Beta Branch update cminfo command with netstat flag option

update cminfo command with netstat flag option

- update /usr/bin/cminfo with netstat flag i.e. cminfo netstat
- cminfo_updater cronjob will update /usr/bin/cminfo every 4 hours so existing users should get latest cminfo version within their next cronjob updates

Continue reading...

---

123.09beta01 branch

• Branch: https://github.com/centminmod/centminmod/tree/123.09beta01
• Commit History: https://github.com/centminmod/centminmod/commits/123.09beta01

 

You can wait for cminfo updater cronjob to update cminfo command or manually run cminfo update to update cminfo with netstat info support

Code (Text):

/usr/bin/cminfo_updater

example of updated /usr/bin/cminfo netstat output

Code (Text):

cminfo netstat        
------------------------------------------------------------------
 Centmin Mod Netstat Info:
------------------------------------------------------------------

Network Bandwidth In/Out (KB/s):
eth0  In:  0.05  Out:  0.00
eth1  In:  0.00  Out:  0.00
eth2  In:  0.00  Out:  0.00

Network Packets   In/Out (pps):
eth0  In:  1.00  Out:  1.00
eth1  In:  0.00  Out:  0.00
eth2  In:  0.00  Out:  0.00

Total Connections For:
Port 80:   1
Port 443:  1

Unique IP Connections For:
Port 80:   0
Port 443:  0

Established Connections For:
Port 80:   0
Port 443:  0

TIME_WAIT Connections For:
Port 80:   0
Port 443:  0

Top IP Address Connections:
1  127.0.0.1        localhost

 

add more stats in cminfo netstat command

Code (Text):

Top CSF Firewall Denied Country Codes:
87  CN
29  KR
24  US
22  VN
14  FR
12  RU
11  BR
10  IN
9   ID
9   DE

Code (Text):

Top CSF Firewall Denied IPs:
1  96.1.60.161
1  95.30.68.205   95-30-68-205.broadband.corbina.ru
1  94.23.6.21     ns365827.ip-94-23-6.eu
1  94.219.245.52  dslb-094-219-245-052.094.219.pools.vodafone-ip.de
1  94.102.60.132  no-reverse-dns-configured.com
1  93.79.252.44   no-reverse-dns-configured.com
1  93.39.64.156   93-39-64-156.ip74.fastwebnet.it
1  93.33.234.5    93-33-234-5.ip46.fastwebnet.it
1  93.103.208.12  93-103-208-12.dynamic.t-2.net
1  92.63.197.50   93-103-208-12.dynamic.t-2.net

might need to rework top denied ips as each ip only gets banned once so most entries will only have 1 unique ip listed in /etc/csf/csf.deny will need to look at counting based on reverse hostname or ASN instead.

 

preview of more revisions and editions

Code (Text):

Top CSF Firewall Denied Country Codes:
93  CN
30  KR
29  US
25  VN
14  FR
12  RU
11  IN
11  BR
9   ID
9   DE

Top CSF Firewall Denied Country Codes + Reverse Lookups:
79  CN  China        -
27  KR  Republic     of              Korea  -
18  US  United       States          -
15  VN  Vietnam      static.vnpt.vn
9   VN  Vietnam      -
8   IN  India        -
7   NL  Netherlands  -
7   ID  Indonesia    -
6   RU  Russia       -
3   FR  France       -

Code (Text):

Top CSF Firewall Denied Distributed sshd Attacks:
38  CN  China        -
14  VN  Vietnam      static.vnpt.vn
12  KR  Republic     of              Korea  -
11  US  United       States          -
6   ID  Indonesia    -
5   VN  Vietnam      -
5   IN  India        -
3   RU  Russia       -
3   NL  Netherlands  -
2   SG  Singapore    -

Code (Text):

Top CSF Firewall Failed SSH Logins:
41  CN  China        -
15  KR  Republic     of              Korea                            -
7   US  United       States          -
4   VN  Vietnam      -
4   NL  Netherlands  -
3   RU  Russia       -
3   IN  India        -
1   ZA  South        Africa          169-1-195-180.ip.afrihost.co.za
1   ZA  South        Africa          -
1   VN  Vietnam      static.vnpt.vn

Code (Text):

Last 24hrs Top CSF Firewall Denied Country Codes:
4  CN
3  KR
2  DE
1  US
1  TH
1  PA
1  LA
1  ID
1  HK
1  EC

Code (Text):

Last 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:
3  CN  China      -
2  KR  Republic   of                                     Korea                                             -
1  US  United     States                                 ec2-54-67-50-178.us-west-1.compute.amazonaws.com
1  TH  Thailand   mx-ll-27.130.68-169.dynamic.3bb.co.th
1  PA  Panama     237-IPA.134.115.200.in-addr.arpa
1  LA  Laos       -
1  KR  Republic   of                                     Korea                                             intranet.nawoo-enc.com
1  ID  Indonesia  -
1  HK  Hong       Kong                                   -
1  EC  Ecuador    host-181-198-216-253.netlife.ec

Code (Text):

Last 24hrs Top CSF Firewall Denied Distributed sshd Attacks:
3  CN  China      -
1  TH  Thailand   mx-ll-27.130.68-169.dynamic.3bb.co.th
1  PA  Panama     237-IPA.134.115.200.in-addr.arpa
1  LA  Laos       -
1  ID  Indonesia  -
1  EC  Ecuador    host-181-198-216-253.netlife.ec
1  CN  China      90.138.194.113.adsl-pool.jx.chinaunicom.com
1  BR  Brazil     187-032-209-253.static.ctbctelecom.com.br
1  BG  Bulgaria   -

