Fail2Ban List des jails

shewy80 · Mai 8, 2018, 2:54pm

Bonjour
Juste une question / confirmation. J’ai mis en place Fail2Ban. J’ai activé la plupart des jail et j’en ai ajoutés qqunes de plus, grâce en partie à plusieurs tuto trouvé ici et là.

Lorsque je fais un “sudo fail2ban-client status”

J’obtiens cette réponse :

Status
|- Number of jail:      7
`- Jail list:           apache-w00tw00t, http-get-dos, apache-bruteforce, ssh, exim-spam, exim, apache-phpmyadmin

Tout semble pas trop mal, sauf que dans la liste des jail : il en manque !
(Il affiche en fait ceux que j’ai ajouté manuellement : Ce qui est peut-être normal)

Mais par précaution j’aimerai m’en assurer. Par exemple il manque pure-ftpd alors qu’il est bien enabled

[pure-ftpd]
enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = pure-ftpd
logpath  = /var/log/syslog
maxretry = 3

Leobo · Mai 8, 2018, 1:56pm

Ça a l’air normal !
Un p’tit bash à tester pour chopper tous les jails et leur statut (apparemment on peut pas faire plus simple, ahah).

#!/bin/bash

JAILS=`fail2ban-client status | grep "Jail list" | sed -E 's/^[^:]+:[ \t]+//' | sed 's/,//g'`
for JAIL in $JAILS
do
  fail2ban-client status $JAIL
done

Source : https://gist.github.com/kamermans/1076290

shewy80 · Mai 8, 2018, 6:43pm

Merci beaucoup de ta réponse. Me voilà rassuré j’avais un doute…
Le résultat de ton petit bash donne ça :

 Status for the jail: apache-w00tw00t
 |- filter
 |  |- File list:	/var/log/apache2/error.log 
 |  |- Currently failed:	0
 |  `- Total failed:	0
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0
 Status for the jail: http-get-dos
 |- filter
 |  |- File list:	/var/log/apache2/access.log 
 |  |- Currently failed:	0
 |  `- Total failed:	3
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0
 Status for the jail: apache-bruteforce
 |- filter
 |  |- File list:	/var/log/apache2/error.log 
 |  |- Currently failed:	0
 |  `- Total failed:	0
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0
 Status for the jail: ssh
 |- filter
 |  |- File list:	/var/log/auth.log 
 |  |- Currently failed:	3
 |  `- Total failed:	89
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	4
 Status for the jail: exim-spam
 |- filter
 |  |- File list:	/var/log/exim4/mainlog 
 |  |- Currently failed:	0
 |  `- Total failed:	0
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0
 Status for the jail: exim
 |- filter
 |  |- File list:	/var/log/exim4/mainlog 
 |  |- Currently failed:	0
 |  `- Total failed:	0
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0
 Status for the jail: apache-phpmyadmin
 |- filter
 |  |- File list:	/var/log/apache2/error.log 
 |  |- Currently failed:	0
 |  `- Total failed:	0
 `- action
    |- Currently banned:	0
    |  `- IP list:	
    `- Total banned:	0

Mais tjrs pas de pure-ftpd dans la liste ??

Leobo · Mai 8, 2018, 4:10pm

Que renvoie

pure-ftpwho

(sans doute à lancer en root) ?

shewy80 · Mai 8, 2018, 5:21pm

+------+---------+-------+------+-------------------------------------------+
| PID  |  Login  |For/Spd| What |                 File/IP                   |
+------+---------+-------+------+-------------------------------------------+
| 1928 | webmaster| 04:29 | IDLE |                                           |
|  ''  |    ''   |   ''  |  ''  | ->LFbn-AMI-1-238-210.w86-208.abo.wanadoo. |
+------+---------+-------+------+-------------------------------------------+

Leobo · Mai 8, 2018, 5:21pm

Pour que tes copiés-collés soient plus lisibles, tu peux les encadrer de :
```text
(contenu)
```
(Merci à @MicP pour l’info, c’est lui qui a aussi corrigé ton premier post de cette façon.)

Sinon ton pure-ftpd semble tout ce qu’il y a de plus opérant.

