每天都有大量的 ssh 嘗試入侵登入失敗的紀錄,人工去設定 Deny IP 太麻煩。安裝 DenyHosts 來自動處理。
# tar -zxvf DenyHosts-2.6.tar.gz # cd DenyHosts-2.6/ # python setup.py install 預設會安裝到 /usr/share/denyhosts/ 目錄內 # cd /usr/share/denyhosts/ # cp denyhosts.cfg-dist denyhosts.cfg # vi denyhosts.cfg (非必要) # cp daemon-control-dist daemon-control # vi daemon-control (非必要) 確認 daemon-control 的設定 DENYHOSTS_BIN = "/usr/bin/denyhosts.py" DENYHOSTS_LOCK = "/var/lock/subsys/denyhosts" DENYHOSTS_CFG = "/usr/share/denyhosts/denyhosts.cfg" # chown root daemon-control # chmod 700 daemon-control 執行 # ./daemon-control Usage: ./daemon-control {start [args...] | stop | restart [args...] | status | debug | condrestart [args...] } For a list of valid 'args' refer to: $ denyhosts.py --help # ./daemon-control start 設定成系統服務 # cd /etc/init.d/ # ln -s /usr/share/denyhosts/daemon-control denyhosts # chkconfig --add denyhosts # chkconfig --level 2345 denyhosts on