Psst.. new poll here.
Psst.. new forums here.
Microsoft is blocking us again (TY IP Reputation!) so dont bother with any of their useless mail servers here and just use oauth login instead. Thank the nice Russians for causing that. :)
Paste
Pasted by registered user jazz_bass ( 13 years ago )
# tail -f /var/log/fail2ban.log
2013-03-18 23:46:53,810 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.8
2013-03-18 23:46:53,812 fail2ban.comm : DEBUG Command: ['add', 'ssh-iptables', 'auto']
2013-03-18 23:46:53,812 fail2ban.jail : INFO Creating new jail 'ssh-iptables'
2013-03-18 23:46:53,813 fail2ban.jail : DEBUG Backend 'pyinotify' failed to initialize due to No module named pyinotify
2013-03-18 23:46:53,813 fail2ban.jail : DEBUG Backend 'gamin' failed to initialize due to No module named gamin
2013-03-18 23:46:53,813 fail2ban.jail : INFO Jail 'ssh-iptables' uses poller
2013-03-18 23:46:53,843 fail2ban.filter : DEBUG Setting usedns = warn for FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,867 fail2ban.filter : DEBUG Created FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,867 fail2ban.filter : DEBUG Created FilterPoll
2013-03-18 23:46:53,867 fail2ban.jail : INFO Initiated 'polling' backend
2013-03-18 23:46:53,869 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'usedns', 'no']
2013-03-18 23:46:53,869 fail2ban.filter : DEBUG Setting usedns = no for FilterPoll(Jail('ssh-iptables'))
2013-03-18 23:46:53,870 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addlogpath', '/var/log/sshd.log']
2013-03-18 23:46:53,871 fail2ban.filter : INFO Added logfile = /var/log/sshd.log
2013-03-18 23:46:53,872 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'maxretry', '3']
2013-03-18 23:46:53,872 fail2ban.filter : INFO Set maxRetry = 3
2013-03-18 23:46:53,873 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addignoreip', '127.0.0.1/8']
2013-03-18 23:46:53,873 fail2ban.filter : DEBUG Add 127.0.0.1/8 to ignore list
2013-03-18 23:46:53,874 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'findtime', '600']
2013-03-18 23:46:53,875 fail2ban.filter : INFO Set findtime = 600
2013-03-18 23:46:53,877 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'bantime', '600']
2013-03-18 23:46:53,878 fail2ban.actions: INFO Set banTime = 600
2013-03-18 23:46:53,879 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$']
2013-03-18 23:46:53,889 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
2013-03-18 23:46:53,900 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?\\s*$']
2013-03-18 23:46:53,911 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
2013-03-18 23:46:53,921 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
2013-03-18 23:46:53,931 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers\\s*$']
2013-03-18 23:46:53,942 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because listed in DenyUsers\\s*$']
2013-03-18 23:46:53,953 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:pam_unix\\(sshd:auth\\):\\s)?authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$']
2013-03-18 23:46:53,966 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
2013-03-18 23:46:53,977 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addfailregex', "^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
2013-03-18 23:46:53,989 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'addaction', 'iptables']
2013-03-18 23:46:53,990 fail2ban.actions.action: DEBUG Created Action
2013-03-18 23:46:53,991 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
2013-03-18 23:46:53,991 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2013-03-18 23:46:53,992 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
2013-03-18 23:46:53,993 fail2ban.actions.action: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2013-03-18 23:46:53,994 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
2013-03-18 23:46:53,994 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
2013-03-18 23:46:53,995 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
2013-03-18 23:46:53,996 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2013-03-18 23:46:53,997 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
2013-03-18 23:46:53,997 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
2013-03-18 23:46:53,998 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
2013-03-18 23:46:54,000 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'name', 'SSH']
2013-03-18 23:46:54,001 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']
2013-03-18 23:46:54,002 fail2ban.comm : DEBUG Command: ['set', 'ssh-iptables', 'setcinfo', 'iptables', 'port', 'ssh']
2013-03-18 23:46:54,003 fail2ban.comm : DEBUG Command: ['add', 'proftpd-iptables', 'auto']
2013-03-18 23:46:54,003 fail2ban.jail : INFO Creating new jail 'proftpd-iptables'
2013-03-18 23:46:54,004 fail2ban.jail : DEBUG Backend 'pyinotify' failed to initialize due to No module named pyinotify
2013-03-18 23:46:54,004 fail2ban.jail : DEBUG Backend 'gamin' failed to initialize due to No module named gamin
2013-03-18 23:46:54,005 fail2ban.jail : INFO Jail 'proftpd-iptables' uses poller
2013-03-18 23:46:54,005 fail2ban.filter : DEBUG Setting usedns = warn for FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,006 fail2ban.filter : DEBUG Created FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,007 fail2ban.filter : DEBUG Created FilterPoll
2013-03-18 23:46:54,007 fail2ban.jail : INFO Initiated 'polling' backend
2013-03-18 23:46:54,008 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'usedns', 'no']
2013-03-18 23:46:54,008 fail2ban.filter : DEBUG Setting usedns = no for FilterPoll(Jail('proftpd-iptables'))
2013-03-18 23:46:54,009 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addlogpath', '/var/log/proftpd/auth.log']
2013-03-18 23:46:54,010 fail2ban.filter : INFO Added logfile = /var/log/proftpd/auth.log
2013-03-18 23:46:54,011 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'maxretry', '6']
2013-03-18 23:46:54,012 fail2ban.filter : INFO Set maxRetry = 6
2013-03-18 23:46:54,013 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addignoreip', '127.0.0.1/8']
2013-03-18 23:46:54,013 fail2ban.filter : DEBUG Add 127.0.0.1/8 to ignore list
2013-03-18 23:46:54,014 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'findtime', '600']
