HomeFrequently Asked QuestionsBlockHosts

What are the steps to install, for use with hosts.allow?

Sun, 2007–Apr–08
  1. Run the installer:
    Extract source, and run
      python setup.py install
    OR use rpm command (change n.n.n to version used):
      rpm -iv BlockHosts-n.n.n-1.noarch.rpm
  2. Edit /etc/blockhosts.cfg to configure BlockHosts as required at the site
  3. Edit /etc/hosts.allow, this is the hosts block file used to store the watched and blocked hosts.
    Add following sections, in this order:
    -- your permanent whitelist and blacklist of IP addresses (this is for hosts.allow white/blacklisting)
    -- blockhosts marker lines - two lines
    -- execute command to kick off blockhosts.py on connects to services
    Here's an example hosts.allow: 
    #
# hosts.allow	This file describes the names of the hosts which are
#		allowed to use the local INET services, as decided
#		by the '/usr/sbin/tcpd' server.
#
# ----
# see "man 5 hosts_access" for details of the format of IP addresses,
#services, allow/deny options. Also see "man hosts_options"
#
# permanent whitelist addresses - this should always be allowed access

ALL: 127.0.0.1 : allow

# permanent blacklist addresses - this should always be denied access
# ALL: 10. : deny
# ----------------------------------------
# next section is the blockhosts section - it will add/delete entries in
# between the two marker lines (#---- BlockHosts Additions)

#---- BlockHosts Additions
#---- BlockHosts Additions

# ----------------------------------------
# finally, the command to execute the blockhosts script, based on
# connection to particular service or services:

sshd, proftpd, vsftpd: ALL: spawn /usr/bin/blockhosts.py --verbose \
     --mail --ipblock=iptables \
     --whitelist="10\..*,127.0.0.1" --blacklist="192.168.1.1,192.168.1.2" \
     --echo "%c-%s" & \
: allow

# add    --verbose >> /var/log/blockhosts.log 2>&1 
#    instead of just the "&" above if extra logging is needed, to the /var/log/blockhosts.log file
# leave out whitelist/blacklist/mail/ipblock options if not needed - see 
#           blockhosts.py --help        for more information.
# -------------------------------------------------------------------------
  4. For the first run, execute the program manually. As root user, run:
      blockhosts.py --dry-run --verbose
    (--dry-run just shows what will be added to the list of blocked and watched hosts).

    The first run will scan through the entire system logs, so it will add a number of hosts to the block list. Most or all of these hosts will be removed after the AGE_THRESHOLD configuration value (12 hours by default) has elapsed.

    Assuming everything looks fine, run the command without --dry-run:
      blockhosts.py --verbose

    5. This completes the installation. Now wait, and watch hosts being added and removed from the list, as BlockHosts goes about its business.