DenyHOSTS requires TCP Wrappers
You may be able to find out if a daemon is compiled with TCP Wrappers using ldd and looking for the libwrap so.
eg:
# ldd `which sshd` |grep libwrap libwrap.so.0 => /lib/libwrap.so.0 (0x00007fac6668f111)or using strings and looking for hosts_access
eg:
# strings `which sshd` |grep hosts_access hosts_access
On Debian you may find out if a daemon is packaged with tcpwrappers with apt-cache.
eg:
# apt-cache rdepends libwrap0 |grep ssh openssh-server
Install denyhosts on debian
# apt-get install denyhosts
I like `whitelisting` a few hosts because by default denyhosts is trigger happy. eg to allow access from 10.12.142.92, 192.168.167.0/24, 85.26.243.146 , and 67.3.2.2 add the following line to /etc/hosts.allow
sshd: 10.12.142.92, 192.168.167. , 85.26.243.146 , 67.3.2.2 :allow
set ADMIN_EMAIL and SMTP_FROM
Denyhosts `comes` with a synchronization service --you supply the hosts attacking you and download the ones attacking to other hosts using the sync service. The sync service is disabled by default. If you want to enable it uncomment in /etc/denyhosts.conf
#SYNC_SERVER = http://xmlrpc.denyhosts.net:9911
To just supply data to the sync service add
SYNC_DOWNLOAD = noin /etc/denyhosts.conf
To just receive data from the sync service add
SYNC_UPLOAD = noin /etc/denyhosts.conf
To apply changes restart the denyhosts daemon
# /etc/init.d/denyhosts restart
URI: http://alog.ipduh.com/2013/07/denyhosts.html
