psidex/docker logs fail2ban Secret

## docker logs fail2ban
Setting timezone to UTC...
Setting SSMTP configuration...
WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails
Initializing files and folders...
Setting Fail2ban configuration...
Checking for custom actions in /data/action.d...
Checking for custom filters in /data/filter.d...
2020-09-14 16:06:06,116 fail2ban.configreader   [1]: INFO    Loading configs for fail2ban under /etc/fail2ban
2020-09-14 16:06:06,117 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-09-14 16:06:06,118 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-09-14 16:06:06,119 fail2ban                [1]: INFO    Using socket file /var/run/fail2ban/fail2ban.sock
2020-09-14 16:06:06,119 fail2ban                [1]: INFO    Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT
2020-09-14 16:06:06,121 fail2ban.configreader   [1]: INFO    Loading configs for jail under /etc/fail2ban
2020-09-14 16:06:06,122 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/jail.conf']
2020-09-14 16:06:06,131 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/paths-debian.conf']
2020-09-14 16:06:06,132 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf']
2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/paths-overrides.local']
2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/jail.d/sshd.conf']
2020-09-14 16:06:06,135 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/sshd.conf']
2020-09-14 16:06:06,136 fail2ban.configreader   [1]: INFO    Loading configs for filter.d/sshd under /etc/fail2ban
2020-09-14 16:06:06,137 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
2020-09-14 16:06:06,138 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.conf']
2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.local']
2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf']
2020-09-14 16:06:06,147 fail2ban.configreader   [1]: INFO    Loading configs for action.d/iptables-multiport under /etc/fail2ban
2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf']
2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
2020-09-14 16:06:06,149 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO      Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf']
2020-09-14 16:06:06,188 fail2ban.server         [1]: INFO    --------------------------------------------------
2020-09-14 16:06:06,188 fail2ban.server         [1]: INFO    Starting Fail2ban v0.11.1
2020-09-14 16:06:06,189 fail2ban.server         [1]: DEBUG   Creating PID file /var/run/fail2ban/fail2ban.pid
2020-09-14 16:06:06,190 fail2ban.observer       [1]: INFO    Observer start...
2020-09-14 16:06:06,190 fail2ban.server         [1]: DEBUG   Starting communication
2020-09-14 16:06:06,198 fail2ban.database       [1]: INFO    Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2020-09-14 16:06:06,199 fail2ban.jail           [1]: INFO    Creating new jail 'sshd'
2020-09-14 16:06:06,211 fail2ban.jail           [1]: INFO    Jail 'sshd' uses pyinotify {}
2020-09-14 16:06:06,211 fail2ban.filter         [1]: DEBUG   Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-09-14 16:06:06,211 fail2ban.filter         [1]: DEBUG   Created FilterPyinotify(Jail('sshd'))
2020-09-14 16:06:06,212 fail2ban.filterpyinotif [1]: DEBUG   Created FilterPyinotify
2020-09-14 16:06:06,212 fail2ban.jail           [1]: INFO    Initiated 'pyinotify' backend
2020-09-14 16:06:06,213 fail2ban.filter         [1]: DEBUG   Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-09-14 16:06:06,214 fail2ban.server         [1]: DEBUG     prefregex: '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'
2020-09-14 16:06:06,216 fail2ban.filter         [1]: INFO      maxLines: 1
2020-09-14 16:06:06,216 fail2ban.server         [1]: DEBUG     failregex: '^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,218 fail2ban.server         [1]: DEBUG     failregex: '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,220 fail2ban.server         [1]: DEBUG     failregex: '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-09-14 16:06:06,222 fail2ban.server         [1]: DEBUG     failregex: '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-09-14 16:06:06,224 fail2ban.server         [1]: DEBUG     failregex: '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>'
2020-09-14 16:06:06,225 fail2ban.server         [1]: DEBUG     failregex: '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,226 fail2ban.server         [1]: DEBUG     failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,228 fail2ban.server         [1]: DEBUG     failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,230 fail2ban.server         [1]: DEBUG     failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,231 fail2ban.server         [1]: DEBUG     failregex: '^refused connect from \\S+ \\(<HOST>\\)'
2020-09-14 16:06:06,232 fail2ban.server         [1]: DEBUG     failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,234 fail2ban.server         [1]: DEBUG     failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,235 fail2ban.server         [1]: DEBUG     failregex: "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$"
2020-09-14 16:06:06,237 fail2ban.server         [1]: DEBUG     failregex: '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,239 fail2ban.server         [1]: DEBUG     failregex: '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,241 fail2ban.server         [1]: DEBUG     failregex: '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*'
2020-09-14 16:06:06,242 fail2ban.server         [1]: DEBUG     failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$'
2020-09-14 16:06:06,244 fail2ban.server         [1]: DEBUG     failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-09-14 16:06:06,245 fail2ban.server         [1]: DEBUG     failregex: '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:'
2020-09-14 16:06:06,247 fail2ban.server         [1]: DEBUG     failregex: '^<F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?: (?:port \\d+|on \\S+)){0,2}\\s+\\[preauth\\]\\s*$'
2020-09-14 16:06:06,249 fail2ban.server         [1]: DEBUG     failregex: '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)'
2020-09-14 16:06:06,251 fail2ban.server         [1]: DEBUG     failregex: '^Did not receive identification string from <HOST>'
2020-09-14 16:06:06,252 fail2ban.server         [1]: DEBUG     failregex: "^Bad protocol version identification '.*' from <HOST>"
2020-09-14 16:06:06,253 fail2ban.server         [1]: DEBUG     failregex: '^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>'
2020-09-14 16:06:06,255 fail2ban.server         [1]: DEBUG     failregex: '^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\\d+;[A-Z]\\w+:'
2020-09-14 16:06:06,256 fail2ban.server         [1]: DEBUG     failregex: '^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer'
2020-09-14 16:06:06,257 fail2ban.server         [1]: DEBUG     failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*14: No supported authentication methods available'
2020-09-14 16:06:06,258 fail2ban.server         [1]: DEBUG     failregex: '^Unable to negotiate with <HOST>(?: (?:port \\d+|on \\S+)){0,2}: no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found.'
2020-09-14 16:06:06,261 fail2ban.server         [1]: DEBUG     failregex: '^Unable to negotiate a (?:(?:\\w+ (?!found\\b)){0,2}\\w+)'
2020-09-14 16:06:06,261 fail2ban.server         [1]: DEBUG     failregex: '^no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found:'
2020-09-14 16:06:06,262 fail2ban.server         [1]: DEBUG     failregex: '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>'
2020-09-14 16:06:06,266 fail2ban.filter         [1]: INFO      maxRetry: 3
2020-09-14 16:06:06,266 fail2ban.filter         [1]: INFO      findtime: 86400
2020-09-14 16:06:06,267 fail2ban.actions        [1]: INFO      banTime: -1
2020-09-14 16:06:06,267 fail2ban.filter         [1]: INFO      encoding: UTF-8
2020-09-14 16:06:06,267 fail2ban.filter         [1]: INFO    Added logfile: '/var/log/auth.log' (pos = 444061, hash = 921411e11d550a540994e830936134f6c26ea0eb)
2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG   New <Watch wd=1 path=/var/log mask=1073745280 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=True >
2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG   Added monitor for the parent directory /var/log
2020-09-14 16:06:06,269 fail2ban.filterpyinotif [1]: DEBUG   New <Watch wd=2 path=/var/log/auth.log mask=2 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=False >
2020-09-14 16:06:06,270 fail2ban.filterpyinotif [1]: DEBUG   Added file watcher for /var/log/auth.log
2020-09-14 16:06:06,270 fail2ban.filter         [1]: DEBUG   Seek to find time 1600013166.270299 (2020-09-13 16:06:06), file size 444061
2020-09-14 16:06:06,270 fail2ban.filter         [1]: DEBUG   Position -1 from 444061, found time None () within 0 seeks
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG   Created <class 'fail2ban.server.action.CommandAction'>
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG     Set actionstart = '<iptables> -N f2b-sshd\n<iptables> -A f2b-sshd -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd'
