Tag Archives: denyhosts

Whitelist in fail2ban and denyhosts

All SysAdminMan servers come with fail2ban and denyhosts installed. These are two software packages that do similar things so can be confusing.
Here are the differences –

fail2ban
monitors Asterisk logs for failed ‘Register’ attempts and blocks the IP using IPTables. This means if you get yourself blocked it will appear as though the server has gone down

denyhosts
monitors /var/log/secure for failed SSH attempts and just blocks the IP for SSH access. You will get connection refused just for SSH if you get yourself blocked

It’s possible to whitelist your own IPs so that they don’t get accidentally blocked by following the instructions below.

You should replace 123.123.123.123 with your own IP –

export ignoreip="123.123.123.123"

sed -i "s/ignoreip = /ignoreip = $ignoreip /" /etc/fail2ban/jail.conf
service fail2ban restart

echo "sshd: $ignoreip" >> /etc/hosts.allow
service denyhosts restart

How to stop your IP address being blocked by denyhosts

Sysadminman VPSs come with a small utility called denyhosts installed. This monitors for people trying to connect to your VPS via SSH and if too many invalid login attempts are detected then the IP address is blocked.

To prevent this happening to your IP address you can add it to /etc/hosts.allow.

For instance if your IP adress is 123.123.123.123 then add it to the bottom of the /etc/hosts.allow file like this –

#
# hosts.allow   This file describes the names of the hosts which are
#               allowed to use the local INET services, as decided
#               by the '/usr/sbin/tcpd' server.
#
sshd: 123.123.123.123