L’extrait que tu nous as partagé au premier post provient de jail.conf ?
Qu’en est-il de pure-ftpd.conf ?

shewy80 · Mai 8, 2018, 9:26pm

Merci pour l’info de mise en forme : j’ai corrigé mon précédent post.

pure-ftpd est opérant : oui je me connecte.

L’extrait que j’ai partagé sur le premier post provient effectivement de jail.conf

Concernant “pure-ftpd.conf” (celui de /etc/fail2ban/filter.d ) je n’y ai pas touché.

# Fail2Ban filter for pureftp
#
# Disable hostname based logging by:
#
# Start pure-ftpd with the -H switch or on Ubuntu 'echo yes > /etc/pure-ftpd/conf/DontResolve'
#
#

[INCLUDES]

before = common.conf

[Definition]

_daemon = pure-ftpd

# Error message specified in multiple languages
__errmsg = (?:�ϥΪ�\[.*\]���ҥ���|ʹ����\[.*\]��֤ʧ��|\[.*\] kullan�c�s� i�in giri� hatal�|����������� �� ������� ������������ \[.*\]|Godkjennelse mislyktes for \[.*\]|Beh�righetskontroll misslyckas f�r anv�ndare \[.*\]|Autentifikacia uzivatela zlyhala \[.*\]|Autentificare esuata pentru utilizatorul \[.*\]|Autentica��o falhou para usu�rio \[.*\]|Autentyfikacja nie powiod�a si� dla u�ytkownika \[.*\]|Autorisatie faalde voor gebruiker \[.*\]|\[.*\] ��� ���� ����|Autenticazione falita per l'utente \[.*\]|Azonos�t�s sikertelen \[.*\] felhaszn�l�nak|\[.*\] c'est un batard, il connait pas son code|Erreur d'authentification pour l'utilisateur \[.*\]|Autentificaci�n fallida para el usuario \[.*\]|Authentication failed for user \[.*\]|Authentifizierung fehlgeschlagen f�r Benutzer \[.*\].|Godkendelse mislykkedes for \[.*\]|Autentifikace u�ivatele selhala \[.*\])

failregex = ^%(__prefix_line)s\(.+?@<HOST>\) \[WARNING\] %(__errmsg)s\s*$

ignoreregex = 

# Author: Cyril Jaquier
# Modified: Yaroslav Halchenko for pure-ftpd
# Documentation thanks to Blake on http://www.fail2ban.org/wiki/index.php?title=Fail2ban:Community_Portal
#
# Only logs to syslog though facility can be changed configuration file/command line
#
# fgrep -r MSG_AUTH_FAILED_LOG pure-ftpd-1.0.36/src

Mais sinon pour info voici la totalité de mon fichier jail.conf. Tu remarqueras que d’autres JAIL devraient être opérationnelles mais elles n’apparaissent pas non plus.

# Fail2Ban configuration file.
#
# This file was composed for Debian systems from the original one
# provided now under /usr/share/doc/fail2ban/examples/jail.conf
# for additional examples.
#
# Comments: use '#' for comment lines and ';' for inline comments
#
# To avoid merges during upgrades DO NOT MODIFY THIS FILE
# and rather provide your changes in /etc/fail2ban/jail.local
#

# The DEFAULT allows a global definition of the options. They can be overridden
# in each jail afterwards.

[DEFAULT]

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space separator.
ignoreip = 127.0.0.1/8 

# External command that will take an tagged arguments to ignore, e.g. <ip>,
# and return true if the IP is to be ignored. False otherwise.
#
# ignorecommand = /path/to/command <ip>
ignorecommand =

# "bantime" is the number of seconds that a host is banned.
bantime  = 3600

# A host is banned if it has generated "maxretry" during the last "findtime"
# seconds.
findtime = 600
maxretry = 2

# "backend" specifies the backend used to get files modification.
# Available options are "pyinotify", "gamin", "polling" and "auto".
# This option can be overridden in each jail as well.
#
# pyinotify: requires pyinotify (a file alteration monitor) to be installed.
#            If pyinotify is not installed, Fail2ban will use auto.
# gamin:     requires Gamin (a file alteration monitor) to be installed.
#            If Gamin is not installed, Fail2ban will use auto.
# polling:   uses a polling algorithm which does not require external libraries.
# auto:      will try to use the following backends, in order:
#            pyinotify, gamin, polling.
backend = auto

# "usedns" specifies if jails should trust hostnames in logs,
#   warn when reverse DNS lookups are performed, or ignore all hostnames in logs
#
# yes:   if a hostname is encountered, a reverse DNS lookup will be performed.
# warn:  if a hostname is encountered, a reverse DNS lookup will be performed,
#        but it will be logged as a warning.
# no:    if a hostname is encountered, will not be used for banning,
#        but it will be logged as info.
usedns = warn

#
# Destination email address used solely for the interpolations in
# jail.{conf,local} configuration files.
destemail = shewy80@gmail.com

#
# Name of the sender for mta actions
sendername = Fail2Ban

# Email address of the sender
sender = fail2ban@localhost

#
# ACTIONS
#

# Default banning action (e.g. iptables, iptables-new,
# iptables-multiport, shorewall, etc) It is used to define
# action_* variables. Can be overridden globally or per
# section within jail.local file
banaction = iptables-multiport

# email action. Since 0.8.1 upstream fail2ban uses sendmail
# MTA for the mailing. Change mta configuration parameter to mail
# if you want to revert to conventional 'mail'.
mta = sendmail

# Default protocol
protocol = tcp

# Specify chain where jumps would need to be added in iptables-* actions
chain = INPUT

#
# Action shortcuts. To be used to define action parameter

# The simplest action to take: ban only
action_ = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]

# ban & send an e-mail with whois report to the destemail.
action_mw = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
              %(mta)s-whois[name=%(__name__)s, dest="%(destemail)s", protocol="%(protocol)s", chain="%(chain)s", sendername="%(sendername)s"]

# ban & send an e-mail with whois report and relevant log lines
# to the destemail.
action_mwl = %(banaction)s[name=%(__name__)s, port="%(port)s", protocol="%(protocol)s", chain="%(chain)s"]
               %(mta)s-whois-lines[name=%(__name__)s, dest="%(destemail)s", logpath=%(logpath)s, chain="%(chain)s", sendername="%(sendername)s"]

# Choose default action.  To change, just override value of 'action' with the
# interpolation to the chosen action shortcut (e.g.  action_mw, action_mwl, etc) in jail.local
# globally (section [DEFAULT]) or per specific section
action = %(action_)s

#
# JAILS
#

# Next jails corresponds to the standard configuration in Fail2ban 0.6 which
# was shipped in Debian. Enable any defined here jail by including
#
# [SECTION_NAME]
# enabled = true

#
# in /etc/fail2ban/jail.local.
#
# Optionally you may override any other parameter (e.g. banaction,
# action, port, logpath, etc) in that section within jail.local

[ssh]

enabled  = true
port     = ssh
filter   = sshd
logpath  = /var/log/auth.log
# maxretry = 3

[dropbear]

enabled  = true
port     = ssh
filter   = dropbear
logpath  = /var/log/auth.log
# maxretry = 3

# Generic filter for pam. Has to be used with action which bans all ports
# such as iptables-allports, shorewall

[pam-generic]

enabled  = true
# pam-generic filter can be customized to monitor specific subset of 'tty's
filter   = pam-generic
# port actually must be irrelevant but lets leave it all for some possible uses
port     = all
banaction = iptables-allports
port     = anyport
logpath  = /var/log/auth.log
# maxretry = 6

[xinetd-fail]

enabled   = true
filter    = xinetd-fail
port      = all
banaction = iptables-multiport-log
logpath   = /var/log/daemon.log
# maxretry  = 2


[ssh-ddos]

enabled  = true
port     = ssh
filter   = sshd-ddos
logpath  = /var/log/auth.log
# maxretry = 6


# Here we use blackhole routes for not requiring any additional kernel support
# to store large volumes of banned IPs

[ssh-route]

enabled = true
filter = sshd
action = route
logpath = /var/log/sshd.log
# maxretry = 6

