November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Categories

November 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
252627282930  

Block brute force attacks using denyhost

ssue:

Check your /var/log/auth.log file. In this file you can able to see that some unauthorized user is constantly trying to access your system using brute force attacks. He/she trying to get the access of your system by some scripts which is trying to login with different password. We can block this using simple iptables rule.

Step 1 : Install Denyhost tools in your system.

apt-get install denyhost

Step 2 : Configure /etc/denyhost.conf file based on your requirement

* configure this file to anylize the log file

SECURE_LOG = /var/log/auth.log(default)

DENY_THRESHOLD_INVALID = 3 (will  block each host after the number of failed login)

DENY_THRESHOLD_VALID = 5  (will  block each host after the number of failed login for valid user login attempts)

 

DENY_THRESHOLD_ROOT = 3 (for root login)

Step 3 : Restat denyhost

#/etc/init.d/denyhost restart

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>