If you look after a remote linux box, the chances are you use SSH, in order to connect to it you may even have to leave PORT 22 open to the whole Internet !
There are some basic security steps that you can do to protect SSH, such as block the root user from logging in, and force users to use STRONG authentication.
Even after you've done all you can, logwatch will report that people are still wasting your time & resource by trying to break in ! This is where DenyHosts step in, it's a small script (daemon) that keeps an eye on your SSH log file, if it spots someone trying to Brute Force Attack your SSH accounts, it adds them to hosts.deny (it's like a firewall for some applications) and stops them from being able to connect.
I'm using redhat, so a pre-built rpm is available, if you already have DAG setup, you can use...
yum install denyhosts
I then had to run through the following steps (as root).
mkdir /usr/share/denyhosts mkdir /usr/share/denyhosts/data/ echo '127.0.0.1' > /usr/share/denyhosts/data/allowed-hosts cd /usr/share/denyhosts cp /usr/share/doc/denyhosts-2.6/denyhosts.cfg-dist ./denyhosts.cfg cp /usr/share/doc/denyhosts-2.6/daemon-control-dist ./daemon-control chmod 700 /usr/share/denyhosts/daemon-control ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts ln -s /usr/share/denyhosts/denyhosts.cfg /etc/denyhosts.cfg /sbin/chkconfig denyhosts on
once you've charged through that marathon, in /etc/denyhosts.cfg you may want to take a look (and change) the following settings (Variables)
PURGE_DENY = ADMIN_EMAIL = SMTP_FROM = DenyHosts <[email protected]>
finally once you're happy, start the DenyHosts service
Now you're logwatch report will show how may tries they had, and then Denied !
Refused incoming connections: 126.96.36.199 (some.name.com ): 2 Time(s)
Of course one option commonly suggested is to change the SSH port number from 22 to something else, where as this will reduce the amount of attacks on the service, it does absolutely nothing to protect it; of course you could do both, it's all a matter of choice :)