# Here we use a combination of Netfilter/Iptables and IPsets
# for storing large volumes of banned IPs
#
# IPset comes in two versions. See ipset -V for which one to use
# requires the ipset package and kernel support.
[ssh-iptables-ipset4]

enabled  = true
port     = ssh
filter   = sshd
banaction = iptables-ipset-proto4
logpath  = /var/log/sshd.log
# maxretry = 6

[ssh-iptables-ipset6]

enabled  = true
port     = ssh
filter   = sshd
banaction = iptables-ipset-proto6
logpath  = /var/log/sshd.log
# maxretry = 6


[http-get-dos]
enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/error.log
maxretry = 360
findtime = 150
action = iptables[name=HTTP, port=http, protocol=tcp]
bantime = 600


#
# HTTP servers
#

[apache-phpmyadmin]

enabled = true
port = http,https
filter = apache-phpmyadmin
logpath = /var/log/apache*/*error.log
maxretry = 3


[apache-w00tw00t]

enabled = true
port = 80,443
action = %(action_mwl)s
filter = apache-w00tw00t
logpath = /var/log/apache*/*error.log
maxretry = 1


[apache-bruteforce]

enabled = true
filter = apache-bruteforce
action = iptables[name=Apache-bruteforce,port=80,protocol=tcp]
logpath = /var/log/apache*/error*.log
maxretry = 1


[apache]

enabled  = true
port     = http,https
filter   = apache-auth
logpath  = /var/log/apache*/*error.log
maxretry = 6

# default action is now multiport, so apache-multiport jail was left
# for compatibility with previous (<0.7.6-2) releases
[apache-multiport]

enabled   = true
port      = http,https
filter    = apache-auth
logpath   = /var/log/apache*/*error.log
maxretry  = 6

[apache-noscript]

enabled  = true
port     = http,https
filter   = apache-noscript
logpath  = /var/log/apache*/*error.log
maxretry = 6

[apache-overflows]

enabled  = false
port     = http,https
filter   = apache-overflows
logpath  = /var/log/apache*/*error.log
maxretry = 2

[apache-modsecurity]

enabled  = true
filter   = apache-modsecurity
port     = http,https
logpath  = /var/log/apache*/*error.log
maxretry = 2

[apache-nohome]

enabled  = true
filter   = apache-nohome
port     = http,https
logpath  = /var/log/apache*/*error.log
maxretry = 2

[http-get-dos]

enabled = true
port = http,https
filter = http-get-dos
logpath = /var/log/apache2/access.log
maxretry = 360
findtime = 120
action = iptables[name=HTTP, port=http, protocol=tcp]
mail-whois-lines[name=%(__name__)s, dest=%(destemail)s, logpath=%(logpath)s]
bantime = 600


# Ban attackers that try to use PHP's URL-fopen() functionality
# through GET/POST variables. - Experimental, with more than a year
# of usage in production environments.

[php-url-fopen]

enabled = true
port    = http,https
filter  = php-url-fopen
logpath = /var/www/*/logs/access_log

# A simple PHP-fastcgi jail which works with lighttpd.
# If you run a lighttpd server, then you probably will
# find these kinds of messages in your error_log:
#   ALERT – tried to register forbidden variable ‘GLOBALS’
#   through GET variables (attacker '1.2.3.4', file '/var/www/default/htdocs/index.php')

[lighttpd-fastcgi]

enabled = true
port    = http,https
filter  = lighttpd-fastcgi
logpath = /var/log/lighttpd/error.log

# Same as above for mod_auth
# It catches wrong authentifications

[lighttpd-auth]

enabled = true
port    = http,https
filter  = suhosin
logpath = /var/log/lighttpd/error.log

[nginx-http-auth]

enabled = false
filter  = nginx-http-auth
port    = http,https
logpath = /var/log/nginx/error.log

# Monitor roundcube server

[roundcube-auth]

enabled  = false
filter   = roundcube-auth
port     = http,https
logpath  = /var/log/roundcube/userlogins


[sogo-auth]

enabled  = false
filter   = sogo-auth
port     = http, https
# without proxy this would be:
# port    = 20000
logpath  = /var/log/sogo/sogo.log


