Thursday, March 23, 2017

How To Find The Geolocation Of An IP Address From Commandline

https://www.ostechnix.com/find-geolocation-ip-address-commandline

Find The Geolocation Of An IP Address From Commandline
A while ago, we wrote an article that described how to find out your geolocation from commandline using whereami utility. Today, we will see how to find the geolocation of an IP address. Of course, you can see this details from a web browser. But, it is lot easier to find it from commandline. geoiplookup is a command line utility that can be used to find the Country that an IP address or hostname originates from. It uses the GeoIP library and database to collect the details of an IP address.
This brief guide describes how to install and use geoiplookup utility to find the location of an IP address in Unix-like operating systems.

Find The Geolocation Of An IP Address Using Geoiplookup From Commandline

Install Geoiplookup

Geoiplookup is available in the default repositories of most Linux operating systems.
To install it on Arch Linux and its derivatives, run:
sudo pacman -S geoip
On Debian, Ubuntu, Linux Mint:
sudo apt-get install geoip-bin
On RHEL, CentOS, Fedora, Scientific Linux:
sudo yum install geoip
On SUSE/openSUSE:
sudo zypper install geoip

Usage

Once installed, you can find out any IP address’s geolocation like below.
geoiplookup 80.60.233.195
The above command will find and display the Country that 80.60.233.195 originates from, in the following format:
GeoIP Country Edition: NL, Netherlands

Download and update Geoip databases

Generally, the default location of Geoip databases is /usr/share/GeoIP/. The databases might be bit outdated. You can download the latest databases that contains the updated geolocation details, from Maxmind. It is the website that offers the geolocation of an IP address.
Go to geoip default database folder:
cd /usr/share/GeoIP/
Download the latest databases:
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
Now, run the geoiplookup command to find most up-to-date geolocation details of an IP address.
geoiplookup 216.58.197.78
Sample output:
GeoIP Country Edition: US, United States
As you see in the above output, it displays only the country location. Geoiplookup can even display more details such as the state, city, zip code, latitude and longitude etc. To do so, you need to download the city databases from Maxmind like below. Make sure you’re downloading it in /user/share/GeoIP/ location.
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz
Now, run the below command to get more details of an IP address’s geolocation.
geoiplookup -f /usr/share/GeoIP/GeoLiteCity.dat 216.58.197.78
Sample output would be:
GeoIP City Edition, Rev 1: US, CA, California, Mountain View, 94043, 37.419201, -122.057404, 807, 650
If you have saved the database files in a custom location other than the default location, you can use ‘-d’ parameter to specify the path. Say for example, if you have saved the database files in /home/sk/geoip/, the command to find the geolocation of an IP address would be:
geoiplookup -d /home/sk/geoip/ 216.58.197.78
For more details, see man pages.
man geoiplookup
Hope this helps. if you find this guide useful, please share it on your social networks and support us.
Cheers!

rtop – A Nifty Tool to Monitor Remote Server Over SSH

http://www.2daygeek.com/2017/03/rtop-monitor-remote-linux-server-over-ssh


rtop is a simple, agent-less, remote server monitoring tool that works over SSH. It doesn’t required any other software to be installed on remote machine, except openSSH server package & remote server credentials.
rtop is written in golang, and requires Go version 1.2 or higher. It can able to monitor any modern Linux distributions. rtop can connect remote system with all possible way like using ssh-agent, private keys or password authentication. Choose the desired one and monitor it.
It works by establishing an SSH session, and running commands on the remote server to collect system metrics such as CPU, disk, memory, network. It keeps refreshing the information every few seconds, like top command utility.

How to Install rtop in Linux

Run go get command to build it. The rtop binary automatically saved under $GOPATH/bin and no run time dependencies or configuration needed.
$ go get github.com/rapidloop/rtop
The rtop binary automatically saved under $GOPATH/bin
$ $GOBIN/
hello rtop
or
$ ls -lh /home/magi/go_proj/bin
total 5.9M
-rwxr-xr-x 1 magi magi 1.5M Mar  7 14:45 hello
-rwxr-xr-x 1 magi magi 4.4M Mar 21 13:33 rtop

How to Use rtop

rtop binary was present in $GOPATH/bin, so just run $GOBIN/rtop to get the usage information.
$ $GOBIN/rtop
rtop 1.0 - (c) 2015 RapidLoop - MIT Licensed - http://rtop-monitor.org
rtop monitors server statistics over an ssh connection

Usage: rtop [-i private-key-file] [user@]host[:port] [interval]

    -i private-key-file
        PEM-encoded private key file to use (default: ~/.ssh/id_rsa if present)
    [user@]host[:port]
        the SSH server to connect to, with optional username and port
    interval
        refresh interval in seconds (default: 5)
Just add remote host information followed by rtop command to monitor. Default refresh interval in seconds (default: 5)
$ $GOBIN/rtop   magi@10.30.0.1
magi@10.30.0.1's password: 

2daygeek.vps up 21d 16h 59m 46s

Load:
    0.13 0.03 0.01

CPU:
    0.00% user, 0.00% sys, 0.00% nice, 0.00% idle, 0.00% iowait, 0.00% hardirq, 0.00% softirq, 0.00% guest

Processes:
    1 running of 29 total

Memory:
    free    = 927.66 MiB
    used    =  55.77 MiB
    buffers = 0 bytes
    cached  =  40.57 MiB
    swap    = 128.00 MiB free of 128.00 MiB

Filesystems:
           /:   9.40 GiB free of  10.20 GiB

Network Interfaces:
    lo - 127.0.0.1/8, ::1/128
      rx =  14.18 MiB, tx =  14.18 MiB

    venet0 - 10.30.0.1/24, 2607:5300:100:200::81a/56
      rx =  98.76 MiB, tx = 129.90 MiB
Add the refresh interval manually for better monitoring. I have added 10 seconds refresh interval instead of default one (default: 5).
$ $GOBIN/rtop magi@10.30.0.1 10
magi@10.30.0.1's password:

2daygeek.vps up 21d 17h 7m 1s

Load:
    0.00 0.00 0.00

CPU:
    0.00% user, 0.00% sys, 0.00% nice, 0.00% idle, 0.00% iowait, 0.00% hardirq, 0.00% softirq, 0.00% guest

Processes:
    1 running of 28 total

Memory:
    free    = 926.83 MiB
    used    =  56.51 MiB
    buffers = 0 bytes
    cached  =  40.66 MiB
    swap    = 128.00 MiB free of 128.00 MiB

Filesystems:
           /:   9.40 GiB free of  10.20 GiB

Network Interfaces:
    lo - 127.0.0.1/8, ::1/128
      rx =  14.18 MiB, tx =  14.18 MiB

    venet0 - 10.30.0.1/24, 2607:5300:100:200::81a/56
      rx =  98.94 MiB, tx = 130.33 MiB

Wednesday, March 8, 2017

Linux Disable USB Devices (Disable loading of USB Storage Driver)

https://www.cyberciti.biz/faq/linux-disable-modprobe-loading-of-usb-storage-driver

In our research lab, would like to disable all USB devices connected to our HP Red Hat Linux based workstations. I would like to disable USB flash or hard drives, which users can use with physical access to a system to quickly copy sensitive data from it. How do I disable USB device support under CentOS Linux, RHEL version 5.x/6.x/7.x and Fedora latest version?

The USB storage drive automatically detects USB flash or hard drives. You can quickly force and disable USB storage devices under any Linux distribution. The modprobe program used for automatic kernel module loading. It can be configured not load the USB storage driver upon demand. This will prevent the modprobe program from loading the usb-storage module, but will not prevent root (or another privileged program) from using the insmod/modprobe program to load the module manually. USB sticks containing harmful malware may be used to steal your personal data. It is not uncommon for USB sticks to be used to carry and transmit destructive malware and viruses to computers. The attacker can target MS-Windows, macOS (OS X), Android and Linux based system.

usb-storage driver

The usb-storage.ko is the USB Mass Storage driver for Linux operating system. You can see the file typing the following command:
# ls -l /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko
All you have to do is disable or remove the usb-storage.ko driver to restrict to use USB devices on Linux such as:
  1. USB keyboards
  2. USB mice
  3. USB pen drive
  4. USB hard disk
  5. Other USB block storage

How to forbid to use USB-storage devices on using fake install method

Type the following command under CentOS or RHEL 5.x or older:
# echo 'install usb-storage : ' >> /etc/modprobe.conf
Please note that you can use : a shell builtin or /bin/true.
Type the following command under CentOS or RHEL 6.x/7.x or newer (including the latest version of Fedora):
# echo 'install usb-storage /bin/true' >> disable-usb-storage.conf
Save and close the file. Now the driver will not load. You can also remove USB Storage driver without rebooting the system, enter:
# modprobe -r usb-storage
# mv -v /lib/modules/$(uname -r)/kernel/drivers/usb/storage/usb-storage.ko /root/
##################
#### verify it ###
##################
# modinfo usb-storage
# lsmod | grep -i usb-storage
# lsscsi -H

Sample outputs:

Fig.01: How to disable USB mass storage devices on physical Linux system?
Fig.01: How to disable USB mass storage devices on physical Linux system?

Blacklist usb-storage

Edit /etc/modprobe.d/blacklist.conf, enter:
# vi /etc/modprobe.d/blacklist.conf
Edit or append as follows:
blacklist usb-storage
Save and close the file.

BIOS option

You can also disable USB from system BIOS configuration option. Make sure BIOS is password protected. This is recommended option so that nobody can boot it from USB.

Encrypt hard disk

Linux supports the various cryptographic techniques to protect a hard disk, directory, and partition. See "Linux Hard Disk Encryption With LUKS [ cryptsetup Command ]" for more info.

Grub option

You can get rid of all USB devices by disabling kernel support for USB via GRUB. Open grub.conf or menu.lst and append "nousb" to the kernel line as follows (taken from RHEL 5.x):
kernel /vmlinuz-2.6.18-128.1.1.el5 ro root=LABEL=/ console=tty0 console=ttyS1,19200n8 nousb
Make sure you remove any other reference to usb-storage in the grub or grub2 config files. Save and close the file. Once done just reboot the system:
# reboot
For grub2 use /etc/default/grub config file under Fedora / Debian / Ubuntu / RHEL / CentOS Linux. I strongly suggest that you read RHEL/CentOS grub2 config and Ubuntu/Debian grub2 config help pages.