Learn about Centmin Mod LEMP Stack today
Register Now

Beta Branch update cminfo command with netstat flag option

Discussion in 'Centmin Mod Github Commits' started by eva2000, Apr 8, 2018.

  1. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    update cminfo command with netstat flag option

    - update /usr/bin/cminfo with netstat flag i.e. cminfo netstat
    - cminfo_updater cronjob will update /usr/bin/cminfo every 4 hours so existing users should get latest cminfo version within their next cronjob updates

    Continue reading...


    123.09beta01 branch
     
  2. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    You can wait for cminfo updater cronjob to update cminfo command or manually run cminfo update to update cminfo with netstat info support
    Code (Text):
    /usr/bin/cminfo_updater
    

    example of updated /usr/bin/cminfo netstat output
    Code (Text):
    cminfo netstat        
    ------------------------------------------------------------------
     Centmin Mod Netstat Info:
    ------------------------------------------------------------------
    
    Network Bandwidth In/Out (KB/s):
    eth0  In:  0.05  Out:  0.00
    eth1  In:  0.00  Out:  0.00
    eth2  In:  0.00  Out:  0.00
    
    Network Packets   In/Out (pps):
    eth0  In:  1.00  Out:  1.00
    eth1  In:  0.00  Out:  0.00
    eth2  In:  0.00  Out:  0.00
    
    Total Connections For:
    Port 80:   1
    Port 443:  1
    
    Unique IP Connections For:
    Port 80:   0
    Port 443:  0
    
    Established Connections For:
    Port 80:   0
    Port 443:  0
    
    TIME_WAIT Connections For:
    Port 80:   0
    Port 443:  0
    
    Top IP Address Connections:
    1  127.0.0.1        localhost
    
     
  3. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    add more stats in cminfo netstat command
    Code (Text):
    Top CSF Firewall Denied Country Codes:
    87  CN
    29  KR
    24  US
    22  VN
    14  FR
    12  RU
    11  BR
    10  IN
    9   ID
    9   DE

    Code (Text):
    Top CSF Firewall Denied IPs:
    1  96.1.60.161
    1  95.30.68.205   95-30-68-205.broadband.corbina.ru
    1  94.23.6.21     ns365827.ip-94-23-6.eu
    1  94.219.245.52  dslb-094-219-245-052.094.219.pools.vodafone-ip.de
    1  94.102.60.132  no-reverse-dns-configured.com
    1  93.79.252.44   no-reverse-dns-configured.com
    1  93.39.64.156   93-39-64-156.ip74.fastwebnet.it
    1  93.33.234.5    93-33-234-5.ip46.fastwebnet.it
    1  93.103.208.12  93-103-208-12.dynamic.t-2.net
    1  92.63.197.50   93-103-208-12.dynamic.t-2.net

    might need to rework top denied ips as each ip only gets banned once so most entries will only have 1 unique ip listed in /etc/csf/csf.deny will need to look at counting based on reverse hostname or ASN instead.
     
  4. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    preview of more revisions and editions :)

    Code (Text):
    Top CSF Firewall Denied Country Codes:
    93  CN
    30  KR
    29  US
    25  VN
    14  FR
    12  RU
    11  IN
    11  BR
    9   ID
    9   DE
    
    Top CSF Firewall Denied Country Codes + Reverse Lookups:
    79  CN  China        -
    27  KR  Republic     of              Korea  -
    18  US  United       States          -
    15  VN  Vietnam      static.vnpt.vn
    9   VN  Vietnam      -
    8   IN  India        -
    7   NL  Netherlands  -
    7   ID  Indonesia    -
    6   RU  Russia       -
    3   FR  France       -
    

    Code (Text):
    Top CSF Firewall Denied Distributed sshd Attacks:
    38  CN  China        -
    14  VN  Vietnam      static.vnpt.vn
    12  KR  Republic     of              Korea  -
    11  US  United       States          -
    6   ID  Indonesia    -
    5   VN  Vietnam      -
    5   IN  India        -
    3   RU  Russia       -
    3   NL  Netherlands  -
    2   SG  Singapore    -
    

