denyhosts keeps adding back my IP

前端 未结 9 1221
Happy的楠姐
Happy的楠姐 2021-01-30 11:39

I am trying to unblock an IP from which I was doing some tests. I have followed the tutorials on the net:

$ sudo /etc/init.d/denyhosts stop
$ sudo vim /etc/deny.         


        
相关标签:
9条回答
  • 2021-01-30 11:53

    Adding to an old question, but on Debian Wheezy removing the IP entries did not help: within seconds of running "service denyhost start" the IP would be re-added to hosts.deny and all the files in /var/lib/denyhosts/. It turns out that DenyHosts was re-scanning /var/log/auth.log which included the failed login attempts.

    After removing the IP entry from the files listed above, before you restart denyhosts, force auth.log to be archived by running (as root):

    logrotate -vf /etc/logrotate.d/rsyslog
    

    Double-check that /var/log/auth.log is empty, then restart denyhosts.

    0 讨论(0)
  • 2021-01-30 11:55

    Just add the IP that should always have access to the file:

    /etc/hosts.allow
    

    That entry could look like:

    ALL: 30.20.10.0/24
    

    That way, even if it ends up in /etc/hosts.deny as well, the IP will still have access.

    Mind the ALL before the IP, I see you forgot that with your echo statement.

    References:

    • http://its.virginia.edu/unixsys/sec/hosts.html
    • http://linux.die.net/man/5/hosts.allow
    0 讨论(0)
  • 2021-01-30 12:01

    This worked for me on Centos. Follow the 8 steps below and you should be good to go.

    1. Stop DenyHosts

      # services denyhosts stop

    2. Remove the IP address from /etc/hosts.deny

    3. Edit /var/lib/denyhosts/hosts and remove the lines containing the IP address. Save the file.

    4. Edit /var/lib/denyhosts/hosts-restricted and remove the lines containing the IP address. Save the file.

    5. Edit /var/lib/denyhosts/hosts-root and remove the lines containing the IP address. Save the file.

    6. Edit /var/lib/denyhosts/hosts-valid and remove the lines containing the IP address. Save the file.

    7. Edit /var/lib/denyhosts/users-hosts and remove the lines containing the IP address. Save the file.

    (optional) Consider adding the IP address to /var/lib/denyhosts/allowed-hosts

    1. Start DenyHosts

      # services denyhosts start

    0 讨论(0)
  • 2021-01-30 12:01

    You can do this in 4 commands. It automates the earlier answer from @Abdellatif with a python script, so you should thoroughly glance over the source before pasting these 4 lines into the command prompt (replacing IP_ADDRESS with the ip address):

    sudo /etc/init.d/denyhosts stop
    git clone  https://github.com/rsprabery/unblock.git
    sudo python unblock/unblock.py <IP_ADDRESS>
    sudo /etc/init.d/denyhosts start
    

    It should work on all Ubuntu systems. And it's fast. And you don't have to edit any files. But, you are running someone else's script as sudo.

    0 讨论(0)
  • 2021-01-30 12:06

    Nothing worked but Answer by Oleksandr Shmyheliuk

    Used following two commands

    iptables -L -n -v | grep 49.33.135.137
    

    if there is output then use following command

    iptables -D INPUT -s 49.33.135.137 -j DROP 
    
    0 讨论(0)
  • 2021-01-30 12:08

    Ubuntu 18.04

    IP_UNBLOCK='1.2.3.4'
    systemctl stop denyhosts
    sed -i -e "/$IP_UNBLOCK/d" /etc/hosts.deny
    sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts
    sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-restricted
    sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
    sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-valid
    sed -i -e "/$IP_UNBLOCK/d" /var/lib/denyhosts/users-hosts
    sed -i -e "/^$IP_UNBLOCK/d" /var/lib/denyhosts/hosts-root
    sed -i -e "/refused connect from $IP_UNBLOCK/d" /var/log/auth.log
    sed -i -e "/from $IP_UNBLOCK port/d" /var/log/auth.log
    iptables -D INPUT -s "$IP_UNBLOCK" -j DROP
    ufw reload
    systemctl start denyhosts
    

    and run this before you install denyhosts

    echo "All:" $(last -i | grep -v '0.0.0.0' | grep 'root' | head -1 | awk '{print $3}') >> /etc/hosts.allow
    
    0 讨论(0)
提交回复
热议问题