Difference between revisions of "Denyhosts"

From SME Server
Jump to navigationJump to search
(added Editing configuration section)
(Installation instructions updated. Customizing instructions.)
Line 15: Line 15:
 
=== Installation ===
 
=== Installation ===
  
1. Log in (with username root) to the SMEserver console.
+
# Log in (with username root) to the SMEserver console.
 +
# Install smeserver-denyhosts<pre>/usr/bin/yum install smeserver-denyhosts --enablerepo=smecontribs</pre> You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server.
 +
# Open your webbrowser and go to the server-manager.<br>Under "Security" there should be a new line named "SSH Denyhosts". You should go to it and configure all necessary allowed hosts before enabling the service. When done set status to 'enabled'.
  
2. Install smeserver-denyhosts
 
  
yum install smeserver-denyhosts --enablerepo=smecontribs
+
Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh  your browser and configure denyhosts,.
  
You will get a y/N-question, answer y if it looks fine.
 
  
3. Instructions at the end of previous installation advices the following commands:
+
=== Editing configuration ===
<br><code>signal-event post-upgrade and signal-event reboot</code>
+
Q) How can the denyhost configuration be customized?
 
 
'''it is recommended to do so  !'''
 
 
 
<br>but you can skip that  using
 
/etc/e-smith/events/actions/navigation-conf
 
 
 
4. Open your webbrowser and go to the server-manager.
 
<br>Under "Security" there should be a new line named "SSH Denyhosts".
 
 
 
You should go to it and configure all necessary allowed host before enabling the service
 
 
 
 
 
Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 to 3, then refresh  your browser and configure denyhosts,.
 
  
 +
A) You must copy the templates to the templates-custom directory and modify the appropriate fragments.
 +
mkdir -p /etc/e-smith/templates-custom/etc/denyhosts.conf
 +
cd /etc/e-smith/templates-custom/etc/denyhosts.conf/
 +
cp ../../../templates/etc/denyhosts.conf/* .
 +
Now edit the appropriate files. See the [http://denyhosts.sourceforge.net/faq.html Denyhosts FAQ] for details. When done make your changes effective:
 +
signal-event conf-denyhosts
  
=== Editing configuration ===
 
  
 
Q) How is an ip-address removed from the blocked list?
 
Q) How is an ip-address removed from the blocked list?

Revision as of 13:24, 3 March 2009


Denyhosts SSH for SME7

Maintainer

Unnilennium aka Jean-Philippe PIALASSE (Contrib)

Description

  • Denyhosts bans hosts which failed too many login attempts to your ssh deamon.
  • It contains also a panel in the server manager to see who is blocked, add some allowed hosts not to block and enable or disable the service.


it needs the packages smeserver-denyhosts and denyhosts

Installation

  1. Log in (with username root) to the SMEserver console.
  2. Install smeserver-denyhosts
    /usr/bin/yum install smeserver-denyhosts --enablerepo=smecontribs
    You will get a y/N-question, answer y if it looks fine. There is no need to reboot the server.
  3. Open your webbrowser and go to the server-manager.
    Under "Security" there should be a new line named "SSH Denyhosts". You should go to it and configure all necessary allowed hosts before enabling the service. When done set status to 'enabled'.


Alternatively you can use the server-manager panel "Software installer" to add a new package and select smeserver-denyhosts (repo smecontribs must be enabled) then do the reconfiguration and reboot task, instead of steps 1 and 2, then refresh your browser and configure denyhosts,.


Editing configuration

Q) How can the denyhost configuration be customized?

A) You must copy the templates to the templates-custom directory and modify the appropriate fragments.

mkdir -p /etc/e-smith/templates-custom/etc/denyhosts.conf
cd /etc/e-smith/templates-custom/etc/denyhosts.conf/
cp ../../../templates/etc/denyhosts.conf/* .

Now edit the appropriate files. See the Denyhosts FAQ for details. When done make your changes effective:

signal-event conf-denyhosts


Q) How is an ip-address removed from the blocked list?

A) Edit the configuration file and and restart the service.

pico -w /etc/hosts.deny_ssh

Make required changes, then save & exit

ctrl + c

ctrl + x

/etc/init.d/denyhosts restart

Uninstall

yum remove smeserver-denyhosts denyhosts

or alternatively just remove them from the server-manager "Software installer"

Additional information

you can change the destination email account, instead of the default admin account, for this contribs using :

config setprop denyhosts AdminEmail youremail@yourdomaine.tld
signal-event conf-denyhosts


Check installed version

yum info installed smeserver-denyhosts