    Code (Text):
    Top CSF Firewall Failed SSH Logins:
    41  CN  China        -
    15  KR  Republic     of              Korea                            -
    7   US  United       States          -
    4   VN  Vietnam      -
    4   NL  Netherlands  -
    3   RU  Russia       -
    3   IN  India        -
    1   ZA  South        Africa          169-1-195-180.ip.afrihost.co.za
    1   ZA  South        Africa          -
    1   VN  Vietnam      static.vnpt.vn
    

    Code (Text):
    Last 24hrs Top CSF Firewall Denied Country Codes:
    4  CN
    3  KR
    2  DE
    1  US
    1  TH
    1  PA
    1  LA
    1  ID
    1  HK
    1  EC
    

    Code (Text):
    Last 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:
    3  CN  China      -
    2  KR  Republic   of                                     Korea                                             -
    1  US  United     States                                 ec2-54-67-50-178.us-west-1.compute.amazonaws.com
    1  TH  Thailand   mx-ll-27.130.68-169.dynamic.3bb.co.th
    1  PA  Panama     237-IPA.134.115.200.in-addr.arpa
    1  LA  Laos       -
    1  KR  Republic   of                                     Korea                                             intranet.nawoo-enc.com
    1  ID  Indonesia  -
    1  HK  Hong       Kong                                   -
    1  EC  Ecuador    host-181-198-216-253.netlife.ec
    

    Code (Text):
    Last 24hrs Top CSF Firewall Denied Distributed sshd Attacks:
    3  CN  China      -
    1  TH  Thailand   mx-ll-27.130.68-169.dynamic.3bb.co.th
    1  PA  Panama     237-IPA.134.115.200.in-addr.arpa
    1  LA  Laos       -
    1  ID  Indonesia  -
    1  EC  Ecuador    host-181-198-216-253.netlife.ec
    1  CN  China      90.138.194.113.adsl-pool.jx.chinaunicom.com
    1  BR  Brazil     187-032-209-253.static.ctbctelecom.com.br
    1  BG  Bulgaria   -
    

    Code (Text):
    Last 24hrs Top CSF Firewall Failed SSH Logins:
    2  KR  Republic  of              Korea                                             -
    1  US  United    States          ec2-54-67-50-178.us-west-1.compute.amazonaws.com
    1  KR  Republic  of              Korea                                             intranet.nawoo-enc.com
    1  HK  Hong      Kong            -
    1  DE  Germany   craz-gaming.de
    1  DE  Germany   -
     
  5. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    Updated to add outbound connection stats + mask your own logged in IP address as just ssh-client-ip
    Code (Text):
     cminfo netstat
    ------------------------------------------------------------------
     Centmin Mod Netstat Info:
    ------------------------------------------------------------------
    
    Network Bandwidth In/Out (KB/s):
    eth0  In:  0.00  Out:  0.00
    eth1  In:  0.00  Out:  0.00
    eth2  In:  0.00  Out:  0.00
    
    Network Packets   In/Out (pps):
    eth0  In:  0.00  Out:  0.00
    eth1  In:  0.00  Out:  0.00
    eth2  In:  0.00  Out:  0.00
    
    Total Connections For:
    Port 80:   1
    Port 443:  1
    
    Unique IP Connections For:
    Port 80:   0
    Port 443:  0
    
    Established Connections For:
    Port 80:   0
    Port 443:  0
    
    TIME_WAIT Connections For:
    Port 80:   0
    Port 443:  1
    

    Code (Text):
    Top IP Address Connections:
    1  ssh-client-ip
    1  95.211.80.227  build.nginx.com
    
    Top Outbound Connections:
    1  95.211.80.227:443    TIME_WAIT    -
    1  ssh-client-ip:61174  ESTABLISHED  22394/sshd:
    

    Code (Text):
    Top CSF Firewall Denied Country Codes:
    98  CN
    31  US
    30  KR
    25  VN
    16  FR
    13  RU
    11  IN
    11  BR
    10  DE
    9   ID
    
