Wikipedia

Search results

29 April 2019

How to remove a large file from commit history in git

I had committed a headless Chromium module. The purpose of committing modules for me in late stage projects is to make sure they exist, who knows what could happen later. Nevermind it's a module, this may have well been an errant zip file or anything preventing size-limited transfers.

This method will remove any file from any commit in history.


$ git filter-branch --tree-filter 'rm -rf node_modules/pdf-puppeteer' HEAD
$ # or 'rm -f $FILENAME'

20 April 2019

CentOS sshd security helpers

list all unique IPs that failed login

egrep "Failed|Failure" /var/log/secure| grep -Po "[0-9]+\.[0-9]+\.[0-9]+\.[0-9]+" | sort | uniq -c



clear logs without interruption

cat /dev/null > /var/log/secure



logs not collecting, erroneous empty of log directory

systemctl status rsyslog.service
systemctl status sshd.service

systemctl reload rsyslog.service
systemctl restart rsyslog.service

07 April 2019

Find and block failed SSH logins on CentOS

Got a problem with others trying to brute force the root password on your box?


I'm not running vsftpd, yet it's a similar process. My concern is limited to third-parties trying to access my box with SSH.
This is what I did:
Tecmint showed me how to grep the IPs:
# egrep "Failed|Failure" /var/log/secure
Apr  7 03:42:13 67 sshd[4868]: Failed password for root from 186.233.231.44 port 56075 ssh2
Apr  7 03:45:19 67 sshd[4871]: Failed password for root from 38.140.192.165 port 52138 ssh2
Apr  7 03:47:16 67 sshd[4874]: Failed password for root from 35.221.157.112 port 36306 ssh2
Apr  7 03:49:01 67 sshd[4877]: Failed password for root from 153.127.193.168 port 40604 ssh2
Apr  7 03:50:54 67 sshd[4881]: Failed password for root from 89.109.54.214 port 52268 ssh2
Apr  7 04:01:07 67 sshd[4900]: Failed password for root from 14.63.192.249 port 37507 ssh2
Apr  7 04:04:49 67 sshd[4905]: Failed password for root from 41.228.165.225 port 35462 ssh2
Apr  7 04:05:40 67 sshd[4909]: Failed password for root from 195.142.122.126 port 42548 ssh2
Apr  7 04:16:17 67 sshd[4914]: Failed password for root from 103.120.224.3 port 51416 ssh2
Apr  7 04:26:00 67 sshd[4919]: Failed password for root from 139.59.79.56 port 40074 ssh2
Apr  7 04:37:27 67 sshd[4925]: Failed password for root from 103.27.236.2 port 60528 ssh2
Apr  7 04:44:33 67 sshd[4968]: Failed password for root from 18.214.68.139 port 60896 ssh2
Apr  7 04:53:24 67 sshd[4991]: Failed password for root from 193.36.184.175 port 41408 ssh2
Apr  7 04:56:09 67 sshd[4995]: Failed password for root from 1.250.62.223 port 59052 ssh2
Apr  7 05:00:45 67 sshd[4998]: Failed password for root from 183.82.63.212 port 43840 ssh2
Apr  7 05:05:41 67 sshd[5016]: Failed password for root from 186.103.146.148 port 55982 ssh2
Apr  7 05:10:14 67 sshd[5038]: Failed password for root from 68.183.4.19 port 34894 ssh2

From there I updated my /etc/hosts.deny file to the following:
# /etc/hosts.deny
#
# hosts.deny    This file contains access rules which are used to
#               deny connections to network services that either use
#               the tcp_wrappers library or that have been
#               started through a tcp_wrappers-enabled xinetd.
#
#               The rules in this file can also be set up in
#               /etc/hosts.allow with a 'deny' option instead.
#
#               See 'man 5 hosts_options' and 'man 5 hosts_access'
#               for information on rule syntax.
#               See 'man tcpd' for information on tcp_wrappers
#
sshd: 186.233.231.44
sshd: 38.140.192.165
sshd: 35.221.157.112
sshd: 153.127.193.168
sshd: 89.109.54.214
sshd: 14.63.192.249
sshd: 41.228.165.225
sshd: 195.142.122.126
sshd: 103.120.224.3
sshd: 139.59.79.56
sshd: 103.27.236.2
sshd: 18.214.68.139
sshd: 193.36.184.175
sshd: 1.250.62.223
sshd: 183.82.63.212
sshd: 186.103.146.148
sshd: 68.183.4.19

Just let systemd know it needs to update changes, and voila. It's done.
# systemctl restart sshd