DenyHosts is a script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system.
It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.
It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.
Features include:
- Parses /var/log/secure to find all login attempts and filters failed and successful attempts.
- Synchronization mode allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
- Can be run from the command line, cron or as a daemon.
- Records all failed login attempts for the user and offending host.
- For each host that exceeds a threshold count, records the evil host.
- Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
- Keeps track of each existing user (eg. root) when a login attempt failed.
- Keeps track of each offending host.
- Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures).
- Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
- When the log file is rotated, the script will detect it and parse from the beginning.
- Appends /etc/hosts.deny and adds the newly banned hosts.
- Optionally sends an email of newly banned hosts and suspicious logins.
- Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
- Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it’s default shell to something like /sbin/nologin.
- Upon each run, the script will load the previously saved data and re-use it to append new failures.
- Resolves IP addresses to hostnames, if available.
- /etc/hosts.deny entries can be expired (purge) at a user specified time.
Website: denyhosts.sourceforge.net
Support: FAQ
Developer: Phil Schwartz
License: GNU General Public License
DenyHosts is written in Python. Learn Python with our recommended free books and free tutorials.
Return to Security | Return to Intrusion Prevention Software
Popular series | |
---|---|
The largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions. | |
Hundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information. | |
The Big List of Active Linux Distros is a large compilation of actively developed Linux distributions. | |
Replace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS. | |
Awesome Free Linux Games Tools showcases a series of tools that making gaming on Linux a more pleasurable experience. This is a new series. | |
Machine Learning explores practical applications of machine learning and deep learning from a Linux perspective. We've written reviews of more than 40 self-hosted apps. All are free and open source. | |
New to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux. | |
Alternatives to popular CLI tools showcases essential tools that are modern replacements for core Linux utilities. | |
Essential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users. | |
Linux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine. | |
Surveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal. | |
Saving Money with Linux looks at how you can reduce your energy bills running Linux. | |
Home computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum. | |
Now and Then examines how promising open source software fared over the years. It can be a bumpy ride. | |
Linux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged. | |
Linux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery. | |
Getting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers. | |
Best Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series. | |
These best free books accelerate your learning of every programming language. Learn a new language today! | |
These free tutorials offer the perfect tonic to our free programming books series. | |
Linux Around The World showcases usergroups that are relevant to Linux enthusiasts. Great ways to meet up with fellow enthusiasts. | |
Stars and Stripes is an occasional series looking at the impact of Linux in the USA. |