    Top CSF Firewall Denied Country Codes + Reverse Lookups:
    83  CN  China        -
    27  KR  Republic     of              Korea  -
    20  US  United       States          -
    15  VN  Vietnam      static.vnpt.vn
    9   VN  Vietnam      -
    8   IN  India        -
    7   RU  Russia       -
    7   NL  Netherlands  -
    7   ID  Indonesia    -
    3   FR  France       -
    

    Code (Text):
    Top CSF Firewall Denied Distributed sshd Attacks:
    38  CN  China        -
    14  VN  Vietnam      static.vnpt.vn
    12  US  United       States          -
    12  KR  Republic     of              Korea  -
    6   ID  Indonesia    -
    5   VN  Vietnam      -
    5   IN  India        -
    4   RU  Russia       -
    3   NL  Netherlands  -
    2   SG  Singapore    -
    
    Top CSF Firewall Failed SSH Logins:
    45  CN  China        -
    15  KR  Republic     of      Korea                            -
    8   US  United       States  -
    4   VN  Vietnam      -
    4   NL  Netherlands  -
    3   RU  Russia       -
    3   IN  India        -
    2   HK  Hong         Kong    -
    2   DE  Germany      -
    1   ZA  South        Africa  169-1-195-180.ip.afrihost.co.za
    

    Code (Text):
    Last 24hrs Top CSF Firewall Denied Country Codes:
    8  CN
    6  US
    3  VN
    1  SG
    1  RU
    1  NL
    1  KR
    1  IT
    1  IN
    1  IL
    
    Last 24hrs Top CSF Firewall Denied Country Codes + Reverse Lookups:
    8  CN  China        -
    6  US  United       States                                             -
    3  VN  Vietnam      static.vnpt.vn
    1  SG  Singapore    -
    1  RU  Russia       -
    1  NL  Netherlands  -
    1  KR  Republic     of                                                 Korea  -
    1  IT  Italy        host1-109-static.3-79-b.business.telecomitalia.it
    1  IN  India        -
    1  IL  Israel       bzq-109-64-134-114.red.bezeqint.net
    

    Code (Text):
    Last 24hrs Top CSF Firewall Denied Distributed sshd Attacks:
    3  VN  Vietnam    static.vnpt.vn
    2  US  United     States                                             -
    2  CN  China      -
    1  SG  Singapore  -
    1  RU  Russia     -
    1  IT  Italy      host1-109-static.3-79-b.business.telecomitalia.it
    1  HK  Hong       Kong                                               v161.38cloud.com
    
    Last 24hrs Top CSF Firewall Failed SSH Logins:
    6  CN  China        -
    4  US  United       States                               -
    1  NL  Netherlands  -
    1  KR  Republic     of                                   Korea  -
    1  IN  India        -
    1  IL  Israel       bzq-109-64-134-114.red.bezeqint.net
    1  CA  Canada       web01.niagara-news.com
    
     
  6. eva2000

    eva2000 Administrator Staff Member

    50,852
    11,782
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +18,234
    Local Time:
    5:19 AM
    Nginx 1.25.x
    MariaDB 10.x
    more stats to come in cminfo netstat output

    added top csf firewall distributed sshd attack target usernames that attackers are trying to use to connect to sshd
    Code (Text):
    Top CSF Firewall Denied Distributed sshd Attacks:
    1642  CN  China     -
    923   VN  Vietnam   static.vnpt.vn
    511   VN  Vietnam   -
    353   KR  Korea,    Republic        of  -
    223   US  United    States          -
    165   BR  Brazil    -
    153   IN  India     -
    147   VN  Vietnam   localhost
    124   TH  Thailand  -
    117   RU  Russian   Federation      -
    
    Top CSF Firewall Denied Distributed sshd Attacks Target Usernames:
    6538  admin
    1773  root
    1457  pi
    768   test
    124   oracle
    110   user
    92    www
    82    ubuntu
    62    mail
    43    ftpuser