Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 020-04-26 15:55:51,122 fail2ban.server [23775]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.9.6
- 2020-04-26 15:55:51,124 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'dbfile', '/var/lib/fail2ban/fail2ban.sqlite3']
- 2020-04-26 15:55:51,125 fail2ban.database [23775]: INFO Connected to fail2ban persistent database '/var/lib/fail2ban/fail2ban.sqlite3'
- 2020-04-26 15:55:51,131 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'dbpurgeage', '86400']
- 2020-04-26 15:55:51,133 fail2ban.transmitter [23775]: DEBUG Command: ['add', 'sshd', 'auto']
- 2020-04-26 15:55:51,134 fail2ban.jail [23775]: INFO Creating new jail 'sshd'
- 2020-04-26 15:55:51,283 fail2ban.jail [23775]: INFO Jail 'sshd' uses pyinotify {}
- 2020-04-26 15:55:51,284 fail2ban.filter [23775]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
- 2020-04-26 15:55:51,413 fail2ban.filter [23775]: DEBUG Created FilterPyinotify(Jail('sshd'))
- 2020-04-26 15:55:51,414 fail2ban.filterpyinotify[23775]: DEBUG Created FilterPyinotify
- 2020-04-26 15:55:51,415 fail2ban.jail [23775]: INFO Initiated 'pyinotify' backend
- 2020-04-26 15:55:51,419 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'usedns', 'warn']
- 2020-04-26 15:55:51,420 fail2ban.filter [23775]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
- 2020-04-26 15:55:51,422 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addlogpath', '/var/log/secure', 'head']
- 2020-04-26 15:55:51,424 fail2ban.filter [23775]: INFO Added logfile = /var/log/secure
- 2020-04-26 15:55:51,425 fail2ban.filterpyinotify[23775]: DEBUG Added monitor for the parent directory /var/log
- 2020-04-26 15:55:51,426 fail2ban.filterpyinotify[23775]: DEBUG Added file watcher for /var/log/secure
- 2020-04-26 15:55:51,428 fail2ban.datedetector [23775]: DEBUG Sorting the template list
- 2020-04-26 15:55:51,429 fail2ban.datedetector [23775]: DEBUG Winning template: (?:DAY )?MON Day 24hour:Minute:Second(?:\.Microseconds)?(?: Year)? with 0 hits
- 2020-04-26 15:55:51,431 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'maxretry', '5']
- 2020-04-26 15:55:51,432 fail2ban.filter [23775]: INFO Set maxRetry = 5
- 2020-04-26 15:55:51,434 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addignoreip', '65.182.164.0/23']
- 2020-04-26 15:55:51,435 fail2ban.filter [23775]: DEBUG Add 65.182.164.0/23 to ignore list
- 2020-04-26 15:55:51,437 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'logencoding', 'auto']
- 2020-04-26 15:55:51,438 fail2ban.filter [23775]: INFO Set jail log file encoding to UTF-8
- 2020-04-26 15:55:51,440 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'bantime', '2592000']
- 2020-04-26 15:55:51,441 fail2ban.actions [23775]: INFO Set banTime = 2592000
- 2020-04-26 15:55:51,443 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'ignorecommand', '']
- 2020-04-26 15:55:51,445 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'findtime', '2592000']
- 2020-04-26 15:55:51,446 fail2ban.filter [23775]: INFO Set findtime = 2592000
- 2020-04-26 15:55:51,448 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'maxlines', '10']
- 2020-04-26 15:55:51,449 fail2ban.filter [23775]: INFO Set maxlines = 10
- 2020-04-26 15:55:51,451 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,471 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,492 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,519 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,544 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,573 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,604 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,638 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,677 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,718 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,765 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,817 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', "^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:51,875 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
- 2020-04-26 15:55:51,942 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
- 2020-04-26 15:55:52,017 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?P<__prefix>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s$
- 2020-04-26 15:55:52,101 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:52,193 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addfailregex', '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel: \\[ *\\d+\\.\\d+\\]\\s+)?(?:@vserve$
- 2020-04-26 15:55:52,293 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addjournalmatch', '_SYSTEMD_UNIT=sshd.service', '+', '_COMM=sshd']
- 2020-04-26 15:55:52,294 fail2ban.server [23775]: INFO Jail sshd is not a JournalFilter instance
- 2020-04-26 15:55:52,296 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addaction', 'apf']
- 2020-04-26 15:55:52,297 fail2ban.CommandAction [23775]: DEBUG Set action apf timeout = 60
- 2020-04-26 15:55:52,297 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
- 2020-04-26 15:55:52,298 fail2ban.CommandAction [23775]: DEBUG Set actionban =
- 2020-04-26 15:55:52,299 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
- 2020-04-26 15:55:52,299 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
- 2020-04-26 15:55:52,300 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
- 2020-04-26 15:55:52,300 fail2ban.CommandAction [23775]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
- 2020-04-26 15:55:52,303 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionban', '/usr/local/sbin/apf --deny <ip> "banned by Fail2Ban <name>"']
- 2020-04-26 15:55:52,303 fail2ban.CommandAction [23775]: DEBUG Set actionban = /usr/local/sbin/apf --deny <ip> "banned by Fail2Ban <name>"
- 2020-04-26 15:55:52,306 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionstop', '']
- 2020-04-26 15:55:52,307 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
