_RESTRICTED=25d
#无效用户登录失败计数归零的时间
AGE_RESET_INVALID=10d
#日志文件
DAEMON_LOG = /var/log/denyhosts
DAEMON_LOG_TIME_FORMAT = %b %d %H:%M:%S
#该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间
DAEMON_SLEEP = 30s
DAEMON_PURGE = 5m
EOF
/etc/init.d/denyhosts start
端口检测并报警
nail-ip归属地
