-
-
Save psidex/db37489993713caab61d6fa915d1d715 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Setting timezone to UTC... | |
Setting SSMTP configuration... | |
WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails | |
Initializing files and folders... | |
Setting Fail2ban configuration... | |
Checking for custom actions in /data/action.d... | |
Checking for custom filters in /data/filter.d... | |
2020-09-14 16:06:06,116 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban | |
2020-09-14 16:06:06,117 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] | |
2020-09-14 16:06:06,118 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf'] | |
2020-09-14 16:06:06,119 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock | |
2020-09-14 16:06:06,119 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT | |
2020-09-14 16:06:06,121 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban | |
2020-09-14 16:06:06,122 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf'] | |
2020-09-14 16:06:06,131 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf'] | |
2020-09-14 16:06:06,132 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf'] | |
2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local'] | |
2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/sshd.conf'] | |
2020-09-14 16:06:06,135 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/sshd.conf'] | |
2020-09-14 16:06:06,136 fail2ban.configreader [1]: INFO Loading configs for filter.d/sshd under /etc/fail2ban | |
2020-09-14 16:06:06,137 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf'] | |
2020-09-14 16:06:06,138 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf'] | |
2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.local'] | |
2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf'] | |
2020-09-14 16:06:06,147 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban | |
2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf'] | |
2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf'] | |
2020-09-14 16:06:06,149 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local'] | |
2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local'] | |
2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf'] | |
2020-09-14 16:06:06,188 fail2ban.server [1]: INFO -------------------------------------------------- | |
2020-09-14 16:06:06,188 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1 | |
2020-09-14 16:06:06,189 fail2ban.server [1]: DEBUG Creating PID file /var/run/fail2ban/fail2ban.pid | |
2020-09-14 16:06:06,190 fail2ban.observer [1]: INFO Observer start... | |
2020-09-14 16:06:06,190 fail2ban.server [1]: DEBUG Starting communication | |
2020-09-14 16:06:06,198 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3' | |
2020-09-14 16:06:06,199 fail2ban.jail [1]: INFO Creating new jail 'sshd' | |
2020-09-14 16:06:06,211 fail2ban.jail [1]: INFO Jail 'sshd' uses pyinotify {} | |
2020-09-14 16:06:06,211 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd')) | |
2020-09-14 16:06:06,211 fail2ban.filter [1]: DEBUG Created FilterPyinotify(Jail('sshd')) | |
2020-09-14 16:06:06,212 fail2ban.filterpyinotif [1]: DEBUG Created FilterPyinotify | |
2020-09-14 16:06:06,212 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend | |
2020-09-14 16:06:06,213 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd')) | |
2020-09-14 16:06:06,214 fail2ban.server [1]: DEBUG prefregex: '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$' | |
2020-09-14 16:06:06,216 fail2ban.filter [1]: INFO maxLines: 1 | |
2020-09-14 16:06:06,216 fail2ban.server [1]: DEBUG failregex: '^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,218 fail2ban.server [1]: DEBUG failregex: '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,220 fail2ban.server [1]: DEBUG failregex: '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)' | |
2020-09-14 16:06:06,222 fail2ban.server [1]: DEBUG failregex: '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)' | |
2020-09-14 16:06:06,224 fail2ban.server [1]: DEBUG failregex: '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>' | |
2020-09-14 16:06:06,225 fail2ban.server [1]: DEBUG failregex: '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,226 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,228 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,230 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,231 fail2ban.server [1]: DEBUG failregex: '^refused connect from \\S+ \\(<HOST>\\)' | |
2020-09-14 16:06:06,232 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,234 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,235 fail2ban.server [1]: DEBUG failregex: "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$" | |
2020-09-14 16:06:06,237 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,239 fail2ban.server [1]: DEBUG failregex: '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,241 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*' | |
2020-09-14 16:06:06,242 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$' | |
2020-09-14 16:06:06,244 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$' | |
2020-09-14 16:06:06,245 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:' | |
2020-09-14 16:06:06,247 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?: (?:port \\d+|on \\S+)){0,2}\\s+\\[preauth\\]\\s*$' | |
2020-09-14 16:06:06,249 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)' | |
2020-09-14 16:06:06,251 fail2ban.server [1]: DEBUG failregex: '^Did not receive identification string from <HOST>' | |
2020-09-14 16:06:06,252 fail2ban.server [1]: DEBUG failregex: "^Bad protocol version identification '.*' from <HOST>" | |
2020-09-14 16:06:06,253 fail2ban.server [1]: DEBUG failregex: '^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>' | |
2020-09-14 16:06:06,255 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\\d+;[A-Z]\\w+:' | |
2020-09-14 16:06:06,256 fail2ban.server [1]: DEBUG failregex: '^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer' | |
