/var/log/secureの怪しいアタック元IPを自動でhosts.denyに追加するツール「Denyhosts」を導入してみました。
対象はsshdです。
# yum install Denyhosts –enablerepo=epel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.nara.wide.ad.jp
* epel: ftp.kddilabs.jp
* extras: ftp.nara.wide.ad.jp
* updates: ftp.nara.wide.ad.jp
Setting up Install Process
No package Denyhosts available.
* Maybe you meant: denyhosts
Nothing to do
[root@www16377u ~]# yum install denyhosts –enablerepo=epel
Loaded plugins: fastestmirror
Loading mirror speeds from cached hostfile
* base: ftp.nara.wide.ad.jp
* epel: ftp.kddilabs.jp
* extras: ftp.nara.wide.ad.jp
* updates: ftp.nara.wide.ad.jp
Setting up Install Process
Resolving Dependencies
–> Running transaction check
—> Package denyhosts.noarch 0:2.6-5.el5 set to be updated
–> Finished Dependency Resolution
Dependencies Resolved
===================================================================================================================
Package Arch Version Repository Size
===================================================================================================================
Installing:
denyhosts noarch 2.6-5.el5 epel 98 k
Transaction Summary
===================================================================================================================
Install 1 Package(s)
Upgrade 0 Package(s)
Total download size: 98 k
Is this ok [y/N]: y
Downloading Packages:
denyhosts-2.6-5.el5.noarch.rpm | 98 kB 00:00
Running rpm_check_debug
Running Transaction Test
Finished Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : denyhosts 1/1
Installed:
denyhosts.noarch 0:2.6-5.el5
Complete!
起動してみた。
# denyhosts-control start
/etc/hosts.denyを確認してみたら確かに追加されていました。こりゃ便利。