38 lines
1.1 KiB
Plaintext
38 lines
1.1 KiB
Plaintext
This is a fork of denyhosts, it'll run the same with a few small changes. I
|
|
expect more code cleanup and a total shift to iptables in future.
|
|
|
|
REQUIREMENTS:
|
|
|
|
PRECAUTION:
|
|
|
|
PRE-INSTALL:
|
|
|
|
POST-INSTALL:
|
|
|
|
Edit /etc/denyhosts/denyhosts.conf as needed.
|
|
|
|
Edit /etc/inetd.conf, I added:
|
|
|
|
#<service_name> <sock_type> <proto> <flags> <user> <server_path> <args>
|
|
sshd stream tcp nowait root /usr/sbin/sshd in.sshd
|
|
|
|
Add inetd and denyhosts to services array on /etc/rc.conf, after net and before sshd is loaded (and any other services used by denyhost and inetd (not sure if this is necessary but i believe its good to allow protection before the services start).
|
|
|
|
PRE-REMOVE:
|
|
|
|
POST-REMOVE:
|
|
|
|
NOTES:
|
|
|
|
To protect sshd.
|
|
|
|
Edit /etc/hosts.allow and comment out everything, everything will have access by default.
|
|
|
|
Edit /etc/hosts.deny and comment out the "ALL: ALL: DENY" part, also the "#End of file" bit will be useless as denyhosts appends to the file.
|
|
|
|
(note the config in inetd.conf doesn't seem to be right or needed? see
|
|
messages upon boot up, any corrections email me :) )
|
|
|
|
Danny Rawlins, <contact at romster dot me
|
|
|