How can I use docker without sudo?

Question

icarusbop

Asked: 2017-07-15 03:04:42 +0800 CST2017-07-15 03:04:42 +0800 CST 2017-07-15 03:04:42 +0800 CST

Confusing port entries in Auth log

772

I've found a lot of entries in my auth log....

Failed password for root from 59.45.175.12 port 59662 ssh2

(ip above not actual IP for security reasons) Which I think is someone trying to hack in, this is not my problem, I can easily block the IP in UFW.

But, what I can't understand is the port "59962" (this seems to change on each entry by the way) I currently have UFW installed and running, as as far as I can see the port above (59962) is already blocked in UFW, so I don't undertand how the auth request is getting as far as SSH?

UFW as I understand it blocks all ports except those specifically allowed, the port above is not in my allowed list - unless I'm missing something...

Can someone explain please?

IcarusBop

1 Answers

Voted

waltinator · Answer 1 · 2017-07-15T05:27:19+08:00

waltinator

2017-07-15T05:27:19+08:002017-07-15T05:27:19+08:00

The port number that's being logged (59962) is the originating port on the other system (59.45.175.12). See man 7 socket for info on how sockets work.

Yes, it looks like you are being attacked. Look at the fail2ban package:

fail2ban - ban hosts that cause multiple authentication errors

Find the hostname of the other system via:

dig -x 59.45.175.12

0

Confusing port entries in Auth log

How to install Google Chrome

Is there a command to list all users? Also to add, delete, modify users, in the terminal?

How to delete a non-empty directory in Terminal?

How to unzip a zip file from the Terminal?

How can I copy the contents of a folder to another folder in a different directory using terminal?

How do I install a .deb file via the command line?

How do I run .sh scripts?

How do I install a .tar.gz (or .tar.bz2) file?

How to list all installed packages

Unable to lock the administration directory (/var/lib/dpkg/) is another process using it?