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG     Set actionstop = '<iptables> -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd\n<iptables> -F f2b-sshd\n<iptables> -X f2b-sshd'
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG     Set actionflush = '<iptables> -F f2b-sshd'
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG     Set actioncheck = "<iptables> -n -L INPUT | grep -q 'f2b-sshd[ \\t]'"
2020-09-14 16:06:06,271 fail2ban.CommandAction  [1]: DEBUG     Set actionban = '<iptables> -I f2b-sshd 1 -s <ip> -j <blocktype>'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set actionunban = '<iptables> -D f2b-sshd -s <ip> -j <blocktype>'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set name = 'sshd'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set port = '2222'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set protocol = 'tcp'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set chain = 'INPUT'
2020-09-14 16:06:06,272 fail2ban.CommandAction  [1]: DEBUG     Set actname = 'iptables-multiport'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set blocktype = 'REJECT --reject-with icmp-port-unreachable'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set returntype = 'RETURN'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set lockingopt = '-w'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set iptables = 'iptables <lockingopt>'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
2020-09-14 16:06:06,273 fail2ban.CommandAction  [1]: DEBUG     Set iptables?family=inet6 = 'ip6tables <lockingopt>'
2020-09-14 16:06:06,274 fail2ban.jail           [1]: DEBUG   Starting jail 'sshd'
2020-09-14 16:06:06,274 fail2ban.filterpyinotif [1]: DEBUG   [sshd] filter started (pyinotifier)
2020-09-14 16:06:07,100 fail2ban.jail           [1]: INFO    Jail 'sshd' started
2020-09-14 16:06:07,101 fail2ban.transmitter    [1]: DEBUG   Status: ready
Server ready
2020-09-14 16:06:07,481 fail2ban.actions        [1]: NOTICE  [sshd] Restore Ban 1.1.186.208
2020-09-14 16:06:07,499 fail2ban.utils          [1]: DEBUG   7f39cd5d92f0 -- stderr: 'iptables: Chain already exists.'
2020-09-14 16:06:07,500 fail2ban.utils          [1]: DEBUG   7f39cd5d92f0 -- returned successfully 0
2020-09-14 16:06:07,510 fail2ban.utils          [1]: DEBUG   7f39cb374a40 -- returned successfully 0
2020-09-14 16:06:07,522 fail2ban.utils          [1]: DEBUG   7f39cb3146f0 -- returned successfully 0
2020-09-14 16:06:07,523 fail2ban.actions        [1]: NOTICE  [sshd] Restore Ban 1.10.133.55
2020-09-14 16:06:07,533 fail2ban.utils          [1]: DEBUG   7f39cb374a40 -- returned successfully 0
2020-09-14 16:06:07,543 fail2ban.utils          [1]: DEBUG   7f39cb314810 -- returned successfully 0
2020-09-14 16:06:07,546 fail2ban.actions        [1]: NOTICE  [sshd] Restore Ban 1.11.201.18
2020-09-14 16:06:07,581 fail2ban.utils          [1]: DEBUG   7f39cb374a40 -- returned successfully 0
2020-09-14 16:06:07,590 fail2ban.utils          [1]: DEBUG   7f39cb314780 -- returned successfully 0
2020-09-14 16:06:07,591 fail2ban.actions        [1]: NOTICE  [sshd] Restore Ban 1.119.131.102
2020-09-14 16:06:07,601 fail2ban.utils          [1]: DEBUG   7f39cb374a40 -- returned successfully 0
2020-09-14 16:06:07,608 fail2ban.utils          [1]: DEBUG   7f39cb3146f0 -- returned successfully 0
2020-09-14 16:06:07,609 fail2ban.actions        [1]: NOTICE  [sshd] Restore Ban 1.179.137.10
2020-09-14 16:06:07,617 fail2ban.utils          [1]: DEBUG   7f39cb374a40 -- returned successfully 0
2020-09-14 16:06:07,625 fail2ban.utils          [1]: DEBUG   7f39cb314810 -- returned successfully 0

## sudo iptables -L INPUT -v -n
Chain INPUT (policy DROP 1609K packets, 93M bytes)
 pkts bytes target     prot opt in     out     source               destination
8765K 5917M ufw-before-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
8765K 5917M ufw-before-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
2065K  116M ufw-after-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1609K   93M ufw-after-logging-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1609K   93M ufw-reject-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
1609K   93M ufw-track-input  all  --  *      *       0.0.0.0/0            0.0.0.0/0
# Warning: iptables-legacy tables present, use iptables-legacy to see them

## sudo iptables-legacy -L INPUT -v -n
Chain INPUT (policy ACCEPT 1 packets, 76 bytes)
 pkts bytes target     prot opt in     out     source               destination
  243 16132 f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 2222
10527  462K f2b-sshd   tcp  --  *      *       0.0.0.0/0            0.0.0.0/0            multiport dports 2222
	Setting timezone to UTC...
	Setting SSMTP configuration...
	WARNING: SSMTP_HOST must be defined if you want fail2ban to send emails
	Initializing files and folders...
	Setting Fail2ban configuration...
	Checking for custom actions in /data/action.d...
	Checking for custom filters in /data/filter.d...
	2020-09-14 16:06:06,116 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban
	2020-09-14 16:06:06,117 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
	2020-09-14 16:06:06,118 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
	2020-09-14 16:06:06,119 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock
	2020-09-14 16:06:06,119 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT
	2020-09-14 16:06:06,121 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban
	2020-09-14 16:06:06,122 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf']
	2020-09-14 16:06:06,131 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf']
	2020-09-14 16:06:06,132 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf']
	2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
	2020-09-14 16:06:06,133 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/sshd.conf']
	2020-09-14 16:06:06,135 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/sshd.conf']
	2020-09-14 16:06:06,136 fail2ban.configreader [1]: INFO Loading configs for filter.d/sshd under /etc/fail2ban
	2020-09-14 16:06:06,137 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
	2020-09-14 16:06:06,138 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf']
	2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.local']
	2020-09-14 16:06:06,141 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf']
	2020-09-14 16:06:06,147 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-multiport under /etc/fail2ban
	2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-multiport.conf']
	2020-09-14 16:06:06,148 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
	2020-09-14 16:06:06,149 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
	2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
	2020-09-14 16:06:06,150 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-multiport.conf']
	2020-09-14 16:06:06,188 fail2ban.server [1]: INFO --------------------------------------------------
	2020-09-14 16:06:06,188 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1
	2020-09-14 16:06:06,189 fail2ban.server [1]: DEBUG Creating PID file /var/run/fail2ban/fail2ban.pid
	2020-09-14 16:06:06,190 fail2ban.observer [1]: INFO Observer start...
	2020-09-14 16:06:06,190 fail2ban.server [1]: DEBUG Starting communication
	2020-09-14 16:06:06,198 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
	2020-09-14 16:06:06,199 fail2ban.jail [1]: INFO Creating new jail 'sshd'
	2020-09-14 16:06:06,211 fail2ban.jail [1]: INFO Jail 'sshd' uses pyinotify {}
	2020-09-14 16:06:06,211 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
	2020-09-14 16:06:06,211 fail2ban.filter [1]: DEBUG Created FilterPyinotify(Jail('sshd'))
	2020-09-14 16:06:06,212 fail2ban.filterpyinotif [1]: DEBUG Created FilterPyinotify
	2020-09-14 16:06:06,212 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend
	2020-09-14 16:06:06,213 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
	2020-09-14 16:06:06,214 fail2ban.server [1]: DEBUG prefregex: '^<F-MLFID>(?:\\[\\])?\\s(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ \\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?\|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error\|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'
	2020-09-14 16:06:06,216 fail2ban.filter [1]: INFO maxLines: 1
	2020-09-14 16:06:06,216 fail2ban.server [1]: DEBUG failregex: '^[aA]uthentication (?:failure\|error\|failed) for <F-USER>.</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s$'
	2020-09-14 16:06:06,218 fail2ban.server [1]: DEBUG failregex: '^User not known to the underlying authentication module for <F-USER>.</F-USER> from <HOST>(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s$'
	2020-09-14 16:06:06,220 fail2ban.server [1]: DEBUG failregex: '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)\|(?:(?! from ).)?</F-USER> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}(?: ssh\\d)?(?(cond_user): \|(?:(?:(?! from ).)*)$)'
	2020-09-14 16:06:06,222 fail2ban.server [1]: DEBUG failregex: '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)\|(?(cond_inv)(?:(?! from ).)?\|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}(?: ssh\\d)?(?(cond_user): \|(?:(?:(?! from ).)*)$)'
