SuseInstallDenyHosts

Install Deny Hosts on SUSE Linux 11

Installation is fairly similar to the installation on Slackware I have documented, except for the changes noted below in the configuration section:

1. Install Deny Hosts itself

Fairly easy to do, unpack as root:

# tar xvzf DenyHosts-2.6.tar.gz

Then, cd in the directory created and enter:

# python ./setup.py install

Now, proceed to configuration.

2. Configure Deny Hosts

Copy the original files under their new names:

# cd /usr/share/denyhosts
# cp -v ./daemon-control-dist ./daemon-control
# cp -v ./denyhosts.cfg-dist ./denyhosts.cfg

Edit daemon-control and make sure the following line points to /usr/local/bin instead /usr/bin which is the default:

DENYHOSTS_BIN   = "/usr/local/bin/denyhosts.py"

Make sure the denyhosts.cfg points to the correct Suse log file (instead of the Red Hat files, which are the default):

# SuSE:
SECURE_LOG = /var/log/messages

3. Add the init.d start script

This one works very well:

#!/bin/sh
# Start/stop/restart Deny Hosts

# Start Deny Hosts:
dnh_start() {
  CMDLINE="/usr/share/denyhosts/daemon-control"
  echo "Starting Deny Hosts daemon:  $CMDLINE"
  $CMDLINE start
  echo
}

# Stop Deny Hosts:
dnh_stop() {
  CMDLINE="/usr/share/denyhosts/daemon-control"
  echo "Stopping Deny Hosts daemon:  $CMDLINE"
  $CMDLINE stop
  echo
}

# Restart Deny Hosts:
dnh_restart() {
  dnh_stop
  sleep 1
  dnh_start
}

# Check if Deny Hosts is running
dnh_status() {
  CMDLINE="/usr/share/denyhosts/daemon-control"
  $CMDLINE status
  echo
}

case "$1" in
'start')
  dnh_start
  ;;
'stop')
  dnh_stop
  ;;
'restart')
  dnh_restart
  ;;
'status')
  dnh_status
  ;;
*)
  echo "usage $0 start|stop|restart|status"
esac

Add the symbolic links that allow Deny Hosts to start:

# cd /etc/init.d/rc3.d
# ln -v --symbolic ../denyhosts.sh ./S08denyhost
# ln -v --symbolic ../denyhosts.sh ./K02denyhost

4. Add a whitelist

This can be very useful, in case your co-workers are too dumb to use SSH keys or an SSH client that store the password within a session:

# cd /usr/share/denyhosts
# mkdir -v data
# cd data
# touch allowed-hosts
# vi allowed-hosts

Add to allowed-hosts, for instance:

# allow all admin LAN machines:
192.168.0.[10-128]

... And you are in business!

Hope this helps...

See Also: