LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   Linux - Software (https://www.linuxquestions.org/questions/linux-software-2/)
-   -   deny hosts removing an Ip and checking tcpwrappers (https://www.linuxquestions.org/questions/linux-software-2/deny-hosts-removing-an-ip-and-checking-tcpwrappers-839564/)

tkmsr 10-21-2010 09:50 AM
deny hosts removing an Ip and checking tcpwrappers
 
On this link
http://www.cyberciti.biz/faq/block-s...ith-denyhosts/
if you search following

Quote:
grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt
the comment says to grep all the IPs and put them to /etc/hosts.deny I want to try what comment is saying but when I do it
I get following error
Quote:
cut: you must specify a list of bytes, characters, or fields
what exactly should I be doing?

Also how do I make sure if I installed denyhosts then it is working.
I installed but can not see the daemon running.
Quote:
ps -el | grep denyhosts
gives no output.

Also when I check tcp wrappers configuration
Quote:
tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.
What is it complaining for?

sem007 10-22-2010 03:33 AM
Hi tkmsr,

Quote:
Originally Posted by tkmsr (Post 4134845)
grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt
Try following command

Code:
grep 'from' /var/log/auth.log|cut -d ' ' –-field 13 | uniq -c | sort -nr > ct-result.txt
Did you start denyhost service ?

Code:
# /etc/init.d/denyhosts start
Regards,

tkmsr 10-22-2010 03:56 AM
[QUOTE=sem007;4135620]Hi tkmsr,



Try following command

Code:
grep 'from' /var/log/auth.log|cut -d ' ' –-field 13 | uniq -c | sort -nr > ct-result.txt
Hi thanks I checked the file /var/log/auth.log field 13 does not have that column as I was expecting.
Quote:
Originally Posted by sem007 (Post 4135620)
Did you start denyhost service ?
Yes I later found out /var/run/denyhosts.pid
has this entry and if I do a grep on this
Quote:
ps -el | grep `cat /var/run/denyhosts.pid`
5 S 0 24735 1 0 80 0 - 11550 poll_s ? 00:00:00 python
I can see it.
But still how do I check tcp wrappers

sem007 10-22-2010 04:12 AM
Quote:
But still how do I check tcp wrappers
install xinetd package in linux

Code:
$ sudo apt-get install xinetd
then run

Code:
tcpdchk -v
tcp_wrappers use two files

/etc/hosts.allow # for allow allow
/etc/hosts.deny # for deny host

Follow that link once again and let us know if have any question.

Regards,

tkmsr 10-22-2010 06:31 AM
Quote:
Originally Posted by sem007 (Post 4135649)
install xinetd package in linux

Code:
$ sudo apt-get install xinetd
then run

Code:
tcpdchk -v
tcp_wrappers use two files

/etc/hosts.allow # for allow allow
/etc/hosts.deny # for deny host
Did the same
Quote:
aptitude install xinetd
Log started: 2010-10-22 16:58:28
Selecting previously deselected package xinetd.^M
(Reading database ... ^M(Reading database ... 5%^M(Reading database ... 10%^M(Reading database ... 15%^M(Reading database ... 20%^M(Reading database ... 25%^M(Reading database ... 30%^M(Reading database ... 35%^M(Reading database ... 40%^M(Reading database ... 45%^M(Reading database ... 50%^M(Reading database ... 55%^M(Reading database ... 60%^M(Reading database ... 65%^M(Reading database ... 70%^M(Reading database ... 75%^M(Reading database ... 80%^M(Reading database ... 85%^M(Reading database ... 90%^M(Reading database ... 95%^M(Reading database ... 100%^M(Reading database ... 165452 files and directories currently installed.)^M
Unpacking xinetd (from .../xinetd_1%3a2.3.14-7ubuntu3_amd64.deb) ...^M
Processing triggers for ureadahead ...^M
ureadahead will be reprofiled on next reboot^M
Processing triggers for man-db ...^M
Setting up xinetd (1:2.3.14-7ubuntu3) ...^M
* Stopping internet superserver xinetd ^[[167G ^M^[[161G[ OK ]^M
* Starting internet superserver xinetd ^[[167G ^M^[[161G[ OK ]^M
got the error again
Code:
tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.

sem007 10-22-2010 09:22 AM
Create inetd.conf file manually and then run command

Code:
# touch /etc/inetd.conf
# tcpdchk -v
Regards,

tkmsr 10-22-2010 09:24 AM
Ok I did and then
Quote:
tcpdchk -v
Using network configuration file: /etc/inetd.conf
what does this mean?

sem007 10-23-2010 02:18 AM
Read man page it explain it.

Quote:
tcpdchk examines your tcp wrapper configuration and reports all potential and real problems it can find.
....
-v Display the contents of each access control rule.
Regards,

tkmsr 10-25-2010 06:58 AM
Ok things are working now I installed denyhosts on 21 Oct on Ubuntu 10.04 server and I can see a pid /var/run/denyhosts.pid running also I see some entries in log files and default values of /etc/denyhosts.conf
at some places I see refused connect while for other places I see infinite number of attempts to login to my server.
Here is a log file if you want to see
http://pastebin.com/RhDPCbPK
and here is /etc/denyhosts.conf
http://pastebin.com/rFvU4Kiv
When denyhosts is running then I hope that invalid attempts to login to server should be refused connect after threshold which is 4 in this case.
Let me know if you have any suggestions.


All times are GMT -5. The time now is 10:59 PM.