Cloudflare’s mission is to help build a better Internet and today April 1st, are releasing a new DNS resolver, 1.1.1.1 – a recursive DNS service. This is not an April fool’s joke. Use the following IPv4 addresses for your resolver: 1.1.1.1 and 1.0.0.1. Easy to remember.
https://blog.cloudflare.com/dns-resolver-1-1-1-1/
https://1.1.1.1/
# Monitoring /var/log/auth.log for intrusion
#
# REF: https://unix.stackexchange.com/questions/123029/history-of-ip-addresses-that-accesed-a-server-via-ssh
# REF: https://unix.stackexchange.com/questions/190907/how-to-retrieve-ip-addresses-of-possible-ssh-attackers
# feb 2018
#
# sample /var/log/auth.log
=====
Feb 22 14:06:03 zentyal sshd[28061]: Failed password for root from 115.238.245.4 port 35807 ssh2
Feb 22 14:06:03 zentyal sshd[28061]: Received disconnect from 115.238.245.4: 11: [preauth]
Feb 22 14:06:03 zentyal sshd[28061]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.238.245.4
user=root
Feb 22 14:06:09 zentyal sshd[28068]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=115.23
8.245.4 user=root
Feb 22 14:06:10 zentyal sshd[28068]: Failed password for root from 115.238.245.4 port 32916 ssh2
Feb 22 14:06:13 zentyal sshd[28068]: Failed password for root from 115.238.245.4 port 32916 ssh2
=====
# This will list IPs and the number of times each IP tried …
grep “Failed password for” /var/log/auth.log | grep -Po “[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+” | sort | uniq -c
1 43.229.205.182
1 47.223.140.95
2786 5.188.86.46
1 54.2.63.218
2 59.182.130.89
3 61.6.107.192
7 66.84.25.210
4 78.165.8.203
# this will grep rhost= which lists the hostname/ip of who tried.
# Then use geoiplookup from the geoip-bin package to get the Country.
zgrep sshd /var/log/auth.log* | grep rhost | sed -re ‘s/.*rhost=([^ ]+).*/\1/’ | sort -u
web1.status-telecom.ru
wsip-70-169-35-74.tu.ph.cox.net
wsip-70-182-157-6.br.br.cox.net
www2.daniweb.com
www2.hcchurch.org.tw
xplr-204-237-24-107.xplornet.com
y117067.ppp.asahi-net.or.jp
# another one liner to count all failed atempts and sort them in descending order (hi-lo)
awk ‘/Failed/ {x[$(NF-3)]++} END {for (i in x){printf “%3d %s\n”, x[i], i}}’ /var/log/auth.log | sort -nr
588 119.249.54.217
499 185.143.223.4
459 103.213.115.45
348 209.92.176.114
113 37.72.176.165
80 35.201.226.248
# Also, look at other packages like fail2ban and http://denyhosts.sourceforge.net/
END
Canonical will be releasing Ubuntu 18.04, Bionic Beaver, on 26 April 2018. To celebrate this event Ubuntu-Arizona Local Community Team will conduct a Release Party at the home of Walter and Ingeborg Mack, 5831 W. Kesler St. Chandler, AZ on 21 April from 2-6pm. The AZLOCO/PLUG Installfest for the same day at the University of Advancing Technology will be relocated to that location also starting at 2 pm. instead of the normal 10 am. Internet will be available, installs will still be conducted and problems will be solved while we celebrate the release of Bionic Beaver and enjoy some excellent food, great camaraderie, and some serious (and some not so serious) discussions. More details to follow. Pencil in the event on your calendar now. Everyone interested in Free and Open Source Software is invited. This will be a potluck party so please bring a dish to share. For any questions, please contact releaseparty@componentsw.com
Please RSVP to questions@azloco.com with the dish that you will be bringing and the number of people that will be attending. Thank you
Read more