/var/log/secureの怪しいアタック元IPを自動でhosts.denyに追加

         

/var/log/secureの怪しいアタック元IPを自動でhosts.denyに追加するツール「Denyhosts」を導入してみました。
対象はsshdです。

リポジトリはepelにしてインストール

# yum install Denyhosts --enablerepo=epel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.nara.wide.ad.jp
* epel: ftp.kddilabs.jp
* extras: ftp.nara.wide.ad.jp
* updates: ftp.nara.wide.ad.jp
Setting up Install Process
No package Denyhosts available.
* Maybe you meant: denyhosts
Nothing to do
[root@www16377u ~]# yum install denyhosts --enablerepo=epel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.nara.wide.ad.jp
* epel: ftp.kddilabs.jp
* extras: ftp.nara.wide.ad.jp
* updates: ftp.nara.wide.ad.jp
Setting up Install Process
Resolving Dependencies
--> Running transaction check
---> Package denyhosts.noarch 0:2.6-5.el5 set to be updated
--> Finished Dependency Resolution

Dependencies Resolved

===================================================================================================================
Package Arch Version Repository Size
===================================================================================================================
Installing:
denyhosts noarch 2.6-5.el5 epel 98 k

Transaction Summary
===================================================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)

Total download size: 98 k
Is this ok [y/N]: y
Downloading Packages:
denyhosts-2.6-5.el5.noarch.rpm | 98 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : denyhosts 1/1

Installed:
denyhosts.noarch 0:2.6-5.el5

Complete!

起動してみた。

これだけ
# denyhosts-control start

/etc/hosts.denyを確認してみたら確かに追加されていました。こりゃ便利。

コメントを残す