Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- 2016-02-25 22:55:08,246 fail2ban.server [19644]: INFO Stopping all jails
- 2016-02-25 22:55:08,932 fail2ban.jail [19644]: INFO Jail 'rainloop' stopped
- 2016-02-25 22:55:09,936 fail2ban.jail [19644]: INFO Jail 'ssh' stopped
- 2016-02-25 22:55:10,951 fail2ban.jail [19644]: INFO Jail 'roundcube' stopped
- 2016-02-25 22:55:11,979 fail2ban.jail [19644]: INFO Jail 'imscp' stopped
- 2016-02-25 22:55:11,980 fail2ban.server [19644]: INFO Exiting Fail2ban
- 2016-02-25 22:55:12,542 fail2ban.server [19891]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
- 2016-02-25 22:55:12,542 fail2ban.comm [19891]: DEBUG Command: ['add', 'ssh', 'auto']
- 2016-02-25 22:55:12,543 fail2ban.jail [19891]: INFO Creating new jail 'ssh'
- 2016-02-25 22:55:12,565 fail2ban.jail [19891]: INFO Jail 'ssh' uses pyinotify
- 2016-02-25 22:55:12,576 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh'))
- 2016-02-25 22:55:12,581 fail2ban.filter [19891]: DEBUG Created FilterPyinotify(Jail('ssh'))
- 2016-02-25 22:55:12,585 fail2ban.filter [19891]: DEBUG Created FilterPyinotify
- 2016-02-25 22:55:12,586 fail2ban.jail [19891]: INFO Initiated 'pyinotify' backend
- 2016-02-25 22:55:12,586 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'usedns', 'warn']
- 2016-02-25 22:55:12,586 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh'))
- 2016-02-25 22:55:12,587 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addlogpath', '/var/log/auth.log']
- 2016-02-25 22:55:12,587 fail2ban.filter [19891]: INFO Added logfile = /var/log/auth.log
- 2016-02-25 22:55:12,587 fail2ban.filter [19891]: DEBUG Added monitor for the parent directory /var/log
- 2016-02-25 22:55:12,587 fail2ban.filter [19891]: DEBUG Added file watcher for /var/log/auth.log
- 2016-02-25 22:55:12,587 fail2ban.filter.datedetector[19891]: DEBUG Sorting the template list
- 2016-02-25 22:55:12,587 fail2ban.filter.datedetector[19891]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
- 2016-02-25 22:55:12,588 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'maxretry', '6']
- 2016-02-25 22:55:12,588 fail2ban.filter [19891]: INFO Set maxRetry = 6
- 2016-02-25 22:55:12,588 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addignoreip', '127.0.0.1/8']
- 2016-02-25 22:55:12,588 fail2ban.filter [19891]: DEBUG Add 127.0.0.1/8 to ignore list
- 2016-02-25 22:55:12,589 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'ignorecommand', '']
- 2016-02-25 22:55:12,589 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'findtime', '600']
- 2016-02-25 22:55:12,589 fail2ban.filter [19891]: INFO Set findtime = 600
- 2016-02-25 22:55:12,589 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'bantime', '600']
- 2016-02-25 22:55:12,589 fail2ban.actions[19891]: INFO Set banTime = 600
- 2016-02-25 22:55:12,590 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \\S+)?\\s*$']
- 2016-02-25 22:55:12,591 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
- 2016-02-25 22:55:12,593 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Failed \\S+ for .*? from <HOST>(?: port \\d*)?(?: ssh\\d*)?(: (ruser .*|(\\S+ ID \\S+ \\(serial \\d+\\) CA )?\\S+ (?:[\\da-f]{2}:){15}[\\da-f]{2}(, client user ".*", client host ".*")?))?\\s*$']
- 2016-02-25 22:55:12,595 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
- 2016-02-25 22:55:12,597 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
- 2016-02-25 22:55:12,599 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers\\s*$']
- 2016-02-25 22:55:12,600 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because listed in DenyUsers\\s*$']
- 2016-02-25 22:55:12,602 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not in any group\\s*$']
- 2016-02-25 22:55:12,604 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
- 2016-02-25 22:55:12,606 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Received disconnect from <HOST>: 3: \\S+: Auth fail$']
- 2016-02-25 22:55:12,609 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*$']
- 2016-02-25 22:55:12,611 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addfailregex', "^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
- 2016-02-25 22:55:12,614 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'addaction', 'sendmail-whois']
- 2016-02-25 22:55:12,614 fail2ban.actions.action[19891]: DEBUG Created Action
- 2016-02-25 22:55:12,614 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere is more information about <ip>:\\n\n`/usr/bin/whois <ip> || echo missing whois program`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,614 fail2ban.actions.action[19891]: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n\n
- Here is more information about <ip>:\n
- `/usr/bin/whois <ip> || echo missing whois program`\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,615 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,615 fail2ban.actions.action[19891]: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,615 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,615 fail2ban.actions.action[19891]: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,615 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'actionunban', 'sendmail-whois', '']
- 2016-02-25 22:55:12,615 fail2ban.actions.action[19891]: DEBUG Set actionUnban =
- 2016-02-25 22:55:12,616 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'actioncheck', 'sendmail-whois', '']
- 2016-02-25 22:55:12,616 fail2ban.actions.action[19891]: DEBUG Set actionCheck =
- 2016-02-25 22:55:12,616 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'setcinfo', 'sendmail-whois', 'dest', 'info@gmail.com']
- 2016-02-25 22:55:12,616 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'setcinfo', 'sendmail-whois', 'sendername', 'Fail2Ban']
- 2016-02-25 22:55:12,617 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'setcinfo', 'sendmail-whois', 'logpath', '/var/log/auth.log']
- 2016-02-25 22:55:12,617 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'setcinfo', 'sendmail-whois', 'name', 'SSH']
- 2016-02-25 22:55:12,617 fail2ban.comm [19891]: DEBUG Command: ['set', 'ssh', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@localhost']
- 2016-02-25 22:55:12,618 fail2ban.comm [19891]: DEBUG Command: ['add', 'roundcube', 'auto']
- 2016-02-25 22:55:12,618 fail2ban.jail [19891]: INFO Creating new jail 'roundcube'
- 2016-02-25 22:55:12,618 fail2ban.jail [19891]: INFO Jail 'roundcube' uses pyinotify
- 2016-02-25 22:55:12,618 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('roundcube'))
- 2016-02-25 22:55:12,618 fail2ban.filter [19891]: DEBUG Created FilterPyinotify(Jail('roundcube'))
- 2016-02-25 22:55:12,622 fail2ban.filter [19891]: DEBUG Created FilterPyinotify
- 2016-02-25 22:55:12,622 fail2ban.jail [19891]: INFO Initiated 'pyinotify' backend
- 2016-02-25 22:55:12,622 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'usedns', 'warn']
- 2016-02-25 22:55:12,623 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('roundcube'))
- 2016-02-25 22:55:12,623 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'addlogpath', '/var/www/imscp/gui/public/tools/webmail/logs/errors']
- 2016-02-25 22:55:12,623 fail2ban.filter [19891]: INFO Added logfile = /var/www/imscp/gui/public/tools/webmail/logs/errors
- 2016-02-25 22:55:12,623 fail2ban.filter [19891]: DEBUG Added monitor for the parent directory /var/www/imscp/gui/public/tools/webmail/logs
- 2016-02-25 22:55:12,623 fail2ban.filter [19891]: DEBUG Added file watcher for /var/www/imscp/gui/public/tools/webmail/logs/errors
- 2016-02-25 22:55:12,624 fail2ban.filter.datedetector[19891]: DEBUG Sorting the template list
- 2016-02-25 22:55:12,624 fail2ban.filter.datedetector[19891]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
- 2016-02-25 22:55:12,624 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'maxretry', '6']
- 2016-02-25 22:55:12,624 fail2ban.filter [19891]: INFO Set maxRetry = 6
- 2016-02-25 22:55:12,625 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'addignoreip', '127.0.0.1/8']
- 2016-02-25 22:55:12,625 fail2ban.filter [19891]: DEBUG Add 127.0.0.1/8 to ignore list
- 2016-02-25 22:55:12,625 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'ignorecommand', '']
- 2016-02-25 22:55:12,625 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'findtime', '600']
- 2016-02-25 22:55:12,626 fail2ban.filter [19891]: INFO Set findtime = 600
- 2016-02-25 22:55:12,626 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'bantime', '600']
- 2016-02-25 22:55:12,626 fail2ban.actions[19891]: INFO Set banTime = 600
- 2016-02-25 22:55:12,626 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'addfailregex', '.*Error: Login failed for .* from <HOST>\\..*']
- 2016-02-25 22:55:12,627 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'addaction', 'sendmail-whois']
- 2016-02-25 22:55:12,628 fail2ban.actions.action[19891]: DEBUG Created Action
- 2016-02-25 22:55:12,628 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere is more information about <ip>:\\n\n`/usr/bin/whois <ip> || echo missing whois program`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,628 fail2ban.actions.action[19891]: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n\n
- Here is more information about <ip>:\n
- `/usr/bin/whois <ip> || echo missing whois program`\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,629 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,629 fail2ban.actions.action[19891]: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,629 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,629 fail2ban.actions.action[19891]: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,630 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'actionunban', 'sendmail-whois', '']
- 2016-02-25 22:55:12,630 fail2ban.actions.action[19891]: DEBUG Set actionUnban =
- 2016-02-25 22:55:12,630 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'actioncheck', 'sendmail-whois', '']
- 2016-02-25 22:55:12,630 fail2ban.actions.action[19891]: DEBUG Set actionCheck =
- 2016-02-25 22:55:12,631 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'setcinfo', 'sendmail-whois', 'dest', 'info@gmail.com']
- 2016-02-25 22:55:12,631 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'setcinfo', 'sendmail-whois', 'sendername', 'Fail2Ban']
- 2016-02-25 22:55:12,631 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'setcinfo', 'sendmail-whois', 'logpath', '/var/www/imscp/gui/public/tools/webmail/logs/errors']
- 2016-02-25 22:55:12,632 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'setcinfo', 'sendmail-whois', 'name', 'roundcube']
- 2016-02-25 22:55:12,632 fail2ban.comm [19891]: DEBUG Command: ['set', 'roundcube', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@localhost']
- 2016-02-25 22:55:12,633 fail2ban.comm [19891]: DEBUG Command: ['add', 'rainloop', 'auto']
- 2016-02-25 22:55:12,633 fail2ban.jail [19891]: INFO Creating new jail 'rainloop'
- 2016-02-25 22:55:12,633 fail2ban.jail [19891]: INFO Jail 'rainloop' uses pyinotify
- 2016-02-25 22:55:12,633 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('rainloop'))
- 2016-02-25 22:55:12,633 fail2ban.filter [19891]: DEBUG Created FilterPyinotify(Jail('rainloop'))
- 2016-02-25 22:55:12,638 fail2ban.filter [19891]: DEBUG Created FilterPyinotify
- 2016-02-25 22:55:12,638 fail2ban.jail [19891]: INFO Initiated 'pyinotify' backend
- 2016-02-25 22:55:12,639 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'usedns', 'warn']
- 2016-02-25 22:55:12,639 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('rainloop'))
- 2016-02-25 22:55:12,640 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'addlogpath', '/var/log/nginx/access.log']
- 2016-02-25 22:55:12,640 fail2ban.filter [19891]: INFO Added logfile = /var/log/nginx/access.log
- 2016-02-25 22:55:12,640 fail2ban.filter [19891]: DEBUG Added monitor for the parent directory /var/log/nginx
- 2016-02-25 22:55:12,641 fail2ban.filter [19891]: DEBUG Added file watcher for /var/log/nginx/access.log
- 2016-02-25 22:55:12,641 fail2ban.filter.datedetector[19891]: DEBUG Sorting the template list
- 2016-02-25 22:55:12,641 fail2ban.filter.datedetector[19891]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
- 2016-02-25 22:55:12,642 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'maxretry', '6']
- 2016-02-25 22:55:12,642 fail2ban.filter [19891]: INFO Set maxRetry = 6
- 2016-02-25 22:55:12,642 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'addignoreip', '127.0.0.1/8']
- 2016-02-25 22:55:12,642 fail2ban.filter [19891]: DEBUG Add 127.0.0.1/8 to ignore list
- 2016-02-25 22:55:12,643 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'ignorecommand', '']
- 2016-02-25 22:55:12,643 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'findtime', '600']
- 2016-02-25 22:55:12,643 fail2ban.filter [19891]: INFO Set findtime = 600
- 2016-02-25 22:55:12,644 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'bantime', '600']
- 2016-02-25 22:55:12,644 fail2ban.actions[19891]: INFO Set banTime = 600
- 2016-02-25 22:55:12,644 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'addfailregex', '^<HOST> -.*POST /rainloop/index.php\\?/Ajax/0/ HTTP/1.1" 200']
- 2016-02-25 22:55:12,645 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'addaction', 'iptables-multiport']
- 2016-02-25 22:55:12,645 fail2ban.actions.action[19891]: DEBUG Created Action
- 2016-02-25 22:55:12,646 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
- 2016-02-25 22:55:12,646 fail2ban.actions.action[19891]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
- 2016-02-25 22:55:12,646 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
- 2016-02-25 22:55:12,647 fail2ban.actions.action[19891]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
- iptables -F fail2ban-<name>
- iptables -X fail2ban-<name>
- 2016-02-25 22:55:12,647 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
- 2016-02-25 22:55:12,647 fail2ban.actions.action[19891]: DEBUG Set actionStart = iptables -N fail2ban-<name>
- iptables -A fail2ban-<name> -j RETURN
- iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
- 2016-02-25 22:55:12,648 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
- 2016-02-25 22:55:12,648 fail2ban.actions.action[19891]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
- 2016-02-25 22:55:12,648 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
- 2016-02-25 22:55:12,648 fail2ban.actions.action[19891]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
- 2016-02-25 22:55:12,649 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
- 2016-02-25 22:55:12,649 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
- 2016-02-25 22:55:12,649 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'setcinfo', 'iptables-multiport', 'name', 'rainloop']
- 2016-02-25 22:55:12,650 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
- 2016-02-25 22:55:12,650 fail2ban.comm [19891]: DEBUG Command: ['set', 'rainloop', 'setcinfo', 'iptables-multiport', 'port', '8080,4443']
- 2016-02-25 22:55:12,650 fail2ban.comm [19891]: DEBUG Command: ['add', 'imscp', 'auto']
- 2016-02-25 22:55:12,651 fail2ban.jail [19891]: INFO Creating new jail 'imscp'
- 2016-02-25 22:55:12,651 fail2ban.jail [19891]: INFO Jail 'imscp' uses pyinotify
- 2016-02-25 22:55:12,651 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('imscp'))
- 2016-02-25 22:55:12,651 fail2ban.filter [19891]: DEBUG Created FilterPyinotify(Jail('imscp'))
- 2016-02-25 22:55:12,655 fail2ban.filter [19891]: DEBUG Created FilterPyinotify
- 2016-02-25 22:55:12,655 fail2ban.jail [19891]: INFO Initiated 'pyinotify' backend
- 2016-02-25 22:55:12,656 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'usedns', 'warn']
- 2016-02-25 22:55:12,656 fail2ban.filter [19891]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('imscp'))
- 2016-02-25 22:55:12,656 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'addlogpath', '/var/log/nginx/error.log']
- 2016-02-25 22:55:12,657 fail2ban.filter [19891]: INFO Added logfile = /var/log/nginx/error.log
- 2016-02-25 22:55:12,657 fail2ban.filter [19891]: DEBUG Added monitor for the parent directory /var/log/nginx
- 2016-02-25 22:55:12,657 fail2ban.filter [19891]: DEBUG Added file watcher for /var/log/nginx/error.log
- 2016-02-25 22:55:12,657 fail2ban.filter.datedetector[19891]: DEBUG Sorting the template list
- 2016-02-25 22:55:12,658 fail2ban.filter.datedetector[19891]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
- 2016-02-25 22:55:12,658 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'maxretry', '6']
- 2016-02-25 22:55:12,658 fail2ban.filter [19891]: INFO Set maxRetry = 6
- 2016-02-25 22:55:12,658 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'addignoreip', '127.0.0.1/8']
- 2016-02-25 22:55:12,659 fail2ban.filter [19891]: DEBUG Add 127.0.0.1/8 to ignore list
- 2016-02-25 22:55:12,659 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'ignorecommand', '']
- 2016-02-25 22:55:12,659 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'findtime', '600']
- 2016-02-25 22:55:12,659 fail2ban.filter [19891]: INFO Set findtime = 600
- 2016-02-25 22:55:12,660 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'bantime', '600']
- 2016-02-25 22:55:12,660 fail2ban.actions[19891]: INFO Set banTime = 600
- 2016-02-25 22:55:12,660 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'addfailregex', '^ \\[error\\] \\d+#\\d+: \\*\\d+ user "\\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \\S+, request: "\\S+ \\S+ HTTP/\\d+\\.\\d+", host: "\\S+"\\s*$']
- 2016-02-25 22:55:12,662 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'addaction', 'sendmail-whois']
- 2016-02-25 22:55:12,662 fail2ban.actions.action[19891]: DEBUG Created Action
- 2016-02-25 22:55:12,662 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere is more information about <ip>:\\n\n`/usr/bin/whois <ip> || echo missing whois program`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,663 fail2ban.actions.action[19891]: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The IP <ip> has just been banned by Fail2Ban after
- <failures> attempts against <name>.\n\n
- Here is more information about <ip>:\n
- `/usr/bin/whois <ip> || echo missing whois program`\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,663 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,663 fail2ban.actions.action[19891]: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been stopped.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,664 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
