Whether you know it or not, someone is trying to hack into your computer right now. Well, that is true with some statistical assumptions. At the very least, if you are running SSH services, someone is trying to log in through SSH. On my lowly web server which gets about 10,000 hits a month (not very many), I clocked 915 authentication failures in only 4 days. This number may seem high, but it could be MUCH higher. The reason is because of Deny Host.

Deny Host is a service which runs along side SSH and monitors SSH's authentication logs. Depending on what parameters you set, Deny Host will add an IP address to the /etc/hosts.deny file if that IP has too many failed login attempts. This prevents an attacker from attacking your system from a single internet connection. In order to get more than a few login attempts, the attacker would need to change IP addresses. This is not easily done. The attacker would need either a swarm of systems, or some control over what public IP address they use. Though this can be done via proxies or illegally set static IPs within a DHCP distributed range for those using regular residential ISPs, each IP address would only get a few attempts. Even with thousands of IPs to choose from, the attacker would only get a few thousand tries. The chances are slim that a few thousand authentications will have significant impact on the servers load, and the chances are more slim that access would be attained via a guessed valid username and password combination. Also, if Deny Host is employed as a defense, an admin would immediately notice the slew of denied IP address emails piling up in her inbox.

Deny Host is an application I install on every linux system I administer, even my laptop. In fact, I do it so often that I became somewhat bothered by the somewhat tedious install process. Also, despite its effectiveness, it is not included in the Ubuntu repository. "What did I do?", you ask? I wrote a script!!! I suppose you want to see it...

Download Script or copy and paste the following code into a file:

#!/bin/bash
 
# This script installs Deny Host, and useful SSH monitoring daemon.
 
################################################################################
#
# This script distributed free of charge by HildoerSystems.com
#
# This script comes with no warranty or guarantee. Please review the script
# before you run it to ensure that it will not cause adverse effects on your
# system.
#
# If you have any questions or comments, please e-mail: Anthony@HildoerSystems.com
#
################################################################################
 
sudo echo
 
if [ -f /etc/init.d/denyhosts ]; then
    echo Removing existing init scripts
    sudo /etc/init.d/denyhosts stop
    sudo rm -rf /etc/init.d/denyhosts
    sudo update-rc.d denyhosts remove
    echo '*********************'
    echo 
fi 
 
if [ -d /usr/share/denyhosts/ ]; then
    echo Removing existing installation
    sudo rm -rf /usr/share/denyhosts
    echo '*********************'
    echo 
fi
 
echo Installing 'python' and dependencies.
sudo aptitude -y install python
echo '*********************'
echo
 
cd /tmp 
 
echo Downloading DenyHost
wget http://superb-east.dl.sourceforge.net/sourceforge/denyhosts/DenyHosts-2.6.tar.gz
echo '*********************'
echo
 
echo Unpacking DenyHost
tar -xzf DenyHosts-2.6.tar.gz
 
directory=`ls -l | grep '^d' | grep 'DenyHosts-' | sed 's/\s\s*/ /g' | cut -f8 -d' ' | sort -n | tail -1`
 
cd $directory 
echo '*********************'
echo
 
echo Installing DenyHost
sudo python setup.py install
echo '*********************'
echo
 
cd /usr/share/denyhosts
 
echo Configuring DenyHost
sudo cp denyhosts.cfg-dist denyhosts.cfg
sudo sed -i.bak 's/^\s*\(SECURE_LOG\s*=.*\)$/#\1/' denyhosts.cfg
sudo sed -i.bak 's/^\s*#\s*SECURE_LOG\s*=\s*\/var\/log\/auth.log/SECURE_LOG = \/var\/log\/auth.log/' denyhosts.cfg
sudo sed -i.bak 's/^\s*\(LOCK_FILE\s*=.*\)$/#\1/' denyhosts.cfg
sudo sed -i.bak 's/^\s*#\s*LOCK_FILE\s*=\s*\/var\/run\/denyhosts.pid/LOCK_FILE = \/var\/run\/denyhosts.pid/' denyhosts.cfg
sudo sed -i.bak 's/^\s*\(BLOCK_SERVICE\s*=.*\)$/#\1/' denyhosts.cfg
sudo sed -i.bak 's/^\s*#\s*BLOCK_SERVICE\s*=\s*ALL/BLOCK_SERVICE  = ALL/' denyhosts.cfg
echo '*********************'
echo
 
echo Configuring executable
sudo cp daemon-control-dist daemon-control
sudo sed -i.bak 's/^\(\s*DENYHOSTS_BIN\s*=\s\).*$/\1"\/usr\/bin\/denyhosts.py"/' daemon-control
sudo sed -i.bak 's/^\(\s*DENYHOSTS_LOCK\s*=\s\).*$/\1"\/var\/run\/denyhosts.pid"/' daemon-control
sudo sed -i.bak 's/^\(\s*DENYHOSTS_CFG\s*=\s\).*$/\1"\/usr\/share\/denyhosts\/denyhosts.cfg"/' daemon-control
sudo chown root daemon-control
sudo chmod 700 daemon-control
echo '*********************'
echo
 
echo Adding ddclient to rc scripts 
cd /etc/init.d
sudo ln -s /usr/share/denyhosts/daemon-control denyhosts
sudo update-rc.d denyhosts defaults 
echo '*********************'
echo
 
echo Deleting temporary files
sudo rm -rf /tmp/DenyHost*
echo '*********************'
echo
 
echo Starting DenyHost
sudo /etc/init.d/denyhosts start
echo '*********************'
echo