- 2020-04-26 15:55:52,309 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionstart', '']
- 2020-04-26 15:55:52,309 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
- 2020-04-26 15:55:52,312 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actionunban', '/usr/local/sbin/apf --remove <ip>']
- 2020-04-26 15:55:52,312 fail2ban.CommandAction [23775]: DEBUG Set actionunban = /usr/local/sbin/apf --remove <ip>
- 2020-04-26 15:55:52,315 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'actioncheck', '']
- 2020-04-26 15:55:52,315 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
- 2020-04-26 15:55:52,318 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'known/name', 'default']
- 2020-04-26 15:55:52,320 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'protocol', 'tcp']
- 2020-04-26 15:55:52,323 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'apf', 'name', 'sshd']
- 2020-04-26 15:55:52,325 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'addaction', 'sendmail-whois-lines']
- 2020-04-26 15:55:52,326 fail2ban.CommandAction [23775]: DEBUG Set action sendmail-whois-lines timeout = 60
- 2020-04-26 15:55:52,326 fail2ban.CommandAction [23775]: DEBUG Set actionstart =
- 2020-04-26 15:55:52,327 fail2ban.CommandAction [23775]: DEBUG Set actionban =
- 2020-04-26 15:55:52,327 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
- 2020-04-26 15:55:52,328 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
- 2020-04-26 15:55:52,329 fail2ban.CommandAction [23775]: DEBUG Set actionstop =
- 2020-04-26 15:55:52,329 fail2ban.CommandAction [23775]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
- 2020-04-26 15:55:52,332 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionban', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\n$
- 2020-04-26 15:55:52,332 fail2ban.CommandAction [23775]: DEBUG Set actionban = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n\n
- Here is more information about <ip> :\n
- `/usr/bin/whois <ip> || echo missing whois program`\n\n
- Lines containing IP:<ip> in <logpath>\n
- `grep -E <grepopts> '(^|[^0-9])<ip>([^0-9]|$)' <logpath>`\n\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2020-04-26 15:55:52,337 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionstop', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate:$
- 2020-04-26 15:55:52,338 fail2ban.CommandAction [23775]: DEBUG Set actionstop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
- Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2020-04-26 15:55:52,341 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionstart', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate$
- 2020-04-26 15:55:52,342 fail2ban.CommandAction [23775]: DEBUG Set actionstart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
- Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2020-04-26 15:55:52,345 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actionunban', '']
- 2020-04-26 15:55:52,346 fail2ban.CommandAction [23775]: DEBUG Set actionunban =
- 2020-04-26 15:55:52,348 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'actioncheck', '']
- 2020-04-26 15:55:52,349 fail2ban.CommandAction [23775]: DEBUG Set actioncheck =
- 2020-04-26 15:55:52,351 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/sendername', 'Fail2Ban']
- 2020-04-26 15:55:52,354 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/grepopts', '-m 1000']
- 2020-04-26 15:55:52,356 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'sender', 'admin@ics-il.net']
- 2020-04-26 15:55:52,359 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/sender', 'admin@ics-il.net']
- 2020-04-26 15:55:52,361 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'dest', 'admin@ics-il.net']
- 2020-04-26 15:55:52,364 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/dest', 'admin@ics-il.net']
- 2020-04-26 15:55:52,367 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/__name__', 'Init']
- 2020-04-26 15:55:52,369 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'logpath', '/var/log/secure']
- 2020-04-26 15:55:52,372 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/dest', 'admin@ics-il.net']
- 2020-04-26 15:55:52,374 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/sender', 'admin@ics-il.net']
- 2020-04-26 15:55:52,377 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'grepopts', '-m 1000']
- 2020-04-26 15:55:52,381 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/name', 'default']
- 2020-04-26 15:55:52,384 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/logpath', '/dev/null']
- 2020-04-26 15:55:52,387 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/sendername', 'Fail2Ban']
- 2020-04-26 15:55:52,390 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'known/known/__name__', 'Init']
- 2020-04-26 15:55:52,393 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'sendername', 'Fail2Ban']
- 2020-04-26 15:55:52,396 fail2ban.transmitter [23775]: DEBUG Command: ['set', 'sshd', 'action', 'sendmail-whois-lines', 'name', 'sshd']
- 2020-04-26 15:55:52,398 fail2ban.transmitter [23775]: DEBUG Command: ['start', 'sshd']
- 2020-04-26 15:55:52,405 fail2ban.filterpyinotify[23775]: DEBUG pyinotifier started for sshd.
- 2020-04-26 15:55:52,406 fail2ban.action [23775]: DEBUG
- 2020-04-26 15:55:52,408 fail2ban.filterpyinotify[23775]: DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/secure pathname=/var/log/secure wd=2 >
- 2020-04-26 15:55:52,409 fail2ban.action [23775]: DEBUG Nothing to do
- 2020-04-26 15:55:52,415 fail2ban.action [23775]: DEBUG printf %b "Subject: [Fail2Ban] sshd: started on `uname -n`
- Date: `LC_ALL=C date +"%a, %d %h %Y %T %z"`
- From: Fail2Ban <admin@ics-il.net>
- To: admin@ics-il.net\n
- Hi,\n
- The jail sshd has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f admin@ics-il.net admin@ics-il.net
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement