ssh 공격방지 denyhost설치방법

<strong>DenyHosts 설치로 SSH 공격을 방지하자~</strong>

<strong>다운로드:</strong>
<a href="http://denyhosts.sourceforge.net/faq.html#allowed" target="_blank" rel="nofollow">http://denyhosts.sourceforge.net/faq.html#allowed</a>
<a href="http://goo.gl/ISPzH" target="_blank" rel="nofollow">http://goo.gl/ISPzH</a>

<strong>설치:</strong>
python setup.py install
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg

cp daemon-control-dist daemon-control

vi /usr/share/denyhosts/daemon-control

설정파일이 아래와 같은지 확인한다.
DENYHOSTS_BIN = "/usr/bin/denyhosts.py"
DENYHOSTS_LOCK = "/var/run/denyhosts.pid"
DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg"

chown root daemon-control
chmod 700 daemon-control

cd /etc/init.d
ln -s /usr/share/denyhosts/daemon-control denyhosts


chkconfig --add denyhosts 
chkconfig --list denyhosts

/etc/init.d/denyhosts start
<strong>명령어:</strong>
daemon-control start  데몬시작
daemon-control stop 데몬중지
daemon-control restart  재시작
daemon-control debug 디버그
daemon-control status 상태

<strong>DenyHosts 차단된 ip 해제하는 방법</strong>

How can I remove an IP address that DenyHosts blocked?

If you have been accidentally locked out of one of your hosts (because DenyHosts has added it to /etc/hosts.deny you may have noticed that simply removing it from /etc/hosts.deny does not in itself correct the issue) since DenyHosts keeps track of the attempts in the WORK_DIR files. In order to cleanse the address you will need to do the following:
Stop DenyHosts
<span style="color: #808000;">Remove the IP address from /etc/hosts.deny</span>
Edit WORK_DIR/hosts and remove the lines containing the IP address. Save the file.
Edit WORK_DIR/hosts-restricted and remove the lines containing the IP address. Save the file.
Edit WORK_DIR/hosts-root and remove the lines containing the IP address. Save the file.
Edit WORK_DIR/hosts-valid and remove the lines containing the IP address. Save the file.
Edit WORK_DIR/user-hosts and remove the lines containing the IP address. Save the file.

(optional) Consider adding the IP address to WORK_DIR/allowed-hosts

Start DenyHosts
Note: Not all of the WORK_DIR files will contain the IP address so you may want to use grep to determine which files contain the IP address.
How can I remove an IP address that DenyHosts blocked?
If you have been accidentally locked out of one of your hosts
(because DenyHosts has added it to /etc/hosts.deny you may have noticed that
simply removing it from /etc/hosts.deny does not in itself correct the issue)
since DenyHosts keeps track of the attempts in the WORK_DIR files.
<strong>참고자료:</strong>
<a href="http://goo.gl/Ul3fC" target="_blank" rel="nofollow">http://goo.gl/Ul3fC</a>