#
# FTP servers
#

[vsftpd]

enabled  = false
port     = ftp,ftp-data,ftps,ftps-data
filter   = vsftpd
logpath  = /var/log/vsftpd.log
# or overwrite it in jails.local to be
# logpath = /var/log/auth.log
# if you want to rely on PAM failed login attempts
# vsftpd's failregex should match both of those formats
maxretry = 6


[proftpd]

enabled  = false
port     = ftp,ftp-data,ftps,ftps-data
filter   = proftpd
logpath  = /var/log/proftpd/proftpd.log
maxretry = 6


[pure-ftpd]

enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = pure-ftpd
logpath  = /var/log/syslog
maxretry = 3


[wuftpd]

enabled  = false
port     = ftp,ftp-data,ftps,ftps-data
filter   = wuftpd
logpath  = /var/log/syslog
maxretry = 6


#
# Mail servers
#

[postfix]

enabled  = false
port     = smtp,ssmtp,submission
filter   = postfix
logpath  = /var/log/mail.log


[couriersmtp]

enabled  = false
port     = smtp,ssmtp,submission
filter   = couriersmtp
logpath  = /var/log/mail.log


[exim]

port   = smtp,465,submission
logpath = /var/log/exim4/mainlog


[exim-spam]

port   = smtp,465,submission
logpath = /var/log/exim4/mainlog



#
# Mail servers authenticators: might be used for smtp,ftp,imap servers, so
# all relevant ports get banned
#

[courierauth]

enabled  = true
port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter   = courierlogin
logpath  = /var/log/mail.log


[sasl]

enabled  = false
port     = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter   = postfix-sasl
# You might consider monitoring /var/log/mail.warn instead if you are
# running postfix since it would provide the same log lines at the
# "warn" level but overall at the smaller filesize.
logpath  = /var/log/mail.log

[dovecot]

enabled = false
port    = smtp,ssmtp,submission,imap2,imap3,imaps,pop3,pop3s
filter  = dovecot
logpath = /var/log/mail.log

# To log wrong MySQL access attempts add to /etc/my.cnf:
# log-error=/var/log/mysqld.log
# log-warning = 2

[mysqld-auth]

enabled  = true
filter   = mysqld-auth
port     = 3306
logpath  = /var/log/mysql/error.log


# DNS Servers


# These jails block attacks against named (bind9). By default, logging is off
# with bind9 installation. You will need something like this:
#
# logging {
#     channel security_file {
#         file "/var/log/named/security.log" versions 3 size 30m;
#         severity dynamic;
#         print-time yes;
#     };
#     category security {
#         security_file;
#     };
# };
#
# in your named.conf to provide proper logging

# !!! WARNING !!!
#   Since UDP is connection-less protocol, spoofing of IP and imitation
#   of illegal actions is way too simple.  Thus enabling of this filter
#   might provide an easy way for implementing a DoS against a chosen
#   victim. See
#    http://nion.modprobe.de/blog/archives/690-fail2ban-+-dns-fail.html
#   Please DO NOT USE this jail unless you know what you are doing.
#[named-refused-udp]
#
#enabled  = false
#port     = domain,953
#protocol = udp
#filter   = named-refused
#logpath  = /var/log/named/security.log

[named-refused-tcp]

enabled  = false
port     = domain,953
protocol = tcp
filter   = named-refused
logpath  = /var/log/named/security.log

[freeswitch]

enabled  = false
filter   = freeswitch
logpath  = /var/log/freeswitch.log
maxretry = 10
action   = iptables-multiport[name=freeswitch-tcp, port="5060,5061,5080,5081", protocol=tcp]
           iptables-multiport[name=freeswitch-udp, port="5060,5061,5080,5081", protocol=udp]

[ejabberd-auth]

enabled  = false
filter   = ejabberd-auth
port     = xmpp-client
protocol = tcp
logpath  = /var/log/ejabberd/ejabberd.log


# Multiple jails, 1 per protocol, are necessary ATM:
# see https://github.com/fail2ban/fail2ban/issues/37
[asterisk-tcp]

enabled  = false
filter   = asterisk
port     = 5060,5061
protocol = tcp
logpath  = /var/log/asterisk/messages