2013-03-18 23:46:54,014 fail2ban.filter : INFO Set findtime = 600
2013-03-18 23:46:54,015 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'bantime', '600']
2013-03-18 23:46:54,016 fail2ban.actions: INFO Set banTime = 600
2013-03-18 23:46:54,017 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+: no such user found from \\S+ \\[\\S+\\] to \\S+:\\S+ *$']
2013-03-18 23:46:54,021 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ USER \\S+ \\(Login failed\\): .*$']
2013-03-18 23:46:54,025 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ SECURITY VIOLATION: \\S+ login attempted\\. *$']
2013-03-18 23:46:54,029 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addfailregex', '\\(\\S+\\[<HOST>\\]\\)[: -]+ Maximum login attempts \\(\\d+\\) exceeded *$']
2013-03-18 23:46:54,033 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'addaction', 'iptables']
2013-03-18 23:46:54,034 fail2ban.actions.action: DEBUG Created Action
2013-03-18 23:46:54,035 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionban', 'iptables', 'iptables -I fail2ban-<name> 1 -s <ip> -j DROP']
2013-03-18 23:46:54,035 fail2ban.actions.action: DEBUG Set actionBan = iptables -I fail2ban-<name> 1 -s <ip> -j DROP
2013-03-18 23:46:54,036 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionstop', 'iptables', 'iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>\niptables -F fail2ban-<name>\niptables -X fail2ban-<name>']
2013-03-18 23:46:54,037 fail2ban.actions.action: DEBUG Set actionStop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
iptables -F fail2ban-<name>
iptables -X fail2ban-<name>
2013-03-18 23:46:54,038 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionstart', 'iptables', 'iptables -N fail2ban-<name>\niptables -A fail2ban-<name> -j RETURN\niptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>']
2013-03-18 23:46:54,038 fail2ban.actions.action: DEBUG Set actionStart = iptables -N fail2ban-<name>
iptables -A fail2ban-<name> -j RETURN
iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>
2013-03-18 23:46:54,040 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actionunban', 'iptables', 'iptables -D fail2ban-<name> -s <ip> -j DROP']
2013-03-18 23:46:54,040 fail2ban.actions.action: DEBUG Set actionUnban = iptables -D fail2ban-<name> -s <ip> -j DROP
2013-03-18 23:46:54,041 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'actioncheck', 'iptables', "iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \\t]'"]
2013-03-18 23:46:54,041 fail2ban.actions.action: DEBUG Set actionCheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'
2013-03-18 23:46:54,042 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'protocol', 'tcp']
2013-03-18 23:46:54,044 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'name', 'ProFTPD']
2013-03-18 23:46:54,045 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'chain', 'INPUT']
2013-03-18 23:46:54,046 fail2ban.comm : DEBUG Command: ['set', 'proftpd-iptables', 'setcinfo', 'iptables', 'port', 'ftp']
2013-03-18 23:46:54,047 fail2ban.comm : DEBUG Command: ['start', 'ssh-iptables']
2013-03-18 23:46:54,048 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:46:54,049 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:46:54,049 fail2ban.jail : INFO Jail 'ssh-iptables' started
2013-03-18 23:46:54,050 fail2ban.actions.action: DEBUG iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH
2013-03-18 23:46:54,053 fail2ban.comm : DEBUG Command: ['start', 'proftpd-iptables']
2013-03-18 23:46:54,054 fail2ban.filter : DEBUG /var/log/proftpd/auth.log has been modified
2013-03-18 23:46:54,055 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:46:54,058 fail2ban.actions.action: DEBUG iptables -N fail2ban-ProFTPD
iptables -A fail2ban-ProFTPD -j RETURN
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ProFTPD
2013-03-18 23:46:54,058 fail2ban.jail : INFO Jail 'proftpd-iptables' started
2013-03-18 23:46:54,096 fail2ban.actions.action: DEBUG iptables -N fail2ban-SSH
iptables -A fail2ban-SSH -j RETURN
iptables -I INPUT -p tcp --dport ssh -j fail2ban-SSH returned successfully
2013-03-18 23:46:54,112 fail2ban.actions.action: DEBUG iptables -N fail2ban-ProFTPD
iptables -A fail2ban-ProFTPD -j RETURN
iptables -I INPUT -p tcp --dport ftp -j fail2ban-ProFTPD returned successfully
2013-03-18 23:47:23,083 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:23,111 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:24,112 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:24,114 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:26,117 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:26,118 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:27,120 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:27,123 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:28,124 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:28,126 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:30,129 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:30,131 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:31,132 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:31,135 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:33,138 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:33,139 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:35,142 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:35,144 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:36,145 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:36,148 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:37,150 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:37,151 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:39,153 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:39,155 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:40,157 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:40,159 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:41,161 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:41,162 fail2ban.filter.datedetector: DEBUG Sorting the template list
2013-03-18 23:47:43,165 fail2ban.filter : DEBUG /var/log/sshd.log has been modified
2013-03-18 23:47:43,167 fail2ban.filter.datedetector: DEBUG Sorting the template list
Revise this Paste