LIMIT SSH ACCESS BY COUNTRY

-





This is useful when being attack of constant login brute-force attempts mainly from countries like China and Russia.


Install GeoLite2 Country Database

    $ sudo apt-get install geoip-bin



Make sure that geoiplookup is working before implementing the script below.

    $ geoiplookup 8.8.8.8



Create bash script that will filter ssh access by country.

    $ sudo nano /usr/local/bin/sshfilter.sh


    #!/bin/bash

    # UPPERCASE space-separated country codes to ACCEPT
    ALLOW_COUNTRIES="PH"

    if [ $# -ne 1 ]; then
      echo "Usage:  `basename $0` <ip>" 1>&2
      exit 0 # return true in case of config issue
    fi

    COUNTRY=`geoiplookup $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`

    [[ $COUNTRY = "IP Address not found" || $ALLOW_COUNTRIES =~ $COUNTRY ]] && RESPONSE="ALLOW" || RESPONSE="DENY"

    if [ $RESPONSE = "ALLOW" ]
    then
      exit 0
    else
      logger "$RESPONSE sshd connection from $1 ($COUNTRY)"
      exit 1
    fi



Make the script executable:

    $ sudo chmod +x /usr/local/bin/sshfilter.sh


Now apply SSH restrictions using TCP wrappers.

    $ sudo nano /etc/hosts.allow

        sshd: ALL: aclexec /usr/local/bin/sshfilter.sh %a


    $ sudo nano /etc/hosts.deny

        sshd: ALL

Restart ssh service to take effect

     $ sudo service ssh restart 

Check log to see countries being blocked

    $ sudo tail -f /var/log/syslog




Comments

Post a Comment

Popular posts from this blog

CakePHP 4: Firebase Cloud Messaging Component in CakePHP for Push Notification

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b <?php namespace   App\Controller\Component ; use  Cake\Controller\ Component ; use  Cake\Http\ Client ; class   FirebaseComponent   extends   Component {         public   function   headers () {         $header  =    [ 'headers'   =>    [                                          'Accept'   =>   'application/json' ,                                          'Content-Type'   =>   'application/json' ,                                          'Authorization'   =>   'key=AAAAeh0kVhs4ums9A0SYyO2xbCgXvT_jfUUi-0jXs0GfMpZ5DZPqKylqht-TPXGPiqFVj81hBPLL_st9NkjspAarhbfufFHBQN_7'                                     ]                     ];          return  $header;     }      public   function   sendSingleNotification ()  //FCM     {         $fcToken  =   'e_tHOI1XT3udZvMYS
Read more

CakePHP 4 : Using Component inside Command ( Shell )

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b src>Command>AppCommand.php <?php namespace   App\Command ; use  Cake\Console\ Arguments ; use  Cake\Console\ Command ; use  Cake\Console\ ConsoleIo ; use  Cake\Console\ ConsoleOptionParser ; use  Cake\Http\ Client ; use  Cake\Log\ Log ; //need this two line use  Cake\Controller\ ComponentRegistry ; use  App\Controller\Component\ FirebaseComponent ; class   AppCommand   extends   Command {      protected   function   buildOptionParser ( ConsoleOptionParser  $parser) :   ConsoleOptionParser     {         $parser -> addArgument ( 'command' , [ 'help'   =>   'What your parameter?' ]);         $parser -> addArgument ( 'params' , [ 'help'   =>   'What your parameter?' ]);          return  $parser;     }      public   function   execute ( Arguments  $args,  ConsoleIo  $io
Read more

CakePHP: COUNT data and GROUP BY date

-
Image
Easily deploy an SSD cloud server on @DigitalOcean in 55 seconds. Sign up using this link and receive $100 in cloud credits: https://m.do.co/t/335732d1df0b Goal: Count Tip Offs created per day for a month to use for graph Problem: created field name is in datetime format: Y-m-d H:i:s Solution: format SQL Query date: DATE_FORMAT(TipOff.created, '%Y-%m-%d') Inside the function of controller <?php $ tipOffsMonthly = $ this -> TipOff -> find( ' all ' , array ( ' conditions ' => array ( ' AND ' => array ( ' TipOff.electric_cooperatives_id ' => AuthComponent :: User ( ' electric_cooperatives_id ' ) , ' TipOff.created BETWEEN ? AND ? ' => array ( $ first_day , $ last_day ) ) ) ,
Read more