HostDeny解除封禁IP

如果想删除一个已经禁止的主机IP,只在 /etc/hosts.deny 删除是没用的。需要进入 /var/lib/denyhosts 目录,进入以下操作:

1、停止DenyHosts服务:service denyhosts stop
2、在 /etc/hosts.deny 中删除想取消的主机IP如“110.88.32.70”
3、清理iptables的规则:iptables -F
4、编辑 DenyHosts 工作目录的所有文件 /var/lib/denyhosts,并且删除已被添加的主机信息。
/var/lib/denyhosts/hosts 
/var/lib/denyhosts/hosts-restricted 
/var/lib/denyhosts/hosts-root 
/var/lib/denyhosts/hosts-valid 
/var/lib/denyhosts/users-hosts 
/var/lib/denyhosts/users-invalid 
/var/lib/denyhosts/users-valid
新建文件"list",将上面denyhosts文件路径添加到文件中,然后执行语句,批量替换
for i in `cat list`;do sed -i '/110.88.32.70/d' $i;done
5、添加你想允许的主机IP地址到 
/var/lib/denyhosts/allowed-hosts
6、启动DenyHosts服务: service denyhosts start
7、检查iptables:iptables -nvL | grep 110.88.32.70

HostDeny配置查看及源码学习
查看配置

# cat /etc/denyhosts.conf | egrep -v "^$|#"
SECURE_LOG = /var/log/auth.log
HOSTS_DENY = /etc/hosts.deny
PURGE_DENY = 4w         #过多久后清除已经禁止的,格式:i[dhwmy] ,其中i为整数,dhwmy分别为天,小时,周,分钟,年。
BLOCK_SERVICE  = sshd       #禁止的服务名
DENY_THRESHOLD_INVALID = 5  #允许无效用户失败的次数
DENY_THRESHOLD_VALID = 10   #允许普通用户登陆失败的次数
DENY_THRESHOLD_ROOT = 3     #允许root登陆失败的次数
DENY_THRESHOLD_RESTRICTED = 3   #设定 deny host 写入到文件,3是失败次数
WORK_DIR = /var/lib/denyhosts   #将deny的host或ip纪录到Work_dir中
ETC_DIR = /etc
SUSPICIOUS_LOGIN_REPORT_ALLOWED_HOSTS=YES
HOSTNAME_LOOKUP=YES         #是否做域名反解
LOCK_FILE = /run/denyhosts.pid  #将DenyHosts启动的pid纪录到LOCK_FILE中,已确保服务正确启动,防止同时启动多个服务。
IPTABLES = /sbin/iptables
ADMIN_EMAIL = root@localhost
SMTP_HOST = localhost
SMTP_PORT = 25
SMTP_FROM = DenyHosts 
SMTP_SUBJECT = DenyHosts Report
ALLOWED_HOSTS_HOSTNAME_LOOKUP=NO
AGE_RESET_VALID=5d
AGE_RESET_ROOT=25d
AGE_RESET_RESTRICTED=25d
AGE_RESET_INVALID=10d
DAEMON_LOG = /var/log/denyhosts     #设定DenyHosts的日志文件
DAEMON_SLEEP = 30s  
DAEMON_PURGE = 1h   #该项与PURGE_DENY 设置成一样,也是清除hosts.deniedssh 用户的时间。再以daemon运行时以此时间为准
SYNC_UPLOAD = no
SYNC_DOWNLOAD = no

工作目录下的文件列表

purge-history
hosts-valid #ABUSIVE_HOSTS_INVALID v1.0.0增加,eg:1.119.10.198:0:Tue Jan 30 00:10:09 2018
hosts
hosts-root
hosts-restricted
users-valid #ABUSED_USERS_INVALID v2.1增加,会验证passwd文件内容 eg:backup:43:Thu Aug 23 12:24:59 2018
users-invalid
users-hosts
suspicious-logins   //successful logins AFTER invalid
offset      //SECURE_LOG_OFFSET

如何授权放行IP?

需要在工作目录下创建文件,并写入IP
/var/lib/denyhosts/allowed-hosts  #主要
/var/lib/denyhosts/allowed-warned-hosts  #ALLOWED_WARNED_HOSTS
何为warned?失败多次但还未达到失封禁限制

源码(DenyHosts-2.6)

起停服务文件:daemon-control-dist
安装后的配置文件:denyhosts.cfg-dist
# Redhat or Fedora Core:
SECURE_LOG = /var/log/secure
#
# Mandrake, FreeBSD or OpenBSD:
#SECURE_LOG = /var/log/auth.log
#
# SuSE:
#SECURE_LOG = /var/log/messages
#
# Mac OS X (v10.4 or greater -
#   also refer to:   http://www.denyhosts.net/faq.html#macos
#SECURE_LOG = /private/var/log/asl.log
#
# Mac OS X (v10.3 or earlier):
#SECURE_LOG=/private/var/log/system.log

scripts/restricted_from_passwd.py
/etc/passwd 提取用户名,如果非系统用户登录,则拒绝并记录到restricted-usernames/users-invalid,有的记录到user-valid

函数、功能方法都在此处
DenyHosts/constants.py
常量文件,如计数器、IP写入文件定义(拒绝、允许等)
#        These files will be created relative to prefs WORK_DIR                 #
#################################################################################

SECURE_LOG_OFFSET = "offset"
DENIED_TIMESTAMPS = "denied-timestamps"
#PARSED_DATES = "file_dates"

ABUSIVE_HOSTS_INVALID = "hosts"
ABUSIVE_HOSTS_VALID = "hosts-valid"
ABUSIVE_HOSTS_ROOT = "hosts-root"
ABUSIVE_HOSTS_RESTRICTED = "hosts-restricted"

ABUSED_USERS_INVALID = "users-invalid"
ABUSED_USERS_VALID = "users-valid"
ABUSED_USERS_AND_HOSTS = "users-hosts"
SUSPICIOUS_LOGINS = "suspicious-logins"   # successful logins AFTER invalid
                                          #   attempts from same host

ALLOWED_HOSTS = "allowed-hosts"
ALLOWED_WARNED_HOSTS = "allowed-warned-hosts"

RESTRICTED_USERNAMES = "restricted-usernames"

SYNC_TIMESTAMP = "sync-timestamp"
SYNC_HOSTS = "sync-hosts"
SYNC_HOSTS_TMP = "sync-hosts.tmp"
SYNC_RECEIVED_HOSTS = "sync-received"

PURGE_HISTORY = "purge-history"

TIME_SPEC_LOOKUP =  {'s': 1,        # s
                     'm': 60,       # minute
                     'h': 3600,     # hour
                     'd': 86400,    # day
                     'w': 604800,   # week
                     'y': 31536000} # year

SYNC_MIN_INTERVAL = 300 # 5 minutes

你可能感兴趣的:(HostDeny解除封禁IP)