LinuxQuestions.org
Share your knowledge at the LQ Wiki.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 10-21-2010, 09:50 AM   #1
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Rep: Reputation: 38
deny hosts removing an Ip and checking tcpwrappers


On this link
http://www.cyberciti.biz/faq/block-s...ith-denyhosts/
if you search following

Quote:
grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt
the comment says to grep all the IPs and put them to /etc/hosts.deny I want to try what comment is saying but when I do it
I get following error
Quote:
cut: you must specify a list of bytes, characters, or fields
what exactly should I be doing?

Also how do I make sure if I installed denyhosts then it is working.
I installed but can not see the daemon running.
Quote:
ps -el | grep denyhosts
gives no output.

Also when I check tcp wrappers configuration
Quote:
tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.

What is it complaining for?

Last edited by tkmsr; 10-21-2010 at 10:07 AM.
 
Old 10-22-2010, 03:33 AM   #2
sem007
Member
 
Registered: Nov 2006
Distribution: RHEL, CentOS, Debian Lenny, Ubuntu
Posts: 638

Rep: Reputation: 111Reputation: 111
Hi tkmsr,

Quote:
Originally Posted by tkmsr View Post
grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt
Try following command

Code:
grep 'from' /var/log/auth.log|cut -d ' ' –-field 13 | uniq -c | sort -nr > ct-result.txt
Did you start denyhost service ?

Code:
# /etc/init.d/denyhosts start
Regards,
 
1 members found this post helpful.
Old 10-22-2010, 03:56 AM   #3
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 38
[QUOTE=sem007;4135620]Hi tkmsr,



Try following command

Code:
grep 'from' /var/log/auth.log|cut -d ' ' –-field 13 | uniq -c | sort -nr > ct-result.txt
Hi thanks I checked the file /var/log/auth.log field 13 does not have that column as I was expecting.
Quote:
Originally Posted by sem007 View Post
Did you start denyhost service ?
Yes I later found out /var/run/denyhosts.pid
has this entry and if I do a grep on this
Quote:
ps -el | grep `cat /var/run/denyhosts.pid`
5 S 0 24735 1 0 80 0 - 11550 poll_s ? 00:00:00 python
I can see it.
But still how do I check tcp wrappers
 
Old 10-22-2010, 04:12 AM   #4
sem007
Member
 
Registered: Nov 2006
Distribution: RHEL, CentOS, Debian Lenny, Ubuntu
Posts: 638

Rep: Reputation: 111Reputation: 111
Quote:
But still how do I check tcp wrappers
install xinetd package in linux

Code:
$ sudo apt-get install xinetd
then run

Code:
tcpdchk -v
tcp_wrappers use two files

/etc/hosts.allow # for allow allow
/etc/hosts.deny # for deny host

Follow that link once again and let us know if have any question.

Regards,
 
Old 10-22-2010, 06:31 AM   #5
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 38
Quote:
Originally Posted by sem007 View Post
install xinetd package in linux

Code:
$ sudo apt-get install xinetd
then run

Code:
tcpdchk -v
tcp_wrappers use two files

/etc/hosts.allow # for allow allow
/etc/hosts.deny # for deny host
Did the same
Quote:
aptitude install xinetd
Log started: 2010-10-22 16:58:28
Selecting previously deselected package xinetd.^M
(Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30%^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading database ... 100%^M(Reading database ... 165452 files and directories currently installed.)^M
Unpacking xinetd (from .../xinetd_1%3a2.3.14-7ubuntu3_amd64.deb) ...^M
Processing triggers for ureadahead ...^M
ureadahead will be reprofiled on next reboot^M
Processing triggers for man-db ...^M
Setting up xinetd (1:2.3.14-7ubuntu3) ...^M
* Stopping internet superserver xinetd ^[[167G ^M^[[161G[ OK ]^M
* Starting internet superserver xinetd ^[[167G ^M^[[161G[ OK ]^M
got the error again
Code:
tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.
 
Old 10-22-2010, 09:22 AM   #6
sem007
Member
 
Registered: Nov 2006
Distribution: RHEL, CentOS, Debian Lenny, Ubuntu
Posts: 638

Rep: Reputation: 111Reputation: 111
Create inetd.conf file manually and then run command

Code:
# touch /etc/inetd.conf
# tcpdchk -v
Regards,
 
Old 10-22-2010, 09:24 AM   #7
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 38
Ok I did and then
Quote:
tcpdchk -v
Using network configuration file: /etc/inetd.conf
what does this mean?
 
Old 10-23-2010, 02:18 AM   #8
sem007
Member
 
Registered: Nov 2006
Distribution: RHEL, CentOS, Debian Lenny, Ubuntu
Posts: 638

Rep: Reputation: 111Reputation: 111
Read man page it explain it.

Quote:
tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find.
....
-v Display the contents of each access control rule.
Regards,
 
Old 10-25-2010, 06:58 AM   #9
tkmsr
Member
 
Registered: Oct 2006
Distribution: Ubuntu,Open Suse,Debian,Mac OS X
Posts: 798

Original Poster
Rep: Reputation: 38
Ok things are working now I installed denyhosts on 21 Oct on Ubuntu 10.04 server and I can see a pid /var/run/denyhosts.pid running also I see some entries in log files and default values of /etc/denyhosts.conf
at some places I see refused connect while for other places I see infinite number of attempts to login to my server.
Here is a log file if you want to see
http://pastebin.com/RhDPCbPK
and here is /etc/denyhosts.conf
http://pastebin.com/rFvU4Kiv
When denyhosts is running then I hope that invalid attempts to login to server should be refused connect after threshold which is 4 in this case.
Let me know if you have any suggestions.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
can't restrict sshd access through hosts.allow and hosts.deny but was working earlier farhan Linux - Security 4 04-18-2008 07:41 AM
Feisty: hosts.allow hosts.deny not present Thane Ubuntu 1 07-08-2007 01:16 PM
/etc/hosts.deny/hosts.allow have no effect on sshd access bganesh Linux - Security 4 05-04-2006 08:06 PM
hosts.allow & hosts.deny question... jonc Linux - Security 9 03-05-2005 09:41 PM
Adding shell commands to hosts.deny and hosts.allow ridertech Linux - Security 3 12-29-2003 03:52 PM


All times are GMT -5. The time now is 02:32 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration