1 |
On 10/6/05, A. Khattri <ajai@××××.net> wrote: |
2 |
> |
3 |
> Looks great - Ill look into this. On this web server, I allow ssh |
4 |
> connections so many of the techniques discussed on the thread (different |
5 |
> ports, port knocking, etc) are not open to me. If I didn't need to give |
6 |
> out ssh access I would just switch of password auth ;-) |
7 |
> |
8 |
> Anyway, Ill go look at denyhosts... |
9 |
|
10 |
Let me know if you have any issues getting it set up. You basically |
11 |
extract the tarball to a location of your choice - |
12 |
/usr/local/denyhosts in my case, copy the denyhosts.cfg to /etc, |
13 |
configure it as you want, and then add the following cron job: |
14 |
|
15 |
* * * * * python /usr/local/DenyHosts/denyhosts.py -c /etc/denyhosts.cfg |
16 |
|
17 |
That will (obviously) run the script every minute. Sure, that may be |
18 |
overkill, but it shouldn't hurt anything. If you keep your old |
19 |
logfiles, you can manually run them through denyhosts. The script is |
20 |
able to deal gracefully with gzipped logfiles. Look through the |
21 |
documentation to see how to do this. |
22 |
|
23 |
-Erik |
24 |
|
25 |
-- |
26 |
gentoo-server@g.o mailing list |