API tools faq
paste
mchub

fail2ban log

mchub
Dec 5th, 2014
235
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 117.94 KB | None | 0 0
raw download clone embed print report
  1. 2014-12-05 10:39:13,494 fail2ban.actions.action[1088]: ERROR iptables -D INPUT -p tcp --dport ssh -j fail2ban-SSH
  2. iptables -F fail2ban-SSH
  3. iptables -X fail2ban-SSH returned 100
  4. 2014-12-05 10:39:18,057 fail2ban.server [1362]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.14
  5. 2014-12-05 10:39:18,058 fail2ban.comm [1362]: DEBUG Command: ['add', 'dovecot-auth', 'auto']
  6. 2014-12-05 10:39:18,058 fail2ban.jail [1362]: INFO Creating new jail 'dovecot-auth'
  7. 2014-12-05 10:39:18,118 fail2ban.jail [1362]: INFO Jail 'dovecot-auth' uses pyinotify
  8. 2014-12-05 10:39:18,126 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-auth'))
  9. 2014-12-05 10:39:18,137 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('dovecot-auth'))
  10. 2014-12-05 10:39:18,137 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  11. 2014-12-05 10:39:18,137 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  12. 2014-12-05 10:39:18,138 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'usedns', 'warn']
  13. 2014-12-05 10:39:18,138 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot-auth'))
  14. 2014-12-05 10:39:18,138 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addlogpath', '/var/log/secure']
  15. 2014-12-05 10:39:18,139 fail2ban.filter [1362]: INFO Added logfile = /var/log/secure
  16. 2014-12-05 10:39:18,139 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  17. 2014-12-05 10:39:18,139 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/secure
  18. 2014-12-05 10:39:18,139 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  19. 2014-12-05 10:39:18,139 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  20. 2014-12-05 10:39:18,140 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'maxretry', '3']
  21. 2014-12-05 10:39:18,140 fail2ban.filter [1362]: INFO Set maxRetry = 3
  22. 2014-12-05 10:39:18,140 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addignoreip', '127.0.0.1/8']
  23. 2014-12-05 10:39:18,141 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  24. 2014-12-05 10:39:18,141 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'ignorecommand', '']
  25. 2014-12-05 10:39:18,142 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'findtime', '600']
  26. 2014-12-05 10:39:18,142 fail2ban.filter [1362]: INFO Set findtime = 600
  27. 2014-12-05 10:39:18,143 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'bantime', '600']
  28. 2014-12-05 10:39:18,143 fail2ban.actions[1362]: INFO Set banTime = 600
  29. 2014-12-05 10:39:18,143 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pam_unix(\\(dovecot:auth\\))?:)?\\s+authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=dovecot ruser=\\S* rhost=<HOST>(\\s+user=\\S*)?\\s*$']
  30. 2014-12-05 10:39:18,149 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \\(((auth failed, \\d+ attempts)( in \\d+ secs)?|tried to use (disabled|disallowed) \\S+ auth)\\):( user=<\\S*>,)?( method=\\S+,)? rip=<HOST>(, lip=(\\d{1,3}\\.){3}\\d{1,3})?(, TLS( handshaking(: SSL_accept\\(\\) failed: error:[\\dA-F]+:SSL routines:[TLS\\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\\S+>)?\\s*$']
  31. 2014-12-05 10:39:18,158 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(Info|dovecot: auth\\(default\\)): pam\\(\\S+,<HOST>\\): pam_authenticate\\(\\) failed: (User not known to the underlying authentication module: \\d+ Time\\(s\\)|Authentication failure \\(password mismatch\\?\\))\\s*$']
  32. 2014-12-05 10:39:18,166 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'addaction', 'iptables-multiport']
  33. 2014-12-05 10:39:18,166 fail2ban.actions.action[1362]: DEBUG Created Action
  34. 2014-12-05 10:39:18,167 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  35. 2014-12-05 10:39:18,167 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  36. 2014-12-05 10:39:18,167 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  37. 2014-12-05 10:39:18,167 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  38. iptables -F fail2ban-<name>
  39. iptables -X fail2ban-<name>
  40. 2014-12-05 10:39:18,168 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  41. 2014-12-05 10:39:18,168 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  42. iptables -A fail2ban-<name> -j RETURN
  43. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  44. 2014-12-05 10:39:18,169 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  45. 2014-12-05 10:39:18,169 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  46. 2014-12-05 10:39:18,169 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  47. 2014-12-05 10:39:18,169 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  48. 2014-12-05 10:39:18,170 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  49. 2014-12-05 10:39:18,170 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  50. 2014-12-05 10:39:18,171 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'setcinfo', 'iptables-multiport', 'name', 'dovecot-auth']
  51. 2014-12-05 10:39:18,171 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  52. 2014-12-05 10:39:18,172 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot-auth', 'setcinfo', 'iptables-multiport', 'port', 'pop3,pop3s,imap,imaps,submission,465,sieve']
  53. 2014-12-05 10:39:18,172 fail2ban.comm [1362]: DEBUG Command: ['add', 'selinux-ssh', 'auto']
  54. 2014-12-05 10:39:18,172 fail2ban.jail [1362]: INFO Creating new jail 'selinux-ssh'
  55. 2014-12-05 10:39:18,173 fail2ban.jail [1362]: INFO Jail 'selinux-ssh' uses pyinotify
  56. 2014-12-05 10:39:18,173 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('selinux-ssh'))
  57. 2014-12-05 10:39:18,173 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('selinux-ssh'))
  58. 2014-12-05 10:39:18,173 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  59. 2014-12-05 10:39:18,173 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  60. 2014-12-05 10:39:18,174 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'usedns', 'warn']
  61. 2014-12-05 10:39:18,174 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('selinux-ssh'))
  62. 2014-12-05 10:39:18,174 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'addlogpath', '/var/log/audit/audit.log']
  63. 2014-12-05 10:39:18,175 fail2ban.filter [1362]: INFO Added logfile = /var/log/audit/audit.log
  64. 2014-12-05 10:39:18,175 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log/audit
  65. 2014-12-05 10:39:18,175 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/audit/audit.log
  66. 2014-12-05 10:39:18,175 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  67. 2014-12-05 10:39:18,175 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  68. 2014-12-05 10:39:18,176 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'maxretry', '5']
  69. 2014-12-05 10:39:18,176 fail2ban.filter [1362]: INFO Set maxRetry = 5
  70. 2014-12-05 10:39:18,177 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'addignoreip', '127.0.0.1/8']
  71. 2014-12-05 10:39:18,177 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  72. 2014-12-05 10:39:18,177 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'ignorecommand', '']
  73. 2014-12-05 10:39:18,178 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'findtime', '600']
  74. 2014-12-05 10:39:18,178 fail2ban.filter [1362]: INFO Set findtime = 600
  75. 2014-12-05 10:39:18,178 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'bantime', '600']
  76. 2014-12-05 10:39:18,179 fail2ban.actions[1362]: INFO Set banTime = 600
  77. 2014-12-05 10:39:18,179 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'addfailregex', '^type=USER_(ERR|AUTH) msg=audit\\(:\\d+\\): (user )?pid=\\d+ uid=0 auid=\\d+ ses=\\d+ subj=(?:unconfined_u|system_u):system_r:sshd_t:s0-s0:c0\\.c1023 msg=\'op=\\S+ acct=(?P<_quote_acct>"?)\\S+(?P=_quote_acct) exe="/usr/sbin/sshd" hostname=(\\?|(\\d+\\.){3}\\d+) addr=<HOST> terminal=ssh res=failed\'$']
  78. 2014-12-05 10:39:18,182 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'addaction', 'iptables']
  79. 2014-12-05 10:39:18,182 fail2ban.actions.action[1362]: DEBUG Created Action
  80. 2014-12-05 10:39:18,183 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  81. 2014-12-05 10:39:18,183 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  82. 2014-12-05 10:39:18,184 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  83. 2014-12-05 10:39:18,184 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  84. iptables -F fail2ban-<name>
  85. iptables -X fail2ban-<name>
  86. 2014-12-05 10:39:18,184 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
  87. 2014-12-05 10:39:18,185 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  88. iptables -A fail2ban-<name> -j RETURN
  89. iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  90. 2014-12-05 10:39:18,185 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  91. 2014-12-05 10:39:18,185 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  92. 2014-12-05 10:39:18,186 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  93. 2014-12-05 10:39:18,186 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  94. 2014-12-05 10:39:18,186 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  95. 2014-12-05 10:39:18,187 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'setcinfo', 'iptables', 'protocol', 'tcp']
  96. 2014-12-05 10:39:18,188 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'setcinfo', 'iptables', 'name', 'SELINUX-SSH']
  97. 2014-12-05 10:39:18,188 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'setcinfo', 'iptables', 'chain', 'INPUT']
  98. 2014-12-05 10:39:18,188 fail2ban.comm [1362]: DEBUG Command: ['set', 'selinux-ssh', 'setcinfo', 'iptables', 'port', 'ssh']
  99. 2014-12-05 10:39:18,189 fail2ban.comm [1362]: DEBUG Command: ['add', 'ssh-iptables', 'auto']
  100. 2014-12-05 10:39:18,189 fail2ban.jail [1362]: INFO Creating new jail 'ssh-iptables'
  101. 2014-12-05 10:39:18,190 fail2ban.jail [1362]: INFO Jail 'ssh-iptables' uses pyinotify
  102. 2014-12-05 10:39:18,190 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables'))
  103. 2014-12-05 10:39:18,190 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('ssh-iptables'))
  104. 2014-12-05 10:39:18,190 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  105. 2014-12-05 10:39:18,190 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  106. 2014-12-05 10:39:18,191 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'usedns', 'warn']
  107. 2014-12-05 10:39:18,191 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-iptables'))
  108. 2014-12-05 10:39:18,192 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addlogpath', '/var/log/secure']
