Intrusion Prevention - SSH

Denyhosts – helps thwart SSH server attacks

DenyHosts is a script that analyzes the sshd server log messages to determine what hosts are attempting to hack into your system.

It also determines what user accounts are being targeted. It keeps track of the frequency of attempts from each host.

It is intended to prevent brute force attacks on SSH servers by monitoring invalid login attempts in the authentication log and blocking the originating IP addresses.

Features include:

  • Parses /var/log/secure to find all login attempts and filters failed and successful attempts.
  • Synchronization mode allows DenyHosts daemons the ability to share data via a centralized server to proactively thwart attacks.
  • Can be run from the command line, cron or as a daemon.
  • Records all failed login attempts for the user and offending host.
  • For each host that exceeds a threshold count, records the evil host.
  • Keeps track of each non-existent user (eg. sdadasd) when a login attempt failed.
  • Keeps track of each existing user (eg. root) when a login attempt failed.
  • Keeps track of each offending host.
  • Keeps track of suspicious logins (that is, logins that were successful for a host that had many login failures).
  • Keeps track of the file offset, so that you can reparse the same file (/var/log/secure) continuously (until it is rotated).
  • When the log file is rotated, the script will detect it and parse from the beginning.
  • Appends /etc/hosts.deny and adds the newly banned hosts.
  • Optionally sends an email of newly banned hosts and suspicious logins.
  • Keeps a history of all user, host, user/host combo and suspicious logins encountered which includes the data and number of corresponding failed login attempts.
  • Maintains failed valid and invalid user login attempts in separate files, such that it is easy to see which valid user is under attack (which would give you the opportunity to remove the account, change the password or change it’s default shell to something like /sbin/nologin.
  • Upon each run, the script will load the previously saved data and re-use it to append new failures.
  • Resolves IP addresses to hostnames, if available.
  • /etc/hosts.deny entries can be expired (purge) at a user specified time.

Website: denyhosts.sourceforge.net
Support: FAQ
Developer: Phil Schwartz
License: GNU General Public License

DenyHosts is written in Python. Learn Python with our recommended free books and free tutorials.

Return to Security | Return to Intrusion Prevention Software


Popular series
Free and Open Source SoftwareThe largest compilation of the best free and open source software in the universe. Each article is supplied with a legendary ratings chart helping you to make informed decisions.
ReviewsHundreds of in-depth reviews offering our unbiased and expert opinion on software. We offer helpful and impartial information.
The Big List of Active Linux Distros is a large compilation of actively developed Linux distributions.
Alternatives to Proprietary SoftwareReplace proprietary software with open source alternatives: Google, Microsoft, Apple, Adobe, IBM, Autodesk, Oracle, Atlassian, Corel, Cisco, Intuit, and SAS.
GamesAwesome Free Linux Games Tools showcases a series of tools that making gaming on Linux a more pleasurable experience. This is a new series.
Artificial intelligence iconMachine Learning explores practical applications of machine learning and deep learning from a Linux perspective. We've written reviews of more than 40 self-hosted apps. All are free and open source.
Guide to LinuxNew to Linux? Read our Linux for Starters series. We start right at the basics and teach you everything you need to know to get started with Linux.
Alternatives to popular CLI tools showcases essential tools that are modern replacements for core Linux utilities.
System ToolsEssential Linux system tools focuses on small, indispensable utilities, useful for system administrators as well as regular users.
ProductivityLinux utilities to maximise your productivity. Small, indispensable tools, useful for anyone running a Linux machine.
AudioSurveys popular streaming services from a Linux perspective: Amazon Music Unlimited, Myuzi, Spotify, Deezer, Tidal.
Saving Money with LinuxSaving Money with Linux looks at how you can reduce your energy bills running Linux.
Home ComputersHome computers became commonplace in the 1980s. Emulate home computers including the Commodore 64, Amiga, Atari ST, ZX81, Amstrad CPC, and ZX Spectrum.
Now and ThenNow and Then examines how promising open source software fared over the years. It can be a bumpy ride.
Linux at HomeLinux at Home looks at a range of home activities where Linux can play its part, making the most of our time at home, keeping active and engaged.
Linux CandyLinux Candy reveals the lighter side of Linux. Have some fun and escape from the daily drudgery.
DockerGetting Started with Docker helps you master Docker, a set of platform as a service products that delivers software in packages called containers.
Android AppsBest Free Android Apps. We showcase free Android apps that are definitely worth downloading. There's a strict eligibility criteria for inclusion in this series.
Programming BooksThese best free books accelerate your learning of every programming language. Learn a new language today!
Programming TutorialsThese free tutorials offer the perfect tonic to our free programming books series.
Linux Around The WorldLinux Around The World showcases usergroups that are relevant to Linux enthusiasts. Great ways to meet up with fellow enthusiasts.
Stars and StripesStars and Stripes is an occasional series looking at the impact of Linux in the USA.
Subscribe
Notify of
guest

This site uses Akismet to reduce spam. Please read our Comment FAQ before posting a comment.

0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments