0

On this link http://www.cyberciti.biz/faq/block-ssh-attacks-with-denyhosts/ if you search following

grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt

the comment says to grep all the IPs and put them to /etc/hosts.deny I want to try what comment is saying but when I do it I get following error cut: you must specify a list of bytes, characters, or fields`

what exactly should I be doing?

Also how do I make sure if I installed denyhosts then it is working. I installed but can not see the daemon running. ps -el | grep denyhosts gives no output.

Also when I check tcp wrappers configuration 

tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.

What is it complaining for?

Bond
  • 781
  • 4
  • 12
  • 22

1 Answers1

1

Try running the command as root (prepend sudo to your command) or someone that has access to the auth.log.

If you don't have inetd installed, the tcpdchk doesn't look like it will work. You don't need inetd if you are running ssh as a daemon. You can check if ssh is using tcpwrappers with:

ldd /usr/sbin/sshd | grep libwrap

and it should show that sshd is being linked with the tcpwrapper library.

Make sure that you start the denyhosts service as root and check the denyhosts log file to see if it is running.

See the denyhosts site for details:

http://denyhosts.sourceforge.net/

dmah
  • 516
  • 3
  • 5
  • Thanks for your response I saw denyhosts running its log is full and similar things.So to me it seems that the thing is working,you mentioned about tcpwrappers I am running ssh as a daemon and do not have /usr/bin/sshd so I did ldd /usr/sbin/ssh | grep libwrap but there was no output – Bond Oct 23 '10 at 12:31
  • Try ldd /usr/sbin/sshd | grep libwrap make sure that you have the 'd' on the end. ssh would be the client and wouldn't be compiled with libwrap. – dmah Oct 25 '10 at 14:53