What are the steps to install, for use with hosts.allow?

  1. Run the installer:
    Extract source, and run
      python setup.py install
    OR use rpm command (change n.n.n to version used):
      rpm -iv BlockHosts-n.n.n-1.noarch.rpm
  2. Edit /etc/blockhosts.cfg to configure BlockHosts as required at the site
  3. Edit /etc/hosts.allow, this is the hosts block file used to store the watched and blocked hosts.
    Add following sections, in this order:
    -- your permanent whitelist and blacklist of IP addresses (this is for hosts.allow white/blacklisting)
    -- blockhosts marker lines - two lines
    -- execute command to kick off blockhosts.py on connects to services
    Here's an example hosts.allow:
    #
    # hosts.allow	This file describes the names of the hosts which are
    #		allowed to use the local INET services, as decided
    #		by the '/usr/sbin/tcpd' server.
    #
    # ----
    # see "man 5 hosts_access" for details of the format of IP addresses,
    #services, allow/deny options. Also see "man hosts_options"
    #
    # permanent whitelist addresses - this should always be allowed access
    
    ALL: 127.0.0.1 : allow
    
    # permanent blacklist addresses - this should always be denied access
    # ALL: 10. : deny
    # ----------------------------------------
    # next section is the blockhosts section - it will add/delete entries in
    # between the two marker lines (#---- BlockHosts Additions)
    
    #---- BlockHosts Additions
    #---- BlockHosts Additions
    
    # ----------------------------------------
    # finally, the command to execute the blockhosts script, based on
    # connection to particular service or services:
    
    sshd, proftpd, vsftpd: ALL: spawn /usr/bin/blockhosts.py --verbose \
         --mail --ipblock=iptables \
         --whitelist="10\..*,127.0.0.1" --blacklist="192.168.1.1,192.168.1.2" \
         --echo "%c-%s" & \
    : allow
    
    # add    --verbose >> /var/log/blockhosts.log 2>&1 
    #    instead of just the "&" above if extra logging is needed, to the /var/log/blockhosts.log file
    # leave out whitelist/blacklist/mail/ipblock options if not needed - see 
    #           blockhosts.py --help        for more information.
    # -------------------------------------------------------------------------
    
  4. For the first run, execute the program manually. As root user, run:
      blockhosts.py --dry-run --verbose
    (--dry-run just shows what will be added to the list of blocked and watched hosts).

    The first run will scan through the entire system logs, so it will add a number of hosts to the block list. Most or all of these hosts will be removed after the AGE_THRESHOLD configuration value (12 hours by default) has elapsed.

    Assuming everything looks fine, run the command without --dry-run:
      blockhosts.py --verbose

  5. This completes the installation. Now wait, and watch hosts being added and removed from the list, as BlockHosts goes about its business.