Excellent ssh brute force attack blocker DenyHosts

The author behind Denyhosts has written an excellent tool in Python to protect your ssh server from brute force attacks. Annoying ssh attacks that tries to guess a valid username and password to you ssh login. Very common attack vector. If you are running an ssh server that is accessiable from the Internet or actually any location, may it be the LAN or WAN, you should always enforce restrictionsn to your services, and especially login services such as ssh.

It should not matter if you are a linux newbie, the installation of DenyHosts is very smooth.
What is just excellent, is that DenyHosts uses a security featuret that has been around most Unix Linux systems for ages. The tcpwrapper!
(/etc/hosts.deny and /etc/hosts.allow)

After downloading the tarball (DenyHosts-2.6.tar.gz) or rpm.

[salt@localtoast source]$ tar -zxvf DenyHosts-2.6.tar.gz
The output should be similar to this.

DenyHosts-2.6/
DenyHosts-2.6/PKG-INFO
DenyHosts-2.6/denyhosts.py
DenyHosts-2.6/denyhosts.cfg-dist
DenyHosts-2.6/setup.py
DenyHosts-2.6/DenyHosts/
DenyHosts-2.6/DenyHosts/prefs.py
DenyHosts-2.6/DenyHosts/report.py
DenyHosts-2.6/DenyHosts/lockfile.py
DenyHosts-2.6/DenyHosts/__init__.py
DenyHosts-2.6/DenyHosts/plugin.py
DenyHosts-2.6/DenyHosts/denyfileutil.py
DenyHosts-2.6/DenyHosts/deny_hosts.py
DenyHosts-2.6/DenyHosts/regex.py
DenyHosts-2.6/DenyHosts/sync.py
DenyHosts-2.6/DenyHosts/counter.py
DenyHosts-2.6/DenyHosts/old-daemon.py
DenyHosts-2.6/DenyHosts/util.py
DenyHosts-2.6/DenyHosts/daemon.py
DenyHosts-2.6/DenyHosts/python_version.py
DenyHosts-2.6/DenyHosts/allowedhosts.py
DenyHosts-2.6/DenyHosts/filetracker.py
DenyHosts-2.6/DenyHosts/loginattempt.py
DenyHosts-2.6/DenyHosts/restricted.py
DenyHosts-2.6/DenyHosts/purgecounter.py
DenyHosts-2.6/DenyHosts/version.py
DenyHosts-2.6/DenyHosts/constants.py
DenyHosts-2.6/CHANGELOG.txt
DenyHosts-2.6/LICENSE.txt
DenyHosts-2.6/daemon-control-dist
DenyHosts-2.6/plugins/
DenyHosts-2.6/plugins/README.contrib
DenyHosts-2.6/plugins/shorewall_allow.sh
DenyHosts-2.6/plugins/shorewall_deny.sh
DenyHosts-2.6/plugins/test_deny.py
DenyHosts-2.6/scripts/
DenyHosts-2.6/scripts/restricted_from_invalid.py
DenyHosts-2.6/scripts/restricted_from_passwd.py
DenyHosts-2.6/README.txt
DenyHosts-2.6/MANIFEST.in

[salt@localtoast source]$ cd DenyHosts-2.6
(change directory to the uncompressed python source of DenyHosts)
[salt@localhost DenyHosts-2.6]$ more README.txt
(read the README.txt file for DenyHosts. This should be mandatory for every installation. It will save you so much time!)
Ok, you have read the README.txt, peaked somewhat on the Python code.
Now you will have to switch to the root user aka the super-users.
[salt@localtoast source]$ su -
You will need to cd back to the source directory of DenyHosts as user root.
[root@localtoast DenyHosts-2.6]#

Edit the files descibed in the README.txt file. If necessary. Red Hat and Fedora users should be able to run the default configuration. Make sure the is moved or copied to /usr/share/denyhosts/

Fire up and test DenyHosts with
[root@localtoast DenyHosts-2.6]# daemon-control start
starting DenyHosts: /usr/bin/env python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg

# tail /var/log/denyhosts (monitor denyhosts)

To verify that DenyHost is running as process, you can check with your ps commands.

[root@localtoast DenyHosts-2.6]# ps lax | grep deny
1 0 3826 1 16 0 9600 2808 - S ? 0:00 python /usr/bin/denyhosts.py --daemon --config=/usr/share/denyhosts/denyhosts.cfg

The same goes to verify that process is not running.

[root@localhost DenyHosts-2.6]# daemon-control stop
sent DenyHosts SIGTERM

The author has made it simple to have DenyHosts started by the run control scripts.
Read his README.txt for more information.

Use # chkconfig --add denyhosts and it will start at boot.

Verify with # chkonfig denyhosts --list
If your are running a server or system that has the ssh port 22/tcp, 22/udp reachable, start DenyHosts and tail your /etc/hosts.deny file and enjoy the attacks gettings smacked. :-)

# tail -f /etc/hosts.deny

Good work DenyHosts author!