  109. 2014-12-05 10:39:18,192 fail2ban.filter [1362]: INFO Added logfile = /var/log/secure
  110. 2014-12-05 10:39:18,192 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  111. 2014-12-05 10:39:18,192 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/secure
  112. 2014-12-05 10:39:18,193 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  113. 2014-12-05 10:39:18,193 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  114. 2014-12-05 10:39:18,193 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'maxretry', '5']
  115. 2014-12-05 10:39:18,194 fail2ban.filter [1362]: INFO Set maxRetry = 5
  116. 2014-12-05 10:39:18,194 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8']
  117. 2014-12-05 10:39:18,194 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  118. 2014-12-05 10:39:18,195 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'ignorecommand', '']
  119. 2014-12-05 10:39:18,195 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'findtime', '600']
  120. 2014-12-05 10:39:18,196 fail2ban.filter [1362]: INFO Set findtime = 600
  121. 2014-12-05 10:39:18,196 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'bantime', '600']
  122. 2014-12-05 10:39:18,196 fail2ban.actions[1362]: INFO Set banTime = 600
  123. 2014-12-05 10:39:18,197 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \\S+)?\\s*$']
  124. 2014-12-05 10:39:18,202 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
  125. 2014-12-05 10:39:18,206 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Failed \\S+ for .*? from <HOST>(?: port \\d*)?(?: ssh\\d*)?(: (ruser .*|(\\S+ ID \\S+ \\(serial \\d+\\) CA )?\\S+ (?:[\\da-f]{2}:){15}[\\da-f]{2}(, client user ".*", client host ".*")?))?\\s*$']
  126. 2014-12-05 10:39:18,213 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
  127. 2014-12-05 10:39:18,219 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
  128. 2014-12-05 10:39:18,226 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers\\s*$']
  129. 2014-12-05 10:39:18,234 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because listed in DenyUsers\\s*$']
  130. 2014-12-05 10:39:18,244 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not in any group\\s*$']
  131. 2014-12-05 10:39:18,255 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
  132. 2014-12-05 10:39:18,267 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Received disconnect from <HOST>: 3: \\S+: Auth fail$']
  133. 2014-12-05 10:39:18,286 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*$']
  134. 2014-12-05 10:39:18,303 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', "^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
  135. 2014-12-05 10:39:18,323 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addaction', 'iptables']
  136. 2014-12-05 10:39:18,323 fail2ban.actions.action[1362]: DEBUG Created Action
  137. 2014-12-05 10:39:18,324 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  138. 2014-12-05 10:39:18,324 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  139. 2014-12-05 10:39:18,324 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  140. 2014-12-05 10:39:18,324 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  141. iptables -F fail2ban-<name>
  142. iptables -X fail2ban-<name>
  143. 2014-12-05 10:39:18,325 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
  144. 2014-12-05 10:39:18,325 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  145. iptables -A fail2ban-<name> -j RETURN
  146. iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  147. 2014-12-05 10:39:18,325 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  148. 2014-12-05 10:39:18,326 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  149. 2014-12-05 10:39:18,326 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  150. 2014-12-05 10:39:18,326 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  151. 2014-12-05 10:39:18,327 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  152. 2014-12-05 10:39:18,327 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
  153. 2014-12-05 10:39:18,328 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']
  154. 2014-12-05 10:39:18,328 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']
  155. 2014-12-05 10:39:18,329 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh']
  156. 2014-12-05 10:39:18,329 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'addaction', 'sendmail-whois']
  157. 2014-12-05 10:39:18,329 fail2ban.actions.action[1362]: DEBUG Created Action
  158. 2014-12-05 10:39:18,330 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere is more information about <ip>:\\n\n`/usr/bin/whois <ip> || echo missing whois program`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  159. 2014-12-05 10:39:18,330 fail2ban.actions.action[1362]: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
  160. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  161. From: <sendername> <<sender>>
  162. To: <dest>\n
  163. Hi,\n
  164. The IP <ip> has just been banned by Fail2Ban after
  165. <failures> attempts against <name>.\n\n
  166. Here is more information about <ip>:\n
  167. `/usr/bin/whois <ip> || echo missing whois program`\n
  168. Regards,\n
  169. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  170. 2014-12-05 10:39:18,331 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  171. 2014-12-05 10:39:18,331 fail2ban.actions.action[1362]: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
  172. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  173. From: <sendername> <<sender>>
  174. To: <dest>\n
  175. Hi,\n
  176. The jail <name> has been stopped.\n
  177. Regards,\n
  178. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  179. 2014-12-05 10:39:18,332 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  180. 2014-12-05 10:39:18,332 fail2ban.actions.action[1362]: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
  181. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  182. From: <sendername> <<sender>>
  183. To: <dest>\n
  184. Hi,\n
  185. The jail <name> has been started successfully.\n
  186. Regards,\n
  187. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  188. 2014-12-05 10:39:18,333 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actionunban', 'sendmail-whois', '']
  189. 2014-12-05 10:39:18,333 fail2ban.actions.action[1362]: DEBUG Set actionUnban =
  190. 2014-12-05 10:39:18,333 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'actioncheck', 'sendmail-whois', '']
  191. 2014-12-05 10:39:18,333 fail2ban.actions.action[1362]: DEBUG Set actionCheck =
  192. 2014-12-05 10:39:18,334 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'dest', '[email protected]']
  193. 2014-12-05 10:39:18,334 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'sendername', 'Fail2Ban']
  194. 2014-12-05 10:39:18,335 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'name', 'SSH']
  195. 2014-12-05 10:39:18,335 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'sendmail-whois', 'sender', '[email protected]']
  196. 2014-12-05 10:39:18,335 fail2ban.comm [1362]: DEBUG Command: ['add', 'exim', 'auto']
  197. 2014-12-05 10:39:18,336 fail2ban.jail [1362]: INFO Creating new jail 'exim'
  198. 2014-12-05 10:39:18,336 fail2ban.jail [1362]: INFO Jail 'exim' uses pyinotify
  199. 2014-12-05 10:39:18,336 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('exim'))
  200. 2014-12-05 10:39:18,336 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('exim'))
  201. 2014-12-05 10:39:18,336 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  202. 2014-12-05 10:39:18,337 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  203. 2014-12-05 10:39:18,337 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'usedns', 'warn']
  204. 2014-12-05 10:39:18,337 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('exim'))
  205. 2014-12-05 10:39:18,338 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addlogpath', '/var/log/exim_mainlog']
  206. 2014-12-05 10:39:18,338 fail2ban.filter [1362]: INFO Added logfile = /var/log/exim_mainlog
  207. 2014-12-05 10:39:18,338 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  208. 2014-12-05 10:39:18,338 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/exim_mainlog
  209. 2014-12-05 10:39:18,338 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  210. 2014-12-05 10:39:18,339 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  211. 2014-12-05 10:39:18,339 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'maxretry', '3']
  212. 2014-12-05 10:39:18,339 fail2ban.filter [1362]: INFO Set maxRetry = 3
  213. 2014-12-05 10:39:18,340 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addignoreip', '127.0.0.1/8']
  214. 2014-12-05 10:39:18,340 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  215. 2014-12-05 10:39:18,340 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'ignorecommand', '']
  216. 2014-12-05 10:39:18,341 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'findtime', '600']
  217. 2014-12-05 10:39:18,341 fail2ban.filter [1362]: INFO Set findtime = 600
  218. 2014-12-05 10:39:18,341 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'bantime', '600']
  219. 2014-12-05 10:39:18,341 fail2ban.actions[1362]: INFO Set banTime = 600
  220. 2014-12-05 10:39:18,342 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addfailregex', '^( \\[\\d+\\])? H=([\\w.-]+ )?(\\(\\S+\\) )?\\[<HOST>\\](:\\d+)? (I=\\[\\S+\\]:\\d+ )?(U=\\S+ )?(P=e?smtp )?sender verify fail for <\\S+>: (?:Unknown user|Unrouteable address|all relevant MX records point to non-existent hosts)\\s*$']
  221. 2014-12-05 10:39:18,345 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addfailregex', '^( \\[\\d+\\])? \\w+ authenticator failed for (\\S+ )?\\(\\S+\\) \\[<HOST>\\]: 535 Incorrect authentication data( \\(set_id=.*\\)|: \\d+ Time\\(s\\))?\\s*$']
  222. 2014-12-05 10:39:18,347 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addfailregex', '^( \\[\\d+\\])? H=([\\w.-]+ )?(\\(\\S+\\) )?\\[<HOST>\\](:\\d+)? (I=\\[\\S+\\]:\\d+ )?(U=\\S+ )?(P=e?smtp )?F=(<>|[^@]+@\\S+) rejected RCPT [^@]+@\\S+: (relay not permitted|Sender verify failed|Unknown user)\\s*$']
  223. 2014-12-05 10:39:18,351 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addfailregex', '^( \\[\\d+\\])? SMTP protocol synchronization error \\([^)]*\\): rejected (connection from|"\\S+") H=([\\w.-]+ )?(\\(\\S+\\) )?\\[<HOST>\\](:\\d+)? (I=\\[\\S+\\]:\\d+ )?(U=\\S+ )?(P=e?smtp )?(next )?input=".*"\\s*$']
  224. 2014-12-05 10:39:18,355 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addfailregex', '^( \\[\\d+\\])? SMTP call from \\S+ \\[<HOST>\\](:\\d+)? (I=\\[\\S+\\]:\\d+ )?dropped: too many nonmail commands \\(last was "\\S+"\\)\\s*$']
  225. 2014-12-05 10:39:18,358 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'addaction', 'iptables-multiport']
  226. 2014-12-05 10:39:18,358 fail2ban.actions.action[1362]: DEBUG Created Action
