I manage a large scale SSH server. This server is open to the world via SSH port 22.
Considering I only have Australian clients I would expect only Australian IP’s connected to it, so how would I know?
You can google the IP but that is a manual time consuming process. So I have automated it!
There is a open source tool called GeoIP. Its available by default on Debian and Redhat based distros. Install it with the following method.
Debian
1 |
apt-get install geoip |
Redhat
1 |
yum install geoip |
Usage
1 2 |
root@ubuntu01:~# geoiplookup 101.1.1.56 GeoIP Country Edition: CN, China |
As you can see above, it resolves IP to country. This was perfect for the work I was doing but if you want specific city and GPS coordinates you need to download a higher detailed database from Maxmind.
So to update the database perform the following.
1 2 3 4 5 |
cd /usr/share/GeoIP/ wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz gunzip GeoLiteCity.dat.gz |
Now that you have the new database, you need to advise Geoip of the new database file.
Usage
1 2 |
root@ubuntu01:/usr/share/GeoIP# geoiplookup -f GeoLiteCity.dat 101.1.1.56 GeoIP City Edition, Rev 1: CN, 07, Fujian, Fuzhou, N/A, 26.061399, 119.306099, 0, 0 |
As you can see, more detail than before.