Setting up Fail2ban / DenyHosts

Posted on 2007-10-05
Medium Priority
Last Modified: 2013-12-16
Ideally I would like to set up DenyHosts to cover proftpd, apache, etc. as it does for SSH.  If that's possible - does anyone know of a guide?

If that's not possible, does anyone know if it's better to have fail2ban use iptables vs hosts.deny?

Question by:csullins

Assisted Solution

by:Bradley Haynes
Bradley Haynes earned 400 total points
ID: 20025883
LVL 16

Expert Comment

ID: 20039502

If you use Fedora or Redhat you can type:

yum install denyhosts
LVL 19

Accepted Solution

Gabriel Orozco earned 600 total points
ID: 20062853

DenyHosts is a python script built specifically for the threat on ssh. as fas as I can see it has not been updated to be used with other log files and other patterns.

then it is a very good idea to use fail2ban for that purpose. Use of iptables for blocking addresses will not impact your performance and will save you from attacks.

Looking at fail2ban, I see it can work with hosts.deny. however not all daemons are configured to use tcpwrappers, so for these you can just use iptables:

#  Uses Netfilter/Iptables by default but can also use TCP Wrapper (/etc/hosts.deny) and many other actions.
# Can handle more than one service (sshd, apache, vsftpd, etc).

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

​Being a Managed Services Provider (MSP) has presented you  with challenges in the past— and by meeting those challenges you’ve reaped the rewards of success.  In 2014, challenges and rewards remain; but as the Internet and business environment evol…
In the first part of this tutorial we will cover the prerequisites for installing SQL Server vNext on Linux.
Learn how to navigate the file tree with the shell. Use pwd to print the current working directory: Use ls to list a directory's contents: Use cd to change to a new directory: Use wildcards instead of typing out long directory names: Use ../ to move…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month13 days, 13 hours left to enroll

755 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question