	2020-09-14 16:06:06,224 fail2ban.server [1]: DEBUG failregex: '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>'
	2020-09-14 16:06:06,225 fail2ban.server [1]: DEBUG failregex: '^[iI](?:llegal\|nvalid) user <F-USER>.?</F-USER> from <HOST>(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s$'
	2020-09-14 16:06:06,226 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,228 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,230 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,231 fail2ban.server [1]: DEBUG failregex: '^refused connect from \\S+ \\(<HOST>\\)'
	2020-09-14 16:06:06,232 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}:\\s3: .: Auth fail(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,234 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,235 fail2ban.server [1]: DEBUG failregex: "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$"
	2020-09-14 16:06:06,237 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname\|e?uid\|tty)=\\S)){0,4}\\s+ruser=<F-ALT_USER>\\S</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S</F-USER>)?(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s$'
	2020-09-14 16:06:06,239 fail2ban.server [1]: DEBUG failregex: '^(error: )?maximum authentication attempts exceeded for <F-USER>.</F-USER> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}(?: ssh\\d)?(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,241 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*'
	2020-09-14 16:06:06,242 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid\|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+\|on \\S+)){0,2}:\\sChange of username or service not allowed:\\s.\\[preauth\\]\\s$'
	2020-09-14 16:06:06,244 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+\|on \\S+\|\\[preauth\\])){0,3}\\s*$'
	2020-09-14 16:06:06,245 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}:\\s*11:'
	2020-09-14 16:06:06,247 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>(Connection closed\|Disconnected)</F-MLFFORGET> (?:by\|from)(?: (?:invalid\|authenticating) user <F-USER>\\S+\|.+?</F-USER>)? <HOST>(?: (?:port \\d+\|on \\S+)){0,2}\\s+\\[preauth\\]\\s*$'
	2020-09-14 16:06:06,249 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s\|$)'
	2020-09-14 16:06:06,251 fail2ban.server [1]: DEBUG failregex: '^Did not receive identification string from <HOST>'
	2020-09-14 16:06:06,252 fail2ban.server [1]: DEBUG failregex: "^Bad protocol version identification '.*' from <HOST>"
	2020-09-14 16:06:06,253 fail2ban.server [1]: DEBUG failregex: '^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>'
	2020-09-14 16:06:06,255 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname\|Version\|Kex);Remote: <HOST>-\\d+;[A-Z]\\w+:'
	2020-09-14 16:06:06,256 fail2ban.server [1]: DEBUG failregex: '^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer'
	2020-09-14 16:06:06,257 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+\|on \\S+)){0,2}:\\s*14: No supported authentication methods available'
	2020-09-14 16:06:06,258 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate with <HOST>(?: (?:port \\d+\|on \\S+)){0,2}: no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found.'
	2020-09-14 16:06:06,261 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate a (?:(?:\\w+ (?!found\\b)){0,2}\\w+)'
	2020-09-14 16:06:06,261 fail2ban.server [1]: DEBUG failregex: '^no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found:'
	2020-09-14 16:06:06,262 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>'
	2020-09-14 16:06:06,266 fail2ban.filter [1]: INFO maxRetry: 3
	2020-09-14 16:06:06,266 fail2ban.filter [1]: INFO findtime: 86400
	2020-09-14 16:06:06,267 fail2ban.actions [1]: INFO banTime: -1
	2020-09-14 16:06:06,267 fail2ban.filter [1]: INFO encoding: UTF-8
	2020-09-14 16:06:06,267 fail2ban.filter [1]: INFO Added logfile: '/var/log/auth.log' (pos = 444061, hash = 921411e11d550a540994e830936134f6c26ea0eb)
	2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=1 path=/var/log mask=1073745280 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=True >
	2020-09-14 16:06:06,268 fail2ban.filterpyinotif [1]: DEBUG Added monitor for the parent directory /var/log
	2020-09-14 16:06:06,269 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=2 path=/var/log/auth.log mask=2 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0x7f39ccd1faf0> dir=False >
	2020-09-14 16:06:06,270 fail2ban.filterpyinotif [1]: DEBUG Added file watcher for /var/log/auth.log
	2020-09-14 16:06:06,270 fail2ban.filter [1]: DEBUG Seek to find time 1600013166.270299 (2020-09-13 16:06:06), file size 444061
	2020-09-14 16:06:06,270 fail2ban.filter [1]: DEBUG Position -1 from 444061, found time None () within 0 seeks
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionstart = '<iptables> -N f2b-sshd\n<iptables> -A f2b-sshd -j RETURN\n<iptables> -I INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd'
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionstop = '<iptables> -D INPUT -p tcp -m multiport --dports 2222 -j f2b-sshd\n<iptables> -F f2b-sshd\n<iptables> -X f2b-sshd'
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionflush = '<iptables> -F f2b-sshd'
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actioncheck = "<iptables> -n -L INPUT \| grep -q 'f2b-sshd[ \\t]'"
	2020-09-14 16:06:06,271 fail2ban.CommandAction [1]: DEBUG Set actionban = '<iptables> -I f2b-sshd 1 -s <ip> -j <blocktype>'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set actionunban = '<iptables> -D f2b-sshd -s <ip> -j <blocktype>'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set port = '2222'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
	2020-09-14 16:06:06,272 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-multiport'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'REJECT --reject-with icmp-port-unreachable'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables <lockingopt>'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
	2020-09-14 16:06:06,273 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables <lockingopt>'
	2020-09-14 16:06:06,274 fail2ban.jail [1]: DEBUG Starting jail 'sshd'
	2020-09-14 16:06:06,274 fail2ban.filterpyinotif [1]: DEBUG [sshd] filter started (pyinotifier)
	2020-09-14 16:06:07,100 fail2ban.jail [1]: INFO Jail 'sshd' started
	2020-09-14 16:06:07,101 fail2ban.transmitter [1]: DEBUG Status: ready
	Server ready
	2020-09-14 16:06:07,481 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.1.186.208
	2020-09-14 16:06:07,499 fail2ban.utils [1]: DEBUG 7f39cd5d92f0 -- stderr: 'iptables: Chain already exists.'
	2020-09-14 16:06:07,500 fail2ban.utils [1]: DEBUG 7f39cd5d92f0 -- returned successfully 0
	2020-09-14 16:06:07,510 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0
	2020-09-14 16:06:07,522 fail2ban.utils [1]: DEBUG 7f39cb3146f0 -- returned successfully 0
	2020-09-14 16:06:07,523 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.10.133.55
	2020-09-14 16:06:07,533 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0
	2020-09-14 16:06:07,543 fail2ban.utils [1]: DEBUG 7f39cb314810 -- returned successfully 0
	2020-09-14 16:06:07,546 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.11.201.18
	2020-09-14 16:06:07,581 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0
	2020-09-14 16:06:07,590 fail2ban.utils [1]: DEBUG 7f39cb314780 -- returned successfully 0
	2020-09-14 16:06:07,591 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.119.131.102
	2020-09-14 16:06:07,601 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0
	2020-09-14 16:06:07,608 fail2ban.utils [1]: DEBUG 7f39cb3146f0 -- returned successfully 0
	2020-09-14 16:06:07,609 fail2ban.actions [1]: NOTICE [sshd] Restore Ban 1.179.137.10
	2020-09-14 16:06:07,617 fail2ban.utils [1]: DEBUG 7f39cb374a40 -- returned successfully 0
	2020-09-14 16:06:07,625 fail2ban.utils [1]: DEBUG 7f39cb314810 -- returned successfully 0
	Chain INPUT (policy DROP 1609K packets, 93M bytes)
	pkts bytes target prot opt in out source destination
	8765K 5917M ufw-before-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
	8765K 5917M ufw-before-input all -- * * 0.0.0.0/0 0.0.0.0/0
	2065K 116M ufw-after-input all -- * * 0.0.0.0/0 0.0.0.0/0
	1609K 93M ufw-after-logging-input all -- * * 0.0.0.0/0 0.0.0.0/0
	1609K 93M ufw-reject-input all -- * * 0.0.0.0/0 0.0.0.0/0
	1609K 93M ufw-track-input all -- * * 0.0.0.0/0 0.0.0.0/0
	# Warning: iptables-legacy tables present, use iptables-legacy to see them
	Chain INPUT (policy ACCEPT 1 packets, 76 bytes)
	pkts bytes target prot opt in out source destination
	243 16132 f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2222
	10527 462K f2b-sshd tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 2222