Installing Denyhosts on CentOS

At first download an rpm


rpm -i denyhosts-2.5-1.el4.kb.noarch.rpm

chkconfig denyhosts on

modify /etc/denyhosts.conf as per your requirements

and then

service denyhosts start

This is it you’re done however its not always that easy some time you can get an error like

root@fastnu [~]# service denyhosts start
starting DenyHosts: /usr/bin/python /usr/bin/ –daemon –config=/etc/denyhosts.conf
Traceback (most recent call last):
File “/usr/bin/”, line 5, in ?
import DenyHosts.python_version
ImportError: No module named DenyHosts.python_version

Eewww there is a patch of it available at


What you need to do is to change /usr/bin/denyhosts and make it

#!/usr/bin/env python2.4

then service denyhosts start
However if this still doesnt work then you might have multiple version of python installed
over your machine “Thats what happened with me :p”

Go into cd /usr/lib/
root@fastnu [/usr/lib]# ls -la | grep python
lrwxrwxrwx 1 root root 19 Mar 18 10:11 ->*
-r-xr-xr-x 1 root root 1136208 Mar 14 2007*
drwxr-xr-x 3 root root 4096 May 9 09:37 python2.3/
drwxr-xr-x 22 root root 20480 Mar 18 06:30 python2.4/
root@fastnu [/usr/lib]#

I see python2.3 and python2.4 and when and in python2.3 site-packages directory i can see
Denyhosts package so what i did was to move it from python2.3/site-packages/Denyhosts to

and did service denyhosts start

starting DenyHosts: /usr/bin/python2.4 /usr/bin/ –daemon –config=/etc/denyhosts.conf

This is it 🙂 all good !


~ by Azeem on May 9, 2008.

14 Responses to “Installing Denyhosts on CentOS”

  1. Thanks for the last part. The one thing I was missing was to move DenyHosts to my python2.5/site-packages directory.

  2. Same here, thank you so much for sharing 🙂

  3. thnx buat tutor nya mas 🙂

  4. Hi!
    do you use any particular customization on denyhosts.cfg file ?

  5. kudos, nice tutorial, was struggling with this.

  6. cool thanks
    just on question will that run automaticly when the server restarts

    thanks again

  7. if you want it to run automatically and your on CENTOS / FC / RedHat / then just run the ntsysv command and select it from the list put an asterisk in it and tab to okay, if your running another kernal, then google linux programs to run on startup and that should get you pointed in the right direction

  8. Also I set my file to use the global list as it will grab the top known attacking IP addresses, and will submit ones to the list that attack you. If more people ran this “that way” then i think there would be alot of people abandoning using ssh attacks, i set mine to block ALL services not just SSH, this way if someone i know can’t see my webserver, then I know to check my logs 😉

  9. Thank you, great tutorial

  10. Thank you, it was my case too and you did help me a lot!

  11. Wow — that definitely helped. I was stumped for a bit. I did use tab to find out there were multiple versions of Python installed on this RHEL4 machine I’m working on. Only to find out that DenyHosts was installed in the Python2.4 when it should have been in 2.5 — once I moved it as per your suggestion I got this:

    root@auto-parts [~]# service denyhosts start
    starting DenyHosts: /usr/local/bin/python2.4 /usr/bin/ –daemon –config=/usr/share/denyhosts/denyhosts.cfg
    root@auto-parts [~]# service denyhosts status
    DenyHosts is running with pid = 1725
    root@auto-parts [~]# ps aux –forest | grep denyhosts
    root 1736 0.0 0.0 4672 624 pts/0 S+ 20:41 0:00 \_ grep denyhosts
    root 1725 0.0 0.1 10416 2880 ? S 20:40 0:00 /usr/local/bin/python2.4 /usr/bin/ –daemon –config=/usr/share/denyhosts/denyhosts.cfg
    root@auto-parts [~]#

    Worked like a charm! Thanks!

  12. Actually, you don’t need to update the file. Just move the DenyHost directory from /usr/lib/python2.3 to /usr/lib/python2.4 and it will work.

  13. Rather than modify the daemon start script, solve the underlying problem which is that when DenyHosts was installed it went into site-packages for your previous Python version. You can simply create a couple symlinks to solve this problem and avoid modifying the distro code at all. See for my blog entry on this. Although this happened on a cygwin install on Server 2008, the same fix works for any Linux distro. Cheers!

  14. symlink is really the way to go, but nice find OP!

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

%d bloggers like this: