On this link
http://www.cyberciti.biz/faq/block-ssh-attacks-with-denyhosts/
if you search following
grep 'from' /var/log/auth.log|cut -d ' ' –field=13 | uniq -c | sort -nr > ct-result.txt
the comment says to grep all the IPs and put them to /etc/hosts.deny I want to try what comment is saying but when I do it
I get following error
cut: you must specify a list of bytes, characters, or fields`
what exactly should I be doing?
Also how do I make sure if I installed denyhosts then it is working.
I installed but can not see the daemon running.
ps -el | grep denyhosts
gives no output.
Also when I check tcp wrappers configuration
tcpdchk -v
Cannot find your inetd.conf or tlid.conf file.
Please specify its location.
What is it complaining for?
Best Answer
Try running the command as root (prepend sudo to your command) or someone that has access to the auth.log.
If you don't have inetd installed, the tcpdchk doesn't look like it will work. You don't need inetd if you are running ssh as a daemon. You can check if ssh is using tcpwrappers with:
ldd /usr/sbin/sshd | grep libwrap
and it should show that sshd is being linked with the tcpwrapper library.
Make sure that you start the denyhosts service as root and check the denyhosts log file to see if it is running.
See the denyhosts site for details:
http://denyhosts.sourceforge.net/