http://denyhosts.sourceforge.net/
tar -zxvf DenyHosts-2.6.tar.gz
cd DenyHosts-2.6
python setup.py install #安装
cd /usr/share/denyhosts
cp denyhosts.cfg-dist denyhosts.cfg #创建配置文件
cp daemon-control-dist daemon-control #启动文件副本
ln -s /usr/share/denyhosts/daemon-control /etc/init.d/denyhosts # 创建软连接
设置Denyhosts为开机自动启动
chkconfig --add denyhosts # 添加denyhosts服务
chkconfig denyhosts on # 设置denyhosts在各等级为开启状态
chkconfig --list denyhosts # 查询是否设置成功
修改配置文件
vim denyhosts.cfg
egrep -v "(^$|^#)" /usr/share/denyhosts/denyhosts.cfg
PURGE_DENY = 1w
BLOCK_SERVICE = sshd
DENY_THRESHOLD_INVALID = 5
DENY_THRESHOLD_VALID = 5
DENY_THRESHOLD_ROOT = 5
DENY_THRESHOLD_RESTRICTED = 1
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=NO
LOCK_FILE = /var/lock/subsys/denyhosts
AGE_RESET_VALID=1d
AGE_RESET_ROOT=1d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts
DAEMON_SLEEP = 30s
DAEMON_PURGE = 1w
启动denyhosts服务
systemctl start denyhosts # 启动denyhosts服务
systemctl status denyhosts # 查询denyhosts服务状态
移除黑名单
systemctl stop denyhosts
在 /etc/hosts.deny /usr/share/denyhosts/data中删除你想取消的主机IP
systemctl restart denyhosts
暴力添加白名单
vim /etc/hosts.allow
sshd:117.78.49.95:allow