Code (Text):

Last 24hrs Top CSF Firewall Failed SSH Logins:
2  KR  Republic  of              Korea                                             -
1  US  United    States          ec2-54-67-50-178.us-west-1.compute.amazonaws.com
1  KR  Republic  of              Korea                                             intranet.nawoo-enc.com
1  HK  Hong      Kong            -
1  DE  Germany   craz-gaming.de
1  DE  Germany   -

 

Updated to add outbound connection stats + mask your own logged in IP address as just ssh-client-ip

Code (Text):

 cminfo netstat
------------------------------------------------------------------
 Centmin Mod Netstat Info:
------------------------------------------------------------------

Network Bandwidth In/Out (KB/s):
eth0  In:  0.00  Out:  0.00
eth1  In:  0.00  Out:  0.00
eth2  In:  0.00  Out:  0.00

Network Packets   In/Out (pps):
eth0  In:  0.00  Out:  0.00
eth1  In:  0.00  Out:  0.00
eth2  In:  0.00  Out:  0.00

Total Connections For:
Port 80:   1
Port 443:  1

Unique IP Connections For:
Port 80:   0
Port 443:  0

Established Connections For:
Port 80:   0
Port 443:  0

TIME_WAIT Connections For:
Port 80:   0
Port 443:  1

Code (Text):

Top IP Address Connections:
1  ssh-client-ip
1  95.211.80.227  build.nginx.com

Top Outbound Connections:
1  95.211.80.227:443    TIME_WAIT    -
1  ssh-client-ip:61174  ESTABLISHED  22394/sshd:

Code (Text):

Top CSF Firewall Denied Country Codes:
98  CN
31  US
30  KR
25  VN
16  FR
13  RU
11  IN
11  BR
10  DE
9   ID

Top CSF Firewall Denied Country Codes + Reverse Lookups:
83  CN  China        -
27  KR  Republic     of              Korea  -
20  US  United       States          -
15  VN  Vietnam      static.vnpt.vn
9   VN  Vietnam      -
8   IN  India        -
7   RU  Russia       -
7   NL  Netherlands  -
7   ID  Indonesia    -
3   FR  France       -

Code (Text):

Top CSF Firewall Denied Distributed sshd Attacks:
38  CN  China        -
14  VN  Vietnam      static.vnpt.vn
12  US  United       States          -
12  KR  Republic     of              Korea  -
6   ID  Indonesia    -
5   VN  Vietnam      -
5   IN  India        -
4   RU  Russia       -
3   NL  Netherlands  -
2   SG  Singapore    -

Top CSF Firewall Failed SSH Logins:
45  CN  China        -
15  KR  Republic     of      Korea                            -
8   US  United       States  -
4   VN  Vietnam      -
4   NL  Netherlands  -
3   RU  Russia       -
3   IN  India        -
2   HK  Hong         Kong    -
2   DE  Germany      -
1   ZA  South        Africa  169-1-195-180.ip.afrihost.co.za

Code (Text):

Last 24hrs Top CSF Firewall Denied Country Codes:
8  CN
6  US
3  VN
1  SG
1  RU
1  NL
1  KR
1  IT
1  IN
1  IL

Last 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:
8  CN  China        -
6  US  United       States                                             -
3  VN  Vietnam      static.vnpt.vn
1  SG  Singapore    -
1  RU  Russia       -
1  NL  Netherlands  -
1  KR  Republic     of                                                 Korea  -
1  IT  Italy        host1-109-static.3-79-b.business.telecomitalia.it
1  IN  India        -
1  IL  Israel       bzq-109-64-134-114.red.bezeqint.net

Code (Text):

Last 24hrs Top CSF Firewall Denied Distributed sshd Attacks:
3  VN  Vietnam    static.vnpt.vn
2  US  United     States                                             -
2  CN  China      -
1  SG  Singapore  -
1  RU  Russia     -
1  IT  Italy      host1-109-static.3-79-b.business.telecomitalia.it
1  HK  Hong       Kong                                               v161.38cloud.com

Last 24hrs Top CSF Firewall Failed SSH Logins:
6  CN  China        -
4  US  United       States                               -
1  NL  Netherlands  -
1  KR  Republic     of                                   Korea  -
1  IN  India        -
1  IL  Israel       bzq-109-64-134-114.red.bezeqint.net
1  CA  Canada       web01.niagara-news.com

 

more stats to come in cminfo netstat output

added top csf firewall distributed sshd attack target usernames that attackers are trying to use to connect to sshd

Code (Text):

Top CSF Firewall Denied Distributed sshd Attacks:
1642  CN  China     -
923   VN  Vietnam   static.vnpt.vn
511   VN  Vietnam   -
353   KR  Korea,    Republic        of  -
223   US  United    States          -
165   BR  Brazil    -
153   IN  India     -
147   VN  Vietnam   localhost
124   TH  Thailand  -
117   RU  Russian   Federation      -

Top CSF Firewall Denied Distributed sshd Attacks Target Usernames:
6538  admin
1773  root
1457  pi
768   test
124   oracle
110   user
92    www
82    ubuntu
62    mail
43    ftpuser