  227. 2014-12-05 10:39:18,359 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  228. 2014-12-05 10:39:18,359 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  229. 2014-12-05 10:39:18,359 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  230. 2014-12-05 10:39:18,359 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  231. iptables -F fail2ban-<name>
  232. iptables -X fail2ban-<name>
  233. 2014-12-05 10:39:18,360 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  234. 2014-12-05 10:39:18,360 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  235. iptables -A fail2ban-<name> -j RETURN
  236. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  237. 2014-12-05 10:39:18,361 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  238. 2014-12-05 10:39:18,361 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  239. 2014-12-05 10:39:18,361 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  240. 2014-12-05 10:39:18,361 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  241. 2014-12-05 10:39:18,362 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  242. 2014-12-05 10:39:18,362 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  243. 2014-12-05 10:39:18,363 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'setcinfo', 'iptables-multiport', 'name', 'exim']
  244. 2014-12-05 10:39:18,363 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  245. 2014-12-05 10:39:18,364 fail2ban.comm [1362]: DEBUG Command: ['set', 'exim', 'setcinfo', 'iptables-multiport', 'port', '25,465,587']
  246. 2014-12-05 10:39:18,364 fail2ban.comm [1362]: DEBUG Command: ['add', 'ssh-blocklist', 'auto']
  247. 2014-12-05 10:39:18,364 fail2ban.jail [1362]: INFO Creating new jail 'ssh-blocklist'
  248. 2014-12-05 10:39:18,364 fail2ban.jail [1362]: INFO Jail 'ssh-blocklist' uses pyinotify
  249. 2014-12-05 10:39:18,365 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-blocklist'))
  250. 2014-12-05 10:39:18,365 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('ssh-blocklist'))
  251. 2014-12-05 10:39:18,365 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  252. 2014-12-05 10:39:18,365 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  253. 2014-12-05 10:39:18,366 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'usedns', 'warn']
  254. 2014-12-05 10:39:18,366 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-blocklist'))
  255. 2014-12-05 10:39:18,366 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addlogpath', '/var/log/secure']
  256. 2014-12-05 10:39:18,367 fail2ban.filter [1362]: INFO Added logfile = /var/log/secure
  257. 2014-12-05 10:39:18,367 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  258. 2014-12-05 10:39:18,367 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/secure
  259. 2014-12-05 10:39:18,367 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  260. 2014-12-05 10:39:18,367 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  261. 2014-12-05 10:39:18,368 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'maxretry', '20']
  262. 2014-12-05 10:39:18,368 fail2ban.filter [1362]: INFO Set maxRetry = 20
  263. 2014-12-05 10:39:18,368 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addignoreip', '127.0.0.1/8']
  264. 2014-12-05 10:39:18,369 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  265. 2014-12-05 10:39:18,369 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'ignorecommand', '']
  266. 2014-12-05 10:39:18,369 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'findtime', '600']
  267. 2014-12-05 10:39:18,370 fail2ban.filter [1362]: INFO Set findtime = 600
  268. 2014-12-05 10:39:18,370 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'bantime', '600']
  269. 2014-12-05 10:39:18,370 fail2ban.actions[1362]: INFO Set banTime = 600
  270. 2014-12-05 10:39:18,371 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?[aA]uthentication (?:failure|error) for .* from <HOST>( via \\S+)?\\s*$']
  271. 2014-12-05 10:39:18,371 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
  272. 2014-12-05 10:39:18,372 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Failed \\S+ for .*? from <HOST>(?: port \\d*)?(?: ssh\\d*)?(: (ruser .*|(\\S+ ID \\S+ \\(serial \\d+\\) CA )?\\S+ (?:[\\da-f]{2}:){15}[\\da-f]{2}(, client user ".*", client host ".*")?))?\\s*$']
  273. 2014-12-05 10:39:18,375 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
  274. 2014-12-05 10:39:18,378 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
  275. 2014-12-05 10:39:18,382 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers\\s*$']
  276. 2014-12-05 10:39:18,387 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because listed in DenyUsers\\s*$']
  277. 2014-12-05 10:39:18,394 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because not in any group\\s*$']
  278. 2014-12-05 10:39:18,403 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
  279. 2014-12-05 10:39:18,413 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Received disconnect from <HOST>: 3: \\S+: Auth fail$']
  280. 2014-12-05 10:39:18,425 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because a group is listed in DenyGroups\\s*$']
  281. 2014-12-05 10:39:18,440 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addfailregex', "^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
  282. 2014-12-05 10:39:18,457 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addaction', 'iptables']
  283. 2014-12-05 10:39:18,457 fail2ban.actions.action[1362]: DEBUG Created Action
  284. 2014-12-05 10:39:18,457 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  285. 2014-12-05 10:39:18,458 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  286. 2014-12-05 10:39:18,458 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  287. 2014-12-05 10:39:18,458 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  288. iptables -F fail2ban-<name>
  289. iptables -X fail2ban-<name>
  290. 2014-12-05 10:39:18,459 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
  291. 2014-12-05 10:39:18,459 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  292. iptables -A fail2ban-<name> -j RETURN
  293. iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  294. 2014-12-05 10:39:18,459 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  295. 2014-12-05 10:39:18,459 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  296. 2014-12-05 10:39:18,460 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  297. 2014-12-05 10:39:18,460 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  298. 2014-12-05 10:39:18,460 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  299. 2014-12-05 10:39:18,461 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'iptables', 'protocol', 'tcp']
  300. 2014-12-05 10:39:18,461 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'iptables', 'name', 'SSH']
  301. 2014-12-05 10:39:18,462 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'iptables', 'chain', 'INPUT']
  302. 2014-12-05 10:39:18,462 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'iptables', 'port', 'ssh']
  303. 2014-12-05 10:39:18,463 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addaction', 'sendmail-whois']
  304. 2014-12-05 10:39:18,463 fail2ban.actions.action[1362]: DEBUG Created Action
  305. 2014-12-05 10:39:18,463 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionban', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against <name>.\\n\\n\nHere is more information about <ip>:\\n\n`/usr/bin/whois <ip> || echo missing whois program`\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  306. 2014-12-05 10:39:18,463 fail2ban.actions.action[1362]: DEBUG Set actionBan = printf %b "Subject: [Fail2Ban] <name>: banned <ip> from `uname -n`
  307. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  308. From: <sendername> <<sender>>
  309. To: <dest>\n
  310. Hi,\n
  311. The IP <ip> has just been banned by Fail2Ban after
  312. <failures> attempts against <name>.\n\n
  313. Here is more information about <ip>:\n
  314. `/usr/bin/whois <ip> || echo missing whois program`\n
  315. Regards,\n
  316. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  317. 2014-12-05 10:39:18,464 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstop', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  318. 2014-12-05 10:39:18,464 fail2ban.actions.action[1362]: DEBUG Set actionStop = printf %b "Subject: [Fail2Ban] <name>: stopped on `uname -n`
  319. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  320. From: <sendername> <<sender>>
  321. To: <dest>\n
  322. Hi,\n
  323. The jail <name> has been stopped.\n
  324. Regards,\n
  325. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  326. 2014-12-05 10:39:18,465 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstart', 'sendmail-whois', 'printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`\nDate: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`\nFrom: <sendername> <<sender>>\nTo: <dest>\\n\nHi,\\n\nThe jail <name> has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f <sender> <dest>']
  327. 2014-12-05 10:39:18,465 fail2ban.actions.action[1362]: DEBUG Set actionStart = printf %b "Subject: [Fail2Ban] <name>: started on `uname -n`
  328. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  329. From: <sendername> <<sender>>
  330. To: <dest>\n
  331. Hi,\n
  332. The jail <name> has been started successfully.\n
  333. Regards,\n
  334. Fail2Ban" | /usr/sbin/sendmail -f <sender> <dest>
  335. 2014-12-05 10:39:18,466 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionunban', 'sendmail-whois', '']
  336. 2014-12-05 10:39:18,466 fail2ban.actions.action[1362]: DEBUG Set actionUnban =
  337. 2014-12-05 10:39:18,466 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actioncheck', 'sendmail-whois', '']
  338. 2014-12-05 10:39:18,467 fail2ban.actions.action[1362]: DEBUG Set actionCheck =
  339. 2014-12-05 10:39:18,467 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'sendmail-whois', 'dest', '[email protected]']
  340. 2014-12-05 10:39:18,468 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'sendmail-whois', 'sendername', 'Fail2Ban']
  341. 2014-12-05 10:39:18,468 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'sendmail-whois', 'name', 'SSH']
  342. 2014-12-05 10:39:18,469 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'sendmail-whois', 'sender', '[email protected]']
  343. 2014-12-05 10:39:18,469 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'addaction', 'blocklist_de']
  344. 2014-12-05 10:39:18,469 fail2ban.actions.action[1362]: DEBUG Created Action
  345. 2014-12-05 10:39:18,470 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionban', 'blocklist_de', 'curl --fail --data-urlencode \'server=<email>\' --data \'apikey=<apikey>\' --data \'service=<service>\' --data \'ip=<ip>\' --data-urlencode \'logs=<matches>\' --data \'format=text\' --user-agent "fail2ban v0.8.12" "https://www.blocklist.de/en/httpreports.html"']