2020-09-14 16:06:06,257 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*14: No supported authentication methods available' | |
2020-09-14 16:06:06,258 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate with <HOST>(?: (?:port \\d+|on \\S+)){0,2}: no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found.' | |
2020-09-14 16:06:06,261 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate a (?:(?:\\w+ (?!found\\b)){0,2}\\w+)' | |
2020-09-14 16:06:06,261 fail2ban.server [1]: DEBUG failregex: '^no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found:' | |
2020-09-14 16:06:06,262 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>' | |
2020-09-14 16:06:06,266 fail2ban.filter [1]: INFO maxRetry: 3 | |
2020-09-14 16:06:06,266 fail2ban.filter [1]: INFO findtime: 86400 | |
2020-09-14 16:06:06,267 fail2ban.actions [1]: INFO banTime: -1 | |
2020-09-14 16:06:06,267 fail2ban.filter [1]: INFO encoding: UTF-8 | |
2020-09-14 16:06:06,267 fail2ban.filter [1]: INFO Added logfile: '/var/log/auth.log' (pos = 444061, hash = 921411e11d550a540994e830936134f6c26ea0eb) | |
2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=1 path=/var/log mask=1073745280 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=True > | |
2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG Added monitor for the parent directory /var/log | |
2020-09-14 16:06:06,269 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=2 path=/var/log/auth.log mask=2 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=False > | |
2020-09-14 16:06:06,270 fail2ban.filterpyinotif [1]: DEBUG Added file watcher for /var/log/auth.log | |
2020-09-14 16:06:06,270 fail2ban.filter [1]: DEBUG Seek to find time 1600013166.270299 (2020-09-13 16:06:06), file size 444061 | |
2020-09-14 16:06:06,270 fail2ban.filter [1]: DEBUG Position -1 from 444061, found time None () within 0 seeks | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'> | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionstart = '<iptables> -N f2b-sshd\n<iptables> -A f2b-sshd -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd' | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionstop = '<iptables> -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd\n<iptables> -F f2b-sshd\n<iptables> -X f2b-sshd' | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionflush = '<iptables> -F f2b-sshd' | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actioncheck = "<iptables> -n -L INPUT | grep -q 'f2b-sshd[ \\t]'" | |
2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionban = '<iptables> -I f2b-sshd 1 -s <ip> -j <blocktype>' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set actionunban = '<iptables> -D f2b-sshd -s <ip> -j <blocktype>' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set port = '2222' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT' | |
2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-multiport' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'REJECT --reject-with icmp-port-unreachable' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables <lockingopt>' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable' | |
2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables <lockingopt>' | |
2020-09-14 16:06:06,274 fail2ban.jail [1]: DEBUG Starting jail 'sshd' | |
2020-09-14 16:06:06,274 fail2ban.filterpyinotif [1]: DEBUG [sshd] filter started (pyinotifier) | |
2020-09-14 16:06:07,100 fail2ban.jail [1]: INFO Jail 'sshd' started | |
2020-09-14 16:06:07,101 fail2ban.transmitter [1]: DEBUG Status: ready | |
Server ready | |
2020-09-14 16:06:07,481 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.1.186.208 | |
2020-09-14 16:06:07,499 fail2ban.utils [1]: DEBUG 7f39cd5d92f0 -- stderr: 'iptables: Chain already exists.' | |
2020-09-14 16:06:07,500 fail2ban.utils [1]: DEBUG 7f39cd5d92f0 -- returned successfully 0 | |
2020-09-14 16:06:07,510 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0 | |
2020-09-14 16:06:07,522 fail2ban.utils [1]: DEBUG 7f39cb3146f0 -- returned successfully 0 | |
2020-09-14 16:06:07,523 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.10.133.55 | |
2020-09-14 16:06:07,533 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0 | |
2020-09-14 16:06:07,543 fail2ban.utils [1]: DEBUG 7f39cb314810 -- returned successfully 0 | |
2020-09-14 16:06:07,546 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.11.201.18 | |
2020-09-14 16:06:07,581 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0 | |
2020-09-14 16:06:07,590 fail2ban.utils [1]: DEBUG 7f39cb314780 -- returned successfully 0 | |
2020-09-14 16:06:07,591 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.119.131.102 | |
2020-09-14 16:06:07,601 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0 | |
2020-09-14 16:06:07,608 fail2ban.utils [1]: DEBUG 7f39cb3146f0 -- returned successfully 0 | |
2020-09-14 16:06:07,609 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.179.137.10 | |
2020-09-14 16:06:07,617 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0 | |
2020-09-14 16:06:07,625 fail2ban.utils [1]: DEBUG 7f39cb314810 -- returned successfully 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Chain INPUT (policy DROP 1609K packets, 93M bytes) | |
pkts bytes target prot opt in out source destination | |
8765K 5917M ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
8765K 5917M ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
2065K 116M ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
1609K 93M ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
1609K 93M ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
1609K 93M ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0 | |
# Warning: iptables-legacy tables present, use iptables-legacy to see them |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Chain INPUT (policy ACCEPT 1 packets, 76 bytes) | |
pkts bytes target prot opt in out source destination | |
243 16132 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2222 | |
10527 462K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2222 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment