Dynamic Rule Set: DenyHosts

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or
Sign up with Google
Sign up with Apple
Sign up with Microsoft
View all SSO options

Already have an account? Sign In »

CompTIA Linux+
Course
Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hey, Cybrarians. Welcome back to
00:00
the Linux plus course here at Cybrary.
00:00
I'm your instructor, Rob Goelz.
00:00
In today's lesson, we're going to be discussing
00:00
dynamic rule set creation using DenyHosts.
00:00
Upon completion of today's lesson,
00:00
you're going to be able to understand
00:00
the purpose of DenyHosts,
00:00
and we're going to see how DenyHosts
00:00
can dynamically create rules.
00:00
DenyHosts protects against
00:00
brute-force attacks on OpenSSH.
00:00
DenyHosts is actually just really a Python script
00:00
and we can run it as a service or as a cron job.
00:00
The configuration file for
00:00
DenyHosts can be found in etc/denyhosts.conf.
00:00
With DenyHosts is it actually uses the TCP wrappers file.
00:00
We talked about this previously,
00:00
there's etc/hosts.allow and etc/hosts.deny.
00:00
Basically, the way that DenyHost works to
00:00
monitor and set up
00:00
SSHD to protect it against brute-force attacks,
00:00
is that it looks at the SSHD locks.
00:00
Now if you're talking about a RedHat-based distribution,
00:00
that log is going to be var/log
00:00
secure that it's watching.
00:00
If it's a Debian-based distribution like Ubuntu,
00:00
it's going to be looking at var/log/auth.log.
00:00
What DenyHosts actually does is look for
00:00
repeated failed authentication attempts by hosts.
00:00
Once it sees that, it adds the host of the blacklist.
00:00
Really, that block list is just etc/hosts.deny.
00:00
It adds the host IP addresses that are having repeated
00:00
fail authentication attempts into etc/hosts.deny,
00:00
and essentially it just blocks them off entirely.
00:00
Now the thing to know but DenyHosts
00:00
is there a couple of caveats,
00:00
it only works with IPV4 OpenSSH traffic,
00:00
and it uses TCP wrappers to create
00:00
rules rather than creating firewall rules.
00:00
With that, in this lesson,
00:00
we covered the purpose of DenyHosts
00:00
and we talked about how DenyHosts can
00:00
dynamically create rules to
00:00
block brute-force attacks on OpenSSH.
00:00
Thanks so much for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next
View All
Instructed By
Rob Goelz

Rob Goelz

Systems Engineer

Instructor
Similar Content
CompTIA A+ 220-1001
Course
CompTIA A+ 220-1001
4.14
Ready to start your career in IT and cybersecurity? Earn your CompTIA A+ certification on ...
12CEUs
CompTIA Linux+
Virtual Lab
CompTIA Linux+
4.5
These same tasks will help you understand the objectives and competencies required by the CompTIA ...
CompTIA Linux+ XK0-004 Practice Test
Practice Test
CompTIA Linux+ XK0-004 Practice Test
The Linux+ exam preparation bundle helps prepare students for the CompTIA Linux+ certification exam. ...