  346. 2014-12-05 10:39:18,470 fail2ban.actions.action[1362]: DEBUG Set actionBan = curl --fail --data-urlencode 'server=<email>' --data 'apikey=<apikey>' --data 'service=<service>' --data 'ip=<ip>' --data-urlencode 'logs=<matches>' --data 'format=text' --user-agent "fail2ban v0.8.12" "https://www.blocklist.de/en/httpreports.html"
  347. 2014-12-05 10:39:18,470 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstop', 'blocklist_de', '']
  348. 2014-12-05 10:39:18,470 fail2ban.actions.action[1362]: DEBUG Set actionStop =
  349. 2014-12-05 10:39:18,471 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionstart', 'blocklist_de', '']
  350. 2014-12-05 10:39:18,471 fail2ban.actions.action[1362]: DEBUG Set actionStart =
  351. 2014-12-05 10:39:18,471 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actionunban', 'blocklist_de', '']
  352. 2014-12-05 10:39:18,472 fail2ban.actions.action[1362]: DEBUG Set actionUnban =
  353. 2014-12-05 10:39:18,472 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'actioncheck', 'blocklist_de', '']
  354. 2014-12-05 10:39:18,472 fail2ban.actions.action[1362]: DEBUG Set actionCheck =
  355. 2014-12-05 10:39:18,473 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'blocklist_de', 'apikey', 'xxxxxx']
  356. 2014-12-05 10:39:18,473 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'blocklist_de', 'email', '[email protected]']
  357. 2014-12-05 10:39:18,473 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-blocklist', 'setcinfo', 'blocklist_de', 'service', 'sshd']
  358. 2014-12-05 10:39:18,474 fail2ban.comm [1362]: DEBUG Command: ['add', 'sendmail-auth', 'auto']
  359. 2014-12-05 10:39:18,474 fail2ban.jail [1362]: INFO Creating new jail 'sendmail-auth'
  360. 2014-12-05 10:39:18,474 fail2ban.jail [1362]: INFO Jail 'sendmail-auth' uses pyinotify
  361. 2014-12-05 10:39:18,474 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sendmail-auth'))
  362. 2014-12-05 10:39:18,475 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('sendmail-auth'))
  363. 2014-12-05 10:39:18,475 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  364. 2014-12-05 10:39:18,475 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  365. 2014-12-05 10:39:18,475 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'usedns', 'warn']
  366. 2014-12-05 10:39:18,476 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sendmail-auth'))
  367. 2014-12-05 10:39:18,476 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'addlogpath', '/var/log/maillog']
  368. 2014-12-05 10:39:18,476 fail2ban.filter [1362]: INFO Added logfile = /var/log/maillog
  369. 2014-12-05 10:39:18,476 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  370. 2014-12-05 10:39:18,477 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/maillog
  371. 2014-12-05 10:39:18,477 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  372. 2014-12-05 10:39:18,477 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  373. 2014-12-05 10:39:18,478 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'maxretry', '3']
  374. 2014-12-05 10:39:18,478 fail2ban.filter [1362]: INFO Set maxRetry = 3
  375. 2014-12-05 10:39:18,478 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'addignoreip', '127.0.0.1/8']
  376. 2014-12-05 10:39:18,478 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  377. 2014-12-05 10:39:18,479 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'ignorecommand', '']
  378. 2014-12-05 10:39:18,479 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'findtime', '600']
  379. 2014-12-05 10:39:18,479 fail2ban.filter [1362]: INFO Set findtime = 600
  380. 2014-12-05 10:39:18,480 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'bantime', '600']
  381. 2014-12-05 10:39:18,480 fail2ban.actions[1362]: INFO Set banTime = 600
  382. 2014-12-05 10:39:18,480 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(?:sm-(mta|acceptingconnections))(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(?:sm-(mta|acceptingconnections))(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*\\w{14}: (\\S+ )?\\[<HOST>\\]( \\(may be forged\\))?: possible SMTP attack: command=AUTH, count=\\d+$']
  383. 2014-12-05 10:39:18,485 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'addaction', 'iptables-multiport']
  384. 2014-12-05 10:39:18,485 fail2ban.actions.action[1362]: DEBUG Created Action
  385. 2014-12-05 10:39:18,486 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  386. 2014-12-05 10:39:18,486 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  387. 2014-12-05 10:39:18,486 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  388. 2014-12-05 10:39:18,487 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  389. iptables -F fail2ban-<name>
  390. iptables -X fail2ban-<name>
  391. 2014-12-05 10:39:18,487 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  392. 2014-12-05 10:39:18,487 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  393. iptables -A fail2ban-<name> -j RETURN
  394. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  395. 2014-12-05 10:39:18,488 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  396. 2014-12-05 10:39:18,488 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  397. 2014-12-05 10:39:18,488 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  398. 2014-12-05 10:39:18,488 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  399. 2014-12-05 10:39:18,489 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  400. 2014-12-05 10:39:18,489 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  401. 2014-12-05 10:39:18,490 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'setcinfo', 'iptables-multiport', 'name', 'sendmail-auth']
  402. 2014-12-05 10:39:18,490 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  403. 2014-12-05 10:39:18,491 fail2ban.comm [1362]: DEBUG Command: ['set', 'sendmail-auth', 'setcinfo', 'iptables-multiport', 'port', 'submission,465,smtp']
  404. 2014-12-05 10:39:18,492 fail2ban.comm [1362]: DEBUG Command: ['add', 'dovecot', 'auto']
  405. 2014-12-05 10:39:18,492 fail2ban.jail [1362]: INFO Creating new jail 'dovecot'
  406. 2014-12-05 10:39:18,492 fail2ban.jail [1362]: INFO Jail 'dovecot' uses pyinotify
  407. 2014-12-05 10:39:18,492 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot'))
  408. 2014-12-05 10:39:18,493 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('dovecot'))
  409. 2014-12-05 10:39:18,493 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  410. 2014-12-05 10:39:18,493 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  411. 2014-12-05 10:39:18,493 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'usedns', 'warn']
  412. 2014-12-05 10:39:18,493 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('dovecot'))
  413. 2014-12-05 10:39:18,494 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addlogpath', '/var/log/maillog']
  414. 2014-12-05 10:39:18,494 fail2ban.filter [1362]: INFO Added logfile = /var/log/maillog
  415. 2014-12-05 10:39:18,494 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  416. 2014-12-05 10:39:18,494 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/maillog
  417. 2014-12-05 10:39:18,495 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  418. 2014-12-05 10:39:18,495 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  419. 2014-12-05 10:39:18,495 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'maxretry', '3']
  420. 2014-12-05 10:39:18,495 fail2ban.filter [1362]: INFO Set maxRetry = 3
  421. 2014-12-05 10:39:18,496 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addignoreip', '127.0.0.1/8']
  422. 2014-12-05 10:39:18,496 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  423. 2014-12-05 10:39:18,497 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'ignorecommand', '']
  424. 2014-12-05 10:39:18,497 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'findtime', '600']
  425. 2014-12-05 10:39:18,497 fail2ban.filter [1362]: INFO Set findtime = 600
  426. 2014-12-05 10:39:18,498 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'bantime', '600']
  427. 2014-12-05 10:39:18,498 fail2ban.actions[1362]: INFO Set banTime = 600
  428. 2014-12-05 10:39:18,498 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pam_unix(\\(dovecot:auth\\))?:)?\\s+authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=dovecot ruser=\\S* rhost=<HOST>(\\s+user=\\S*)?\\s*$']
  429. 2014-12-05 10:39:18,499 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(pop3|imap)-login: (Info: )?(Aborted login|Disconnected)(: Inactivity)? \\(((auth failed, \\d+ attempts)( in \\d+ secs)?|tried to use (disabled|disallowed) \\S+ auth)\\):( user=<\\S*>,)?( method=\\S+,)? rip=<HOST>(, lip=(\\d{1,3}\\.){3}\\d{1,3})?(, TLS( handshaking(: SSL_accept\\(\\) failed: error:[\\dA-F]+:SSL routines:[TLS\\d]+_GET_CLIENT_HELLO:unknown protocol)?)?(: Disconnected)?)?(, session=<\\S+>)?\\s*$']
  430. 2014-12-05 10:39:18,501 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?(auth|dovecot(-auth)?|auth-worker)(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*(Info|dovecot: auth\\(default\\)): pam\\(\\S+,<HOST>\\): pam_authenticate\\(\\) failed: (User not known to the underlying authentication module: \\d+ Time\\(s\\)|Authentication failure \\(password mismatch\\?\\))\\s*$']
  431. 2014-12-05 10:39:18,505 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'addaction', 'iptables-multiport']
  432. 2014-12-05 10:39:18,505 fail2ban.actions.action[1362]: DEBUG Created Action
  433. 2014-12-05 10:39:18,506 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  434. 2014-12-05 10:39:18,506 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  435. 2014-12-05 10:39:18,506 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  436. 2014-12-05 10:39:18,506 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  437. iptables -F fail2ban-<name>
  438. iptables -X fail2ban-<name>
  439. 2014-12-05 10:39:18,507 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  440. 2014-12-05 10:39:18,507 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  441. iptables -A fail2ban-<name> -j RETURN
  442. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  443. 2014-12-05 10:39:18,508 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  444. 2014-12-05 10:39:18,508 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  445. 2014-12-05 10:39:18,508 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  446. 2014-12-05 10:39:18,509 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  447. 2014-12-05 10:39:18,509 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  448. 2014-12-05 10:39:18,510 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  449. 2014-12-05 10:39:18,510 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'setcinfo', 'iptables-multiport', 'name', 'dovecot']