- 2016-02-25 22:55:12,664 fail2ban.actions.action[19891]: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: <sendername> <<sender>>
- To: <dest>\n
- Hi,\n
- The jail <name> has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
- 2016-02-25 22:55:12,664 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'actionunban', 'sendmail-whois', '']
- 2016-02-25 22:55:12,664 fail2ban.actions.action[19891]: DEBUG Set actionUnban =
- 2016-02-25 22:55:12,665 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'actioncheck', 'sendmail-whois', '']
- 2016-02-25 22:55:12,665 fail2ban.actions.action[19891]: DEBUG Set actionCheck =
- 2016-02-25 22:55:12,665 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'setcinfo', 'sendmail-whois', 'dest', 'info@gmail.com']
- 2016-02-25 22:55:12,666 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'setcinfo', 'sendmail-whois', 'sendername', 'Fail2Ban']
- 2016-02-25 22:55:12,666 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'setcinfo', 'sendmail-whois', 'logpath', '/var/log/nginx/*error.log']
- 2016-02-25 22:55:12,666 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'setcinfo', 'sendmail-whois', 'name', 'imscp']
- 2016-02-25 22:55:12,667 fail2ban.comm [19891]: DEBUG Command: ['set', 'imscp', 'setcinfo', 'sendmail-whois', 'sender', 'fail2ban@localhost']
- 2016-02-25 22:55:12,667 fail2ban.comm [19891]: DEBUG Command: ['start', 'ssh']
- 2016-02-25 22:55:12,668 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] SSH: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail SSH has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com
- 2016-02-25 22:55:12,668 fail2ban.jail [19891]: INFO Jail 'ssh' started
- 2016-02-25 22:55:12,668 fail2ban.filter [19891]: DEBUG pyinotifier started for ssh.
- 2016-02-25 22:55:12,670 fail2ban.comm [19891]: DEBUG Command: ['start', 'roundcube']
- 2016-02-25 22:55:12,670 fail2ban.jail [19891]: INFO Jail 'roundcube' started
- 2016-02-25 22:55:12,670 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] roundcube: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail roundcube has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com
- 2016-02-25 22:55:12,671 fail2ban.filter [19891]: DEBUG pyinotifier started for roundcube.
- 2016-02-25 22:55:12,671 fail2ban.comm [19891]: DEBUG Command: ['start', 'rainloop']
- 2016-02-25 22:55:12,672 fail2ban.filter [19891]: DEBUG pyinotifier started for rainloop.
- 2016-02-25 22:55:12,672 fail2ban.actions.action[19891]: DEBUG iptables -N fail2ban-rainloop
- iptables -A fail2ban-rainloop -j RETURN
- iptables -I INPUT -p tcp -m multiport --dports 8080,4443 -j fail2ban-rainloop
- 2016-02-25 22:55:12,672 fail2ban.jail [19891]: INFO Jail 'rainloop' started
- 2016-02-25 22:55:12,673 fail2ban.comm [19891]: DEBUG Command: ['start', 'imscp']
- 2016-02-25 22:55:12,673 fail2ban.jail [19891]: INFO Jail 'imscp' started
- 2016-02-25 22:55:12,673 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] imscp: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail imscp has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com
- 2016-02-25 22:55:12,674 fail2ban.filter [19891]: DEBUG pyinotifier started for imscp.
- 2016-02-25 22:55:12,685 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] SSH: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail SSH has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com returned successfully
- 2016-02-25 22:55:12,754 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] roundcube: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail roundcube has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com returned successfully
- 2016-02-25 22:55:12,760 fail2ban.actions.action[19891]: DEBUG iptables -N fail2ban-rainloop
- iptables -A fail2ban-rainloop -j RETURN
- iptables -I INPUT -p tcp -m multiport --dports 8080,4443 -j fail2ban-rainloop returned successfully
- 2016-02-25 22:55:12,778 fail2ban.actions.action[19891]: DEBUG printf %b "Subject: [Fail2Ban] imscp: started on `uname -n`
- Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
- From: Fail2Ban <fail2ban@localhost>
- To: info@gmail.com\n
- Hi,\n
- The jail imscp has been started successfully.\n
- Regards,\n
- Fail2Ban" | /usr/sbin/sendmail -f fail2ban@localhost info@gmail.com returned successfully
- 2016-02-25 22:55:47,229 fail2ban.comm [19891]: DEBUG Command: ['postfix']
- 2016-02-25 22:55:47,230 fail2ban.comm [19891]: WARNING Command ['postfix'] has failed. Received Exception('Invalid command',)
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement