Hey, Jesse et. al.
I have been using a firewall blocking script with DH for a couple of years. It
nukes all access to and through the firewall from the offending host. I had to
add the allowed-hosts check because sometimes hosts in that list still were
being blocked.
Here's what I have been using. Modify at will, and YMMV. If it burns down
your building and starts WW III, don't sue me.
=======================================================
cat denyhosts_script.sh
#!/bin/sh
echo -n `date '+%F %T - '` >> /var/log/denyhosts.log
# If the address is not in allowed-hosts file...
if [[ `grep "$1" /usr/share/denyhosts/allowed-hosts | wc -l` == 0 ]]
then
/sbin/iptables -I INPUT -s $1 -j DROP
/sbin/iptables -I FORWARD -s $1 -j DROP
echo "$2 Denying $1" >> /var/log/denyhosts.log
else
echo "$2 NOT denying $1" >> /var/log/denyhosts.log
fi
=======================================================
cat unblock_script.sh
#!/bin/sh
echo -n `date '+%F %T - '` >> /var/log/denyhosts.log
# See if the address is being blocked...
if [[ `/sbin/iptables -L -n | grep $1 | wc -l` == 0 ]]
then
echo "$2 NOT unblocking $1 since it is not blocked" >>
/var/log/denyhosts.log
else
/sbin/iptables -D INPUT -s $1 -j DROP
/sbin/iptables -D FORWARD -s $1 -j DROP
echo "$2 unblocking $1" >> /var/log/denyhosts.log
fi
-Michael
>>> Jesse Norell <[email protected]> 7/9/2009 11:51 AM >>>
On Thu, 2009-07-09 at 10:05 -0500, Neil Aggarwal wrote:
> Hello:
>
> I am considering using DenyHosts.
> I am also considering Fail2ban.
>
> To me, it seems the advantage of Fail2ban is that
> it will block more than just SSH attempts. Does
> DenyHosts have that ability?
I always configure denyhosts to log blocked hosts to a dedicated file:
HOSTS_DENY = /etc/denyhosts.blocked
BLOCK_SERVICE =
Then in hosts.allow you can use it for specific services, eg.
sshd : /etc/denyhosts.blocked : DENY
or you could use it to block all services:
ALL : /etc/denyhosts.blocked : DENY
Of course not everything uses tcp wrappers; you could write a script
that adds firewall rules for every host found in /etc/denyhosts.blocked,
or play with the PLUGIN_DENY and PLUGIN_PURGE options to manage as
denyhosts operates (personally I've not done either yet).
Jesse
> The big advantage I see for DenyHosts is the
> synchronization service. It looks like Fail2ban
> does not have that.
>
> Any insights?
>
> Thanks,
> Neil
>
> --
> Neil Aggarwal, (281)846-8957, www.JAMMConsulting.com
> Will your e-commerce site go offline if you have
> a DB server failure, fiber cut, flood, fire, or other disaster?
> If so, ask me about our geographically redudant database system.
>
>
> ------------------------------------------------------------------------------
> Enter the BlackBerry Developer Challenge
> This is your chance to win up to $100,000 in prizes! For a limited time,
> vendors submitting new applications to BlackBerry App World(TM) will have
> the opportunity to enter the BlackBerry Developer Challenge. See full prize
> details at: http://p.sf.net/sfu/Challenge
> _______________________________________________
> Denyhosts-user mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/denyhosts-user
--
Jesse Norell
Kentec Communications, Inc.
[email protected]
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
E-MAIL CONFIDENTIALITY NOTICE: This communication and any associated
file(s) may contain privileged, confidential or proprietary information
or be protected from disclosure under law ("Confidential Information").
Any use or disclosure of this Confidential Information, or taking any
action in reliance thereon, by any individual/entity other than the
intended recipient(s) is strictly prohibited. This Confidential
Information is intended solely for the use of the
individual(s) addressed. If you are not an intended recipient, you have
received this Confidential Information in error and have an obligation
to promptly inform the sender and permanently destroy, in its entirety,
this Confidential Information (and all copies thereof). E-mail is
handled in the strictest of confidence by Allied National, however,
unless sent encrypted, it is not a secure communication method and may
have been intercepted, edited or altered during transmission and
therefore is not guaranteed.
------------------------------------------------------------------------------
Enter the BlackBerry Developer Challenge
This is your chance to win up to $100,000 in prizes! For a limited time,
vendors submitting new applications to BlackBerry App World(TM) will have
the opportunity to enter the BlackBerry Developer Challenge. See full prize
details at: http://p.sf.net/sfu/Challenge
_______________________________________________
Denyhosts-user mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/denyhosts-user
