0

As someone who had no experience dealing with Unix or Linux before about 6 months ago, I'm feeling pretty comfortable with managing a Linux server now. The one question I do have is about DenyHosts, and how it's sending out reports.

Firstly, I get about 3 to 4 DenyHosts reports a day. My first question is, is it really true that that many people are trying to brute-force my server? Every time someone is locked out, I get an email that a host has been denied access, which isn't that important to me, as I'm the only human user on the system.

Is there a better way to handle the flood of emails coming to me, or a better way to stop people from trying to gain access to my server? Currently I have all of my root email forwarded to an actual email address, so I don't have to login via SSH to read it. (Root login is disabled, so I login as myself and sudo su into root.

Any insight into this would be much appreciated.

Noel Forte
  • 453
  • 1
  • 5
  • 16

2 Answers2

1

Re: "brute-forcing my server":

You can take a look at what sshd is logging, usually somewhere below /var/log. After that you might have trouble sleeping for a while...

Re: "flood of emails":

You might want to look into handling emails locally, i.e. on the server. There are tools like "procmail" around which can be configured to sort, discard or forward messages according to quite flexible criteria.

Stefan Schmiedl
  • 321
  • 2
  • 4
0

To answer you question, I don't think you can. denyhosts doesn't have such a setting. It is sent every time ip addresses are blacklisted. You can get an email as often as the daemon is NOT sleeping. That's once a minute if the sleep time is 60s in denyhosts.conf:

DAEMON_SLEEP = 60s

The only way I see to easily reduce the number of emails is to set DAEMON_SLEEP to a higher value.

You can also use fail2ban instead of denyhosts, but it looks like it also has that same "e-mail sending" issue.

rosch
  • 101
  • 1