  450. 2014-12-05 10:39:18,510 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  451. 2014-12-05 10:39:18,511 fail2ban.comm [1362]: DEBUG Command: ['set', 'dovecot', 'setcinfo', 'iptables-multiport', 'port', 'pop3,pop3s,imap,imaps,submission,465,sieve']
  452. 2014-12-05 10:39:18,511 fail2ban.comm [1362]: DEBUG Command: ['add', 'apache-overflows', 'auto']
  453. 2014-12-05 10:39:18,511 fail2ban.jail [1362]: INFO Creating new jail 'apache-overflows'
  454. 2014-12-05 10:39:18,512 fail2ban.jail [1362]: INFO Jail 'apache-overflows' uses pyinotify
  455. 2014-12-05 10:39:18,512 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('apache-overflows'))
  456. 2014-12-05 10:39:18,512 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('apache-overflows'))
  457. 2014-12-05 10:39:18,512 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  458. 2014-12-05 10:39:18,512 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  459. 2014-12-05 10:39:18,513 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'usedns', 'warn']
  460. 2014-12-05 10:39:18,513 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('apache-overflows'))
  461. 2014-12-05 10:39:18,513 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'addlogpath', '/usr/local/apache/logs/error_log']
  462. 2014-12-05 10:39:18,514 fail2ban.filter [1362]: INFO Added logfile = /usr/local/apache/logs/error_log
  463. 2014-12-05 10:39:18,514 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /usr/local/apache/logs
  464. 2014-12-05 10:39:18,514 fail2ban.filter [1362]: DEBUG Added file watcher for /usr/local/apache/logs/error_log
  465. 2014-12-05 10:39:18,515 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  466. 2014-12-05 10:39:18,515 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  467. 2014-12-05 10:39:18,515 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'maxretry', '2']
  468. 2014-12-05 10:39:18,515 fail2ban.filter [1362]: INFO Set maxRetry = 2
  469. 2014-12-05 10:39:18,516 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'addignoreip', '127.0.0.1/8']
  470. 2014-12-05 10:39:18,516 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  471. 2014-12-05 10:39:18,517 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'ignorecommand', '']
  472. 2014-12-05 10:39:18,517 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'findtime', '600']
  473. 2014-12-05 10:39:18,517 fail2ban.filter [1362]: INFO Set findtime = 600
  474. 2014-12-05 10:39:18,518 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'bantime', '600']
  475. 2014-12-05 10:39:18,518 fail2ban.actions[1362]: INFO Set banTime = 600
  476. 2014-12-05 10:39:18,518 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'addfailregex', '^\\[[^]]*\\] \\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long \\(longer than \\d+\\)|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)(, referer: \\S+)?$']
  477. 2014-12-05 10:39:18,523 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'addaction', 'iptables-multiport']
  478. 2014-12-05 10:39:18,523 fail2ban.actions.action[1362]: DEBUG Created Action
  479. 2014-12-05 10:39:18,523 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  480. 2014-12-05 10:39:18,524 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  481. 2014-12-05 10:39:18,524 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  482. 2014-12-05 10:39:18,524 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  483. iptables -F fail2ban-<name>
  484. iptables -X fail2ban-<name>
  485. 2014-12-05 10:39:18,525 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  486. 2014-12-05 10:39:18,525 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  487. iptables -A fail2ban-<name> -j RETURN
  488. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  489. 2014-12-05 10:39:18,525 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  490. 2014-12-05 10:39:18,526 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  491. 2014-12-05 10:39:18,526 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  492. 2014-12-05 10:39:18,526 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  493. 2014-12-05 10:39:18,527 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  494. 2014-12-05 10:39:18,527 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  495. 2014-12-05 10:39:18,528 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'setcinfo', 'iptables-multiport', 'name', 'apache-overflows']
  496. 2014-12-05 10:39:18,528 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  497. 2014-12-05 10:39:18,529 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-overflows', 'setcinfo', 'iptables-multiport', 'port', '80,443']
  498. 2014-12-05 10:39:18,529 fail2ban.comm [1362]: DEBUG Command: ['add', 'apache-nohome', 'auto']
  499. 2014-12-05 10:39:18,529 fail2ban.jail [1362]: INFO Creating new jail 'apache-nohome'
  500. 2014-12-05 10:39:18,529 fail2ban.jail [1362]: INFO Jail 'apache-nohome' uses pyinotify
  501. 2014-12-05 10:39:18,529 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('apache-nohome'))
  502. 2014-12-05 10:39:18,530 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('apache-nohome'))
  503. 2014-12-05 10:39:18,530 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  504. 2014-12-05 10:39:18,530 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  505. 2014-12-05 10:39:18,531 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'usedns', 'warn']
  506. 2014-12-05 10:39:18,531 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('apache-nohome'))
  507. 2014-12-05 10:39:18,531 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'addlogpath', '/usr/local/apache/logs/error_log']
  508. 2014-12-05 10:39:18,531 fail2ban.filter [1362]: INFO Added logfile = /usr/local/apache/logs/error_log
  509. 2014-12-05 10:39:18,531 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /usr/local/apache/logs
  510. 2014-12-05 10:39:18,532 fail2ban.filter [1362]: DEBUG Added file watcher for /usr/local/apache/logs/error_log
  511. 2014-12-05 10:39:18,532 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  512. 2014-12-05 10:39:18,532 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  513. 2014-12-05 10:39:18,533 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'maxretry', '2']
  514. 2014-12-05 10:39:18,533 fail2ban.filter [1362]: INFO Set maxRetry = 2
  515. 2014-12-05 10:39:18,533 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'addignoreip', '127.0.0.1/8']
  516. 2014-12-05 10:39:18,533 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  517. 2014-12-05 10:39:18,534 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'ignorecommand', '']
  518. 2014-12-05 10:39:18,534 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'findtime', '600']
  519. 2014-12-05 10:39:18,534 fail2ban.filter [1362]: INFO Set findtime = 600
  520. 2014-12-05 10:39:18,535 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'bantime', '600']
  521. 2014-12-05 10:39:18,535 fail2ban.actions[1362]: INFO Set banTime = 600
  522. 2014-12-05 10:39:18,536 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'addfailregex', '^\\[[^]]*\\] \\[(:?error|\\S+:\\S+)\\]( \\[pid \\d+(:\\S+ \\d+)?\\])? \\[client <HOST>(:\\d{1,5})?\\] (AH00128: )?File does not exist: .*/~.*']
  523. 2014-12-05 10:39:18,538 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'addaction', 'iptables-multiport']
  524. 2014-12-05 10:39:18,538 fail2ban.actions.action[1362]: DEBUG Created Action
  525. 2014-12-05 10:39:18,538 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'actionban', 'iptables-multiport', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  526. 2014-12-05 10:39:18,538 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  527. 2014-12-05 10:39:18,539 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'actionstop', 'iptables-multiport', 'iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  528. 2014-12-05 10:39:18,539 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  529. iptables -F fail2ban-<name>
  530. iptables -X fail2ban-<name>
  531. 2014-12-05 10:39:18,539 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'actionstart', 'iptables-multiport', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>']
  532. 2014-12-05 10:39:18,539 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  533. iptables -A fail2ban-<name> -j RETURN
  534. iptables -I <chain> -p <protocol> -m multiport --dports <port> -j fail2ban-<name>
  535. 2014-12-05 10:39:18,540 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'actionunban', 'iptables-multiport', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  536. 2014-12-05 10:39:18,540 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  537. 2014-12-05 10:39:18,541 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'actioncheck', 'iptables-multiport', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  538. 2014-12-05 10:39:18,541 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  539. 2014-12-05 10:39:18,541 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'setcinfo', 'iptables-multiport', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  540. 2014-12-05 10:39:18,542 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'setcinfo', 'iptables-multiport', 'protocol', 'tcp']
  541. 2014-12-05 10:39:18,543 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'setcinfo', 'iptables-multiport', 'name', 'apache-nohome']
  542. 2014-12-05 10:39:18,543 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'setcinfo', 'iptables-multiport', 'chain', 'INPUT']
  543. 2014-12-05 10:39:18,544 fail2ban.comm [1362]: DEBUG Command: ['set', 'apache-nohome', 'setcinfo', 'iptables-multiport', 'port', '80,443']
  544. 2014-12-05 10:39:18,544 fail2ban.comm [1362]: DEBUG Command: ['add', 'ssh-ddos', 'auto']
  545. 2014-12-05 10:39:18,544 fail2ban.jail [1362]: INFO Creating new jail 'ssh-ddos'
  546. 2014-12-05 10:39:18,544 fail2ban.jail [1362]: INFO Jail 'ssh-ddos' uses pyinotify
  547. 2014-12-05 10:39:18,544 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-ddos'))
  548. 2014-12-05 10:39:18,545 fail2ban.filter [1362]: DEBUG Created FilterPyinotify(Jail('ssh-ddos'))
  549. 2014-12-05 10:39:18,545 fail2ban.filter [1362]: DEBUG Created FilterPyinotify
  550. 2014-12-05 10:39:18,545 fail2ban.jail [1362]: INFO Initiated 'pyinotify' backend
  551. 2014-12-05 10:39:18,546 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'usedns', 'warn']
  552. 2014-12-05 10:39:18,546 fail2ban.filter [1362]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('ssh-ddos'))
  553. 2014-12-05 10:39:18,546 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'addlogpath', '/var/log/secure']
  554. 2014-12-05 10:39:18,546 fail2ban.filter [1362]: INFO Added logfile = /var/log/secure
  555. 2014-12-05 10:39:18,547 fail2ban.filter [1362]: DEBUG Added monitor for the parent directory /var/log
  556. 2014-12-05 10:39:18,547 fail2ban.filter [1362]: DEBUG Added file watcher for /var/log/secure
  557. 2014-12-05 10:39:18,547 fail2ban.filter.datedetector[1362]: DEBUG Sorting the template list
  558. 2014-12-05 10:39:18,547 fail2ban.filter.datedetector[1362]: DEBUG Winning template: WEEKDAY MONTH Day Hour:Minute:Second[.subsecond] Year with 0 hits
  559. 2014-12-05 10:39:18,548 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'maxretry', '2']
  560. 2014-12-05 10:39:18,548 fail2ban.filter [1362]: INFO Set maxRetry = 2
  561. 2014-12-05 10:39:18,548 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'addignoreip', '127.0.0.1/8']
  562. 2014-12-05 10:39:18,549 fail2ban.filter [1362]: DEBUG Add 127.0.0.1/8 to ignore list
  563. 2014-12-05 10:39:18,549 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'ignorecommand', '']
  564. 2014-12-05 10:39:18,549 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'findtime', '600']
  565. 2014-12-05 10:39:18,550 fail2ban.filter [1362]: INFO Set findtime = 600
  566. 2014-12-05 10:39:18,550 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'bantime', '600']
  567. 2014-12-05 10:39:18,550 fail2ban.actions[1362]: INFO Set banTime = 600
  568. 2014-12-05 10:39:18,551 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'addfailregex', '^\\s*(<[^.]+\\.[^.]+>)?\\s*(?:\\S+ )?(?:kernel: \\[ *\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)?\\s(?:\\[ID \\d+ \\S+\\])?\\s*Did not receive identification string from <HOST>\\s*$']
  569. 2014-12-05 10:39:18,554 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'addaction', 'iptables']
  570. 2014-12-05 10:39:18,554 fail2ban.actions.action[1362]: DEBUG Created Action
  571. 2014-12-05 10:39:18,555 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>']
  572. 2014-12-05 10:39:18,555 fail2ban.actions.action[1362]: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j <blocktype>
  573. 2014-12-05 10:39:18,556 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
  574. 2014-12-05 10:39:18,556 fail2ban.actions.action[1362]: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  575. iptables -F fail2ban-<name>
  576. iptables -X fail2ban-<name>
  577. 2014-12-05 10:39:18,556 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
  578. 2014-12-05 10:39:18,556 fail2ban.actions.action[1362]: DEBUG Set actionStart = iptables -N fail2ban-<name>
  579. iptables -A fail2ban-<name> -j RETURN
  580. iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
  581. 2014-12-05 10:39:18,557 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j <blocktype>']
  582. 2014-12-05 10:39:18,557 fail2ban.actions.action[1362]: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j <blocktype>
  583. 2014-12-05 10:39:18,558 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
  584. 2014-12-05 10:39:18,558 fail2ban.actions.action[1362]: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
  585. 2014-12-05 10:39:18,558 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'setcinfo', 'iptables', 'blocktype', 'REJECT --reject-with icmp-port-unreachable']
  586. 2014-12-05 10:39:18,559 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'setcinfo', 'iptables', 'protocol', 'tcp']
  587. 2014-12-05 10:39:18,559 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'setcinfo', 'iptables', 'name', 'SSHDDOS']
  588. 2014-12-05 10:39:18,560 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'setcinfo', 'iptables', 'chain', 'INPUT']
  589. 2014-12-05 10:39:18,560 fail2ban.comm [1362]: DEBUG Command: ['set', 'ssh-ddos', 'setcinfo', 'iptables', 'port', 'ssh']
  590. 2014-12-05 10:39:18,561 fail2ban.comm [1362]: DEBUG Command: ['start', 'dovecot-auth']
  591. 2014-12-05 10:39:18,563 fail2ban.filter [1362]: DEBUG pyinotifier started for dovecot-auth.
  592. 2014-12-05 10:39:18,564 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-dovecot-auth
  593. iptables -A fail2ban-dovecot-auth -j RETURN
  594. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps,submission,465,sieve -j fail2ban-dovecot-auth
  595. 2014-12-05 10:39:18,564 fail2ban.jail [1362]: INFO Jail 'dovecot-auth' started
  596. 2014-12-05 10:39:18,568 fail2ban.comm [1362]: DEBUG Command: ['start', 'selinux-ssh']
  597. 2014-12-05 10:39:18,569 fail2ban.jail [1362]: INFO Jail 'selinux-ssh' started
  598. 2014-12-05 10:39:18,570 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SELINUX-SSH
  599. iptables -A fail2ban-SELINUX-SSH -j RETURN
  600. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SELINUX-SSH
  601. 2014-12-05 10:39:18,571 fail2ban.filter [1362]: DEBUG pyinotifier started for selinux-ssh.
  602. 2014-12-05 10:39:18,571 fail2ban.comm [1362]: DEBUG Command: ['start', 'ssh-iptables']
  603. 2014-12-05 10:39:18,573 fail2ban.jail [1362]: INFO Jail 'ssh-iptables' started
  604. 2014-12-05 10:39:18,573 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SSH
  605. iptables -A fail2ban-SSH -j RETURN
  606. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH
  607. 2014-12-05 10:39:18,573 fail2ban.filter [1362]: DEBUG pyinotifier started for ssh-iptables.
  608. 2014-12-05 10:39:18,575 fail2ban.filter [1362]: DEBUG Default Callback for Event: <Event dir=False mask=0x2 maskname=IN_MODIFY name='' path=/var/log/audit/audit.log pathname=/var/log/audit/audit.log wd=2 >
  609. 2014-12-05 10:39:18,576 fail2ban.comm [1362]: DEBUG Command: ['start', 'exim']
  610. 2014-12-05 10:39:18,579 fail2ban.filter [1362]: DEBUG pyinotifier started for exim.
  611. 2014-12-05 10:39:18,579 fail2ban.jail [1362]: INFO Jail 'exim' started
  612. 2014-12-05 10:39:18,580 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-exim
  613. iptables -A fail2ban-exim -j RETURN
  614. iptables -I INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-exim
  615. 2014-12-05 10:39:18,581 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  616. 2014-12-05 10:39:18,583 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  617. 2014-12-05 10:39:18,583 fail2ban.comm [1362]: DEBUG Command: ['start', 'ssh-blocklist']
  618. 2014-12-05 10:39:18,584 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  619. 2014-12-05 10:39:18,586 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  620. 2014-12-05 10:39:18,586 fail2ban.filter [1362]: DEBUG pyinotifier started for ssh-blocklist.
  621. 2014-12-05 10:39:18,587 fail2ban.jail [1362]: INFO Jail 'ssh-blocklist' started
  622. 2014-12-05 10:39:18,588 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  623. 2014-12-05 10:39:18,588 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SSH
  624. iptables -A fail2ban-SSH -j RETURN
  625. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH
  626. 2014-12-05 10:39:18,590 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  627. 2014-12-05 10:39:18,591 fail2ban.comm [1362]: DEBUG Command: ['start', 'sendmail-auth']
  628. 2014-12-05 10:39:18,592 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  629. 2014-12-05 10:39:18,593 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  630. 2014-12-05 10:39:18,595 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  631. 2014-12-05 10:39:18,595 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-dovecot-auth
  632. iptables -A fail2ban-dovecot-auth -j RETURN
  633. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps,submission,465,sieve -j fail2ban-dovecot-auth returned successfully
  634. 2014-12-05 10:39:18,596 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  635. 2014-12-05 10:39:18,596 fail2ban.filter [1362]: DEBUG pyinotifier started for sendmail-auth.
  636. 2014-12-05 10:39:18,597 fail2ban.jail [1362]: INFO Jail 'sendmail-auth' started
  637. 2014-12-05 10:39:18,597 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-sendmail-auth
  638. iptables -A fail2ban-sendmail-auth -j RETURN
  639. iptables -I INPUT -p tcp -m multiport --dports submission,465,smtp -j fail2ban-sendmail-auth
  640. 2014-12-05 10:39:18,603 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  641. 2014-12-05 10:39:18,604 fail2ban.comm [1362]: DEBUG Command: ['start', 'dovecot']
  642. 2014-12-05 10:39:18,604 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  643. 2014-12-05 10:39:18,606 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  644. 2014-12-05 10:39:18,607 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  645. 2014-12-05 10:39:18,609 fail2ban.filter [1362]: DEBUG pyinotifier started for dovecot.
  646. 2014-12-05 10:39:18,610 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  647. 2014-12-05 10:39:18,610 fail2ban.jail [1362]: INFO Jail 'dovecot' started
  648. 2014-12-05 10:39:18,611 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-dovecot
  649. iptables -A fail2ban-dovecot -j RETURN
  650. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps,submission,465,sieve -j fail2ban-dovecot
  651. 2014-12-05 10:39:18,611 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  652. 2014-12-05 10:39:18,613 fail2ban.comm [1362]: DEBUG Command: ['start', 'apache-overflows']
  653. 2014-12-05 10:39:18,614 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  654. 2014-12-05 10:39:18,616 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  655. 2014-12-05 10:39:18,617 fail2ban.filter [1362]: DEBUG pyinotifier started for apache-overflows.
  656. 2014-12-05 10:39:18,617 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-apache-overflows
  657. iptables -A fail2ban-apache-overflows -j RETURN
  658. iptables -I INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-overflows
  659. 2014-12-05 10:39:18,617 fail2ban.jail [1362]: INFO Jail 'apache-overflows' started
  660. 2014-12-05 10:39:18,618 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  661. 2014-12-05 10:39:18,619 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SELINUX-SSH
  662. iptables -A fail2ban-SELINUX-SSH -j RETURN
  663. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SELINUX-SSH returned successfully
  664. 2014-12-05 10:39:18,620 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  665. 2014-12-05 10:39:18,621 fail2ban.comm [1362]: DEBUG Command: ['start', 'apache-nohome']
  666. 2014-12-05 10:39:18,625 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  667. 2014-12-05 10:39:18,627 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  668. 2014-12-05 10:39:18,628 fail2ban.jail [1362]: INFO Jail 'apache-nohome' started
  669. 2014-12-05 10:39:18,629 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-apache-nohome
  670. iptables -A fail2ban-apache-nohome -j RETURN
  671. iptables -I INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-nohome
  672. 2014-12-05 10:39:18,631 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  673. 2014-12-05 10:39:18,631 fail2ban.filter [1362]: DEBUG pyinotifier started for apache-nohome.
  674. 2014-12-05 10:39:18,632 fail2ban.comm [1362]: DEBUG Command: ['start', 'ssh-ddos']
  675. 2014-12-05 10:39:18,633 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  676. 2014-12-05 10:39:18,635 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  677. 2014-12-05 10:39:18,636 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  678. 2014-12-05 10:39:18,637 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SSHDDOS
  679. iptables -A fail2ban-SSHDDOS -j RETURN
  680. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSHDDOS
  681. 2014-12-05 10:39:18,637 fail2ban.jail [1362]: INFO Jail 'ssh-ddos' started
  682. 2014-12-05 10:39:18,638 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  683. 2014-12-05 10:39:18,639 fail2ban.filter [1362]: DEBUG pyinotifier started for ssh-ddos.
  684. 2014-12-05 10:39:18,640 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  685. 2014-12-05 10:39:18,641 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  686. 2014-12-05 10:39:18,641 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SSH
  687. iptables -A fail2ban-SSH -j RETURN
  688. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned successfully
  689. 2014-12-05 10:39:18,642 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  690. 2014-12-05 10:39:18,642 fail2ban.actions.action[1362]: DEBUG printf %b "Subject: [Fail2Ban] SSH: started on `uname -n`
  691. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  692. From: Fail2Ban <[email protected]>
  693. To: [email protected]\n
  694. Hi,\n
  695. The jail SSH has been started successfully.\n
  696. Regards,\n
  697. Fail2Ban" | /usr/sbin/sendmail -f [email protected] [email protected]
  698. 2014-12-05 10:39:18,647 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  699. 2014-12-05 10:39:18,661 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  700. 2014-12-05 10:39:18,661 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  701. 2014-12-05 10:39:18,662 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  702. 2014-12-05 10:39:18,663 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  703. 2014-12-05 10:39:18,663 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  704. 2014-12-05 10:39:18,664 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  705. 2014-12-05 10:39:18,664 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  706. 2014-12-05 10:39:18,665 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  707. 2014-12-05 10:39:18,666 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-exim
  708. iptables -A fail2ban-exim -j RETURN
  709. iptables -I INPUT -p tcp -m multiport --dports 25,465,587 -j fail2ban-exim returned successfully
  710. 2014-12-05 10:39:18,666 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  711. 2014-12-05 10:39:18,670 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  712. 2014-12-05 10:39:18,671 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  713. 2014-12-05 10:39:18,672 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  714. 2014-12-05 10:39:18,672 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  715. 2014-12-05 10:39:18,673 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  716. 2014-12-05 10:39:18,673 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  717. 2014-12-05 10:39:18,674 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  718. 2014-12-05 10:39:18,674 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  719. 2014-12-05 10:39:18,675 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  720. 2014-12-05 10:39:18,675 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  721. 2014-12-05 10:39:18,676 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  722. 2014-12-05 10:39:18,677 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  723. 2014-12-05 10:39:18,677 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  724. 2014-12-05 10:39:18,677 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  725. 2014-12-05 10:39:18,678 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  726. 2014-12-05 10:39:18,678 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  727. 2014-12-05 10:39:18,678 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  728. 2014-12-05 10:39:18,678 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  729. 2014-12-05 10:39:18,679 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  730. 2014-12-05 10:39:18,679 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  731. 2014-12-05 10:39:18,679 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  732. 2014-12-05 10:39:18,680 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  733. 2014-12-05 10:39:18,680 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  734. 2014-12-05 10:39:18,680 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  735. 2014-12-05 10:39:18,681 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  736. 2014-12-05 10:39:18,681 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  737. 2014-12-05 10:39:18,681 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  738. 2014-12-05 10:39:18,681 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  739. 2014-12-05 10:39:18,682 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  740. 2014-12-05 10:39:18,682 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  741. 2014-12-05 10:39:18,683 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  742. 2014-12-05 10:39:18,683 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  743. 2014-12-05 10:39:18,683 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  744. 2014-12-05 10:39:18,683 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  745. 2014-12-05 10:39:18,684 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  746. 2014-12-05 10:39:18,684 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  747. 2014-12-05 10:39:18,684 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-SSH
  748. iptables -A fail2ban-SSH -j RETURN
  749. iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned successfully
  750. 2014-12-05 10:39:18,685 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  751. 2014-12-05 10:39:18,686 fail2ban.actions.action[1362]: DEBUG printf %b "Subject: [Fail2Ban] SSH: started on `uname -n`
  752. Date: `LC_TIME=C date -u +"%a, %d %h %Y %T +0000"`
  753. From: Fail2Ban <[email protected]>
  754. To: [email protected]\n
  755. Hi,\n
  756. The jail SSH has been started successfully.\n
  757. Regards,\n
  758. Fail2Ban" | /usr/sbin/sendmail -f [email protected] [email protected]
  759. 2014-12-05 10:39:18,688 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  760. 2014-12-05 10:39:18,689 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  761. 2014-12-05 10:39:18,689 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  762. 2014-12-05 10:39:18,690 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  763. 2014-12-05 10:39:18,690 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  764. 2014-12-05 10:39:18,691 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  765. 2014-12-05 10:39:18,691 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  766. 2014-12-05 10:39:18,691 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  767. 2014-12-05 10:39:18,691 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  768. 2014-12-05 10:39:18,692 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  769. 2014-12-05 10:39:18,692 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  770. 2014-12-05 10:39:18,692 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  771. 2014-12-05 10:39:18,693 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  772. 2014-12-05 10:39:18,693 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  773. 2014-12-05 10:39:18,693 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  774. 2014-12-05 10:39:18,694 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  775. 2014-12-05 10:39:18,694 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  776. 2014-12-05 10:39:18,694 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  777. 2014-12-05 10:39:18,694 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  778. 2014-12-05 10:39:18,695 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  779. 2014-12-05 10:39:18,695 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  780. 2014-12-05 10:39:18,695 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  781. 2014-12-05 10:39:18,696 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  782. 2014-12-05 10:39:18,696 fail2ban.filter [1362]: DEBUG Processing line with time:1417786155.0 and ip:60.173.12.226
  783. 2014-12-05 10:39:18,696 fail2ban.filter [1362]: DEBUG Ignore line since time 1417786155.0 < 1417793958.7 - 600
  784. 2014-12-05 10:39:18,696 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  785. 2014-12-05 10:39:18,697 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  786. 2014-12-05 10:39:18,697 fail2ban.filter [1362]: DEBUG Processing line with time:1417786155.0 and ip:60.173.12.226
  787. 2014-12-05 10:39:18,697 fail2ban.filter [1362]: DEBUG Ignore line since time 1417786155.0 < 1417793958.7 - 600
  788. 2014-12-05 10:39:18,697 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  789. 2014-12-05 10:39:18,698 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  790. 2014-12-05 10:39:18,698 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  791. 2014-12-05 10:39:18,698 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  792. 2014-12-05 10:39:18,699 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  793. 2014-12-05 10:39:18,699 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  794. 2014-12-05 10:39:18,699 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  795. 2014-12-05 10:39:18,700 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  796. 2014-12-05 10:39:18,700 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  797. 2014-12-05 10:39:18,700 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  798. 2014-12-05 10:39:18,701 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  799. 2014-12-05 10:39:18,701 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  800. 2014-12-05 10:39:18,701 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  801. 2014-12-05 10:39:18,702 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  802. 2014-12-05 10:39:18,702 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  803. 2014-12-05 10:39:18,702 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  804. 2014-12-05 10:39:18,703 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  805. 2014-12-05 10:39:18,703 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  806. 2014-12-05 10:39:18,703 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  807. 2014-12-05 10:39:18,703 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  808. 2014-12-05 10:39:18,704 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  809. 2014-12-05 10:39:18,704 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  810. 2014-12-05 10:39:18,704 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  811. 2014-12-05 10:39:18,704 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  812. 2014-12-05 10:39:18,705 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  813. 2014-12-05 10:39:18,705 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  814. 2014-12-05 10:39:18,705 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  815. 2014-12-05 10:39:18,706 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  816. 2014-12-05 10:39:18,706 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  817. 2014-12-05 10:39:18,706 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  818. 2014-12-05 10:39:18,707 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-sendmail-auth
  819. iptables -A fail2ban-sendmail-auth -j RETURN
  820. iptables -I INPUT -p tcp -m multiport --dports submission,465,smtp -j fail2ban-sendmail-auth returned successfully
  821. 2014-12-05 10:39:18,707 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  822. 2014-12-05 10:39:18,711 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  823. 2014-12-05 10:39:18,712 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  824. 2014-12-05 10:39:18,712 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  825. 2014-12-05 10:39:18,712 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  826. 2014-12-05 10:39:18,719 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  827. 2014-12-05 10:39:18,719 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  828. 2014-12-05 10:39:18,720 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  829. 2014-12-05 10:39:18,720 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  830. 2014-12-05 10:39:18,721 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  831. 2014-12-05 10:39:18,721 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  832. 2014-12-05 10:39:18,722 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  833. 2014-12-05 10:39:18,722 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  834. 2014-12-05 10:39:18,723 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  835. 2014-12-05 10:39:18,724 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  836. 2014-12-05 10:39:18,724 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  837. 2014-12-05 10:39:18,725 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  838. 2014-12-05 10:39:18,725 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  839. 2014-12-05 10:39:18,726 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  840. 2014-12-05 10:39:18,726 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  841. 2014-12-05 10:39:18,727 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  842. 2014-12-05 10:39:18,727 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  843. 2014-12-05 10:39:18,727 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  844. 2014-12-05 10:39:18,727 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  845. 2014-12-05 10:39:18,728 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  846. 2014-12-05 10:39:18,728 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  847. 2014-12-05 10:39:18,728 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  848. 2014-12-05 10:39:18,729 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  849. 2014-12-05 10:39:18,729 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  850. 2014-12-05 10:39:18,729 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  851. 2014-12-05 10:39:18,730 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  852. 2014-12-05 10:39:18,730 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  853. 2014-12-05 10:39:18,730 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  854. 2014-12-05 10:39:18,730 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  855. 2014-12-05 10:39:18,731 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  856. 2014-12-05 10:39:18,731 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  857. 2014-12-05 10:39:18,731 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  858. 2014-12-05 10:39:18,732 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  859. 2014-12-05 10:39:18,732 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  860. 2014-12-05 10:39:18,732 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  861. 2014-12-05 10:39:18,733 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  862. 2014-12-05 10:39:18,733 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  863. 2014-12-05 10:39:18,733 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  864. 2014-12-05 10:39:18,734 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  865. 2014-12-05 10:39:18,734 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  866. 2014-12-05 10:39:18,734 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  867. 2014-12-05 10:39:18,735 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  868. 2014-12-05 10:39:18,735 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  869. 2014-12-05 10:39:18,735 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  870. 2014-12-05 10:39:18,735 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  871. 2014-12-05 10:39:18,736 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  872. 2014-12-05 10:39:18,736 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  873. 2014-12-05 10:39:18,736 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  874. 2014-12-05 10:39:18,737 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  875. 2014-12-05 10:39:18,737 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  876. 2014-12-05 10:39:18,737 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  877. 2014-12-05 10:39:18,738 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  878. 2014-12-05 10:39:18,738 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  879. 2014-12-05 10:39:18,738 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  880. 2014-12-05 10:39:18,739 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-dovecot
  881. iptables -A fail2ban-dovecot -j RETURN
  882. iptables -I INPUT -p tcp -m multiport --dports pop3,pop3s,imap,imaps,submission,465,sieve -j fail2ban-dovecot returned successfully
  883. 2014-12-05 10:39:18,739 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  884. 2014-12-05 10:39:18,742 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  885. 2014-12-05 10:39:18,743 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  886. 2014-12-05 10:39:18,743 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  887. 2014-12-05 10:39:18,743 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  888. 2014-12-05 10:39:18,744 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  889. 2014-12-05 10:39:18,744 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  890. 2014-12-05 10:39:18,744 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  891. 2014-12-05 10:39:18,744 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  892. 2014-12-05 10:39:18,745 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  893. 2014-12-05 10:39:18,745 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  894. 2014-12-05 10:39:18,745 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  895. 2014-12-05 10:39:18,746 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  896. 2014-12-05 10:39:18,746 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  897. 2014-12-05 10:39:18,746 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  898. 2014-12-05 10:39:18,747 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  899. 2014-12-05 10:39:18,747 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  900. 2014-12-05 10:39:18,747 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  901. 2014-12-05 10:39:18,747 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  902. 2014-12-05 10:39:18,748 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  903. 2014-12-05 10:39:18,748 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  904. 2014-12-05 10:39:18,748 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  905. 2014-12-05 10:39:18,749 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  906. 2014-12-05 10:39:18,749 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  907. 2014-12-05 10:39:18,749 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  908. 2014-12-05 10:39:18,750 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  909. 2014-12-05 10:39:18,750 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  910. 2014-12-05 10:39:18,750 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  911. 2014-12-05 10:39:18,750 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  912. 2014-12-05 10:39:18,751 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  913. 2014-12-05 10:39:18,751 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  914. 2014-12-05 10:39:18,752 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  915. 2014-12-05 10:39:18,752 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  916. 2014-12-05 10:39:18,752 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  917. 2014-12-05 10:39:18,752 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  918. 2014-12-05 10:39:18,753 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  919. 2014-12-05 10:39:18,753 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  920. 2014-12-05 10:39:18,753 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  921. 2014-12-05 10:39:18,754 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  922. 2014-12-05 10:39:18,754 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  923. 2014-12-05 10:39:18,754 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  924. 2014-12-05 10:39:18,755 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  925. 2014-12-05 10:39:18,755 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  926. 2014-12-05 10:39:18,755 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  927. 2014-12-05 10:39:18,755 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  928. 2014-12-05 10:39:18,756 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  929. 2014-12-05 10:39:18,756 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  930. 2014-12-05 10:39:18,757 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  931. 2014-12-05 10:39:18,757 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  932. 2014-12-05 10:39:18,757 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  933. 2014-12-05 10:39:18,757 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  934. 2014-12-05 10:39:18,758 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  935. 2014-12-05 10:39:18,758 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  936. 2014-12-05 10:39:18,758 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  937. 2014-12-05 10:39:18,759 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  938. 2014-12-05 10:39:18,759 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  939. 2014-12-05 10:39:18,759 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  940. 2014-12-05 10:39:18,760 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  941. 2014-12-05 10:39:18,760 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  942. 2014-12-05 10:39:18,760 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  943. 2014-12-05 10:39:18,760 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  944. 2014-12-05 10:39:18,761 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  945. 2014-12-05 10:39:18,761 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  946. 2014-12-05 10:39:18,761 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-apache-overflows
  947. iptables -A fail2ban-apache-overflows -j RETURN
  948. iptables -I INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-overflows returned successfully
  949. 2014-12-05 10:39:18,762 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  950. 2014-12-05 10:39:18,765 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  951. 2014-12-05 10:39:18,766 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  952. 2014-12-05 10:39:18,766 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  953. 2014-12-05 10:39:18,766 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  954. 2014-12-05 10:39:18,766 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  955. 2014-12-05 10:39:18,767 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  956. 2014-12-05 10:39:18,767 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  957. 2014-12-05 10:39:18,767 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  958. 2014-12-05 10:39:18,768 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  959. 2014-12-05 10:39:18,768 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  960. 2014-12-05 10:39:18,768 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  961. 2014-12-05 10:39:18,769 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  962. 2014-12-05 10:39:18,769 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  963. 2014-12-05 10:39:18,769 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  964. 2014-12-05 10:39:18,770 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  965. 2014-12-05 10:39:18,770 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  966. 2014-12-05 10:39:18,770 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  967. 2014-12-05 10:39:18,770 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  968. 2014-12-05 10:39:18,771 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  969. 2014-12-05 10:39:18,771 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  970. 2014-12-05 10:39:18,771 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  971. 2014-12-05 10:39:18,772 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  972. 2014-12-05 10:39:18,772 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  973. 2014-12-05 10:39:18,772 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  974. 2014-12-05 10:39:18,773 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  975. 2014-12-05 10:39:18,773 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  976. 2014-12-05 10:39:18,773 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  977. 2014-12-05 10:39:18,774 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  978. 2014-12-05 10:39:18,774 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  979. 2014-12-05 10:39:18,774 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  980. 2014-12-05 10:39:18,774 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  981. 2014-12-05 10:39:18,775 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  982. 2014-12-05 10:39:18,775 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  983. 2014-12-05 10:39:18,775 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  984. 2014-12-05 10:39:18,776 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  985. 2014-12-05 10:39:18,776 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  986. 2014-12-05 10:39:18,776 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  987. 2014-12-05 10:39:18,776 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  988. 2014-12-05 10:39:18,777 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  989. 2014-12-05 10:39:18,777 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  990. 2014-12-05 10:39:18,777 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  991. 2014-12-05 10:39:18,778 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  992. 2014-12-05 10:39:18,778 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  993. 2014-12-05 10:39:18,778 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  994. 2014-12-05 10:39:18,778 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  995. 2014-12-05 10:39:18,779 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  996. 2014-12-05 10:39:18,779 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  997. 2014-12-05 10:39:18,779 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  998. 2014-12-05 10:39:18,780 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  999. 2014-12-05 10:39:18,780 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1000. 2014-12-05 10:39:18,780 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1001. 2014-12-05 10:39:18,781 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1002. 2014-12-05 10:39:18,781 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1003. 2014-12-05 10:39:18,781 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1004. 2014-12-05 10:39:18,782 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1005. 2014-12-05 10:39:18,782 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1006. 2014-12-05 10:39:18,782 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1007. 2014-12-05 10:39:18,783 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1008. 2014-12-05 10:39:18,783 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1009. 2014-12-05 10:39:18,783 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1010. 2014-12-05 10:39:18,784 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1011. 2014-12-05 10:39:18,784 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1012. 2014-12-05 10:39:18,784 fail2ban.actions.action[1362]: DEBUG iptables -N fail2ban-apache-nohome
  1013. iptables -A fail2ban-apache-nohome -j RETURN
  1014. iptables -I INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-apache-nohome returned successfully
  1015. 2014-12-05 10:39:18,785 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1016. 2014-12-05 10:39:18,788 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1017. 2014-12-05 10:39:18,789 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1018. 2014-12-05 10:39:18,789 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1019. 2014-12-05 10:39:18,789 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
  1020. 2014-12-05 10:39:18,790 fail2ban.filter.datedetector[1362]: DEBUG Matched time template Epoch
  1021. 2014-12-05 10:39:18,790 fail2ban.filter.datedetector[1362]: DEBUG Got time using template Epoch
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!