介绍

DenyHosts是由Phil Schwartz开发并由许多开发人员维护的实用程序，旨在阻止sshd（ssh服务器）暴力攻击。最新版DenyHosts-3.1已支持Debian10，但只有Python3下面使用。

安装前准备python工具

# apt install git python3-pip

安装DenyHosts

为了方便以后卸载，加上了（--record log）参数，也可以省略。

# git clone https://github.com/denyhosts/denyhosts.git
# cd denyhosts
# python3 setup.py install --record log

以下是安装时部分输出结果：

running install_scripts
copying build/scripts-3.7/denyhosts.py -> /usr/local/bin
copying build/scripts-3.7/daemon-control-dist -> /usr/local/bin
changing mode of /usr/local/bin/denyhosts.py to 755
changing mode of /usr/local/bin/daemon-control-dist to 755
running install_data
copying denyhosts.conf -> /etc
copying denyhosts.8 -> /usr/share/man/man8
running install_egg_info
Writing /usr/local/lib/python3.7/dist-packages/DenyHosts-3.1.2.egg-info
writing list of installed files to 'log'

从输出信息可以看到安装后文件的路径。

参数修正

# cd /usr/local/bin
# ln -s daemon-control-dist daemon-control
# vim daemon-control

修改18，22行如下:

 18 DENYHOSTS_BIN = "/usr/local/bin/denyhosts.py"
 19 DENYHOSTS_LOCK = "/run/denyhosts.pid"
 20 DENYHOSTS_CFG = "/etc/denyhosts.conf"
 21
 22 PYTHON_BIN = "/usr/bin/env python3"

运行

# daemon-control start --noemail

检查

# ps -aux | grep denyhosts
root       808  0.0  0.3  29220 13304 ?        S    15:21   0:00 python3 /usr/local/bin/denyhosts.py --daemon --config=/etc/denyhosts.conf
root       810  0.0  0.0   3084   880 pts/0    S+   15:21   0:00 grep denyhosts