Monday, October 30, 2017

Blocking an IP Address

Well, well, well: I've acquired my very own hacker.

I was looking in my various log files to see if a broken disk was even trying to mount (it wasn't). The most recently written log file was /var/log/auth.log, so I opened it up and found messages along the lines of:

Oct 30 18:51:02 hal sshd[5843]: Failed password for root from xxx.yyy.zzz.aa port 39551 ssh2
Oct 30 18:51:07 hal sshd[5843]: message repeated 2 times: [ Failed password for root from xxx.yyy.zzz.aa port 39551 ssh2]
Oct 30 18:51:07 hal sshd[5843]: Received disconnect from xxx.yyy.zzz.aa port 39551:11:  [preauth]
Oct 30 18:51:07 hal sshd[5843]: Disconnected from xxx.yyy.zzz.aa port 39551 [preauth]
Oct 30 18:51:07 hal sshd[5843]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=xxx.yyy.zzz.aa  user=root

Where xxx.yyy.zzz.aa maps to a country that absolutely, positively, certainly is our friend.

Said frenemy wasn't happy trying just port 39551, and hit other ports as well. He/She/It is obviously trying a brute-force password attack against hal (That's never a good idea, Dave). The question is, what to do about it?

A quick Google Search found How Do I Block an IP Address on My Linux server?, which gives the answer: to block a specific address, use the command:

 sudo iptables -A INPUT -s xxx.yyy.zzz.aa -j DROP

where xxx.yyy.zzz.aa is the specific address you want to drop.

I did that, and it worked: the attack from that specific address stopped. But I'm sure there will be others.

It looks like that will work OK, but I'm also going to investigate ipsets, as noted in: How to block unwanted IP addresses on Linux efficiently. I'll let you know how it works.

P.S.: Should you “accidentally” block your weird uncle's IP, you can get it back with the command:

 sudo iptables -D INPUT -s xxx.yyy.zzz.aa -j DROP

Friday, October 06, 2017

Printer Installation: CUPS Shared Printer

So I've got the new Windows/Linux HP Pavilion, as mentioned in the last post. I also have a Brother HL2240 USB printer attached to my old Linux machine, Hal. How to hook that up?

First, you need the name of your printer on your old Linux (or Mac) box. In the browser window, enter http://localhost:631/printers/ Click on the printer you want to share. Now your browser address bar will be http://localhost:631/printers/Yourprintername. Remember Yourprintername — in my case it's HL2240.

For the Linux side of the machine, it's best to get the Brother printer driver for Linux. Then

  • Install the thing, excepting the soul-destroying EULA
  • It will ask for your device URI. Ignore that
  • In the main menu, find System > Administration > Printers
  • Select Add
  • For the device URI, use ipp://address:631/printers/Yourprintername, where address is the URL of the computer with the printer attached to it (In this case Hal), as seen on your local network.
  • When it asks for a printer driver, enter the location /usr/share/cups/model/HL2240.ppd , or whatever the model of your printer is.

For Windows, you can install the Brother Windows drivers, but they assume you have a USB printer connected to that printer. I ended up using the default Brother postscript driver. Then

  • Go to Settings > Printers and Scanners
  • When you see the option "The printer that I want isn't listed", click it
  • Click Select a shared printer by name
  • In the address box enter http://address:631/printers/Yourprintername . Note the http, not ipp
  • Click next, find the correct driver, and install.

If that doesn't work, add a comment, let's see if we can fix it.

Wednesday, October 04, 2017

Virtualization in a New HP Computer

I just bought a new HP Pavilion 15 as a possible desktop replacement.

Naturally, I want to run Linux on this baby, but I'm still not sure I'll keep it. So until I decide for sure, let's put Linux on a Virtual Machine using VirtualBox. This is how I run Linux on my work Mac.

No problem, right? Well ...,

Install VirtualBox on the HP, get an ISO of your favorite Linux distribution, and go to town. Right?

Except when you turn on VirtualBox, you get a message

VT-x is not available.

It seems that virtualization is disabled on new HP machines, and probably others. Except Macs.

The solution is the turn on virtualization in the BIOS. Which is only tricky if you don't know how to get to the BIOS, which is likely because it changes from machine to machine.

AMIDuOS has the solution for HP systems. For other systems, look around, hopefully you'll find something.

Have Fun