[asterisk-udp]

enabled  = false
filter	 = asterisk
port     = 5060,5061
protocol = udp
logpath  = /var/log/asterisk/messages


# Jail for more extended banning of persistent abusers
# !!! WARNING !!!
#   Make sure that your loglevel specified in fail2ban.conf/.local
#   is not at DEBUG level -- which might then cause fail2ban to fall into
#   an infinite loop constantly feeding itself with non-informative lines
[recidive]

enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
action   = iptables-allports[name=recidive]
           sendmail-whois-lines[name=recidive, logpath=/var/log/fail2ban.log]
bantime  = 604800  ; 1 week
findtime = 86400   ; 1 day
maxretry = 5

# See the IMPORTANT note in action.d/blocklist_de.conf for when to
# use this action
#
# Report block via blocklist.de fail2ban reporting service API
# See action.d/blocklist_de.conf for more information
[ssh-blocklist]

enabled  = false
filter   = sshd
action   = iptables[name=SSH, port=ssh, protocol=tcp]
           sendmail-whois[name=SSH, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
           blocklist_de[email="%(sender)s", apikey="xxxxxx", service="%(filter)s"]
logpath  = /var/log/sshd.log
maxretry = 20


# consider low maxretry and a long bantime
# nobody except your own Nagios server should ever probe nrpe

[nagios]
enabled  = false
filter   = nagios
action   = iptables[name=Nagios, port=5666, protocol=tcp]
           sendmail-whois[name=Nagios, dest="%(destemail)s", sender="%(sender)s", sendername="%(sendername)s"]
logpath  = /var/log/messages     ; nrpe.cfg may define a different log_facility
maxretry = 1

Leobo · Mai 8, 2018, 6:30pm

Tu as touché au jail.conf ?
Ce n’est pas conseillé (à cause des MÀJ qui écraseront tes modifs). Il vaut mieux créer un fichier à part ici :

sudo touch /etc/fail2ban/jail.d/modifs.conf

(“modifs” ou ce que tu veux.)
Et là tu peux écrire manuellement les services que tu veux activer. Genre :

[pure-ftpd]
enabled = true

Et enfin ne pas oublier un petit

sudo systemctl restart fail2ban

C’est comme ça que tu as procédé ?

shewy80 · Mai 8, 2018, 6:28pm

Oui j’ai travaillé directement sur le fichier jail.conf … oup’s
mais avant ça j’en ai fait une copie vers “jail.local”

Je vais donc remettre “jail.conf” comme il était et créer un “jailperso.conf” à partir du jail.conf actuel

Concernant l’activation j’ai un enabled = true
mais toi tu m’indiques un enable = true
Probablement une faute de frappe de ta part ?

Concernant le restart je faisais plutot un

/etc/init.d/fail2ban restart

Edit :
Voilà je viens de modifier les fichiers : j’ai d’ailleurs créé le fichier perso dans /etc/fail2ban/jail.d, alors que je travaillais dans /etc/fail2ban.
Après un restart : toujours pareil : 7 jail …

Leobo · Mai 8, 2018, 6:31pm

Oui désolé, j’ai corrigé.

Quelle commande as-tu utilisée ?

shewy80 · Mai 8, 2018, 6:31pm

sudo systemctl restart fail2ban

Leobo · Mai 8, 2018, 6:45pm

Côté logs ça donne quoi ?

/var/log/fail2ban.log

shewy80 · Mai 8, 2018, 6:49pm

Il a beaucoup causé aujourd’hui
Je dois poster en 2 fois

2018-05-08 04:51:36,964 fail2ban.actions[506]: WARNING [ssh] Ban 126.42.114.151
2018-05-08 05:01:37,575 fail2ban.actions[506]: WARNING [ssh] Unban 126.42.114.151
2018-05-08 05:59:37,202 fail2ban.actions[506]: WARNING [ssh] Ban 103.99.2.69
2018-05-08 06:09:37,903 fail2ban.actions[506]: WARNING [ssh] Unban 103.99.2.69
2018-05-08 08:26:59,305 fail2ban.actions[506]: WARNING [ssh] Ban 218.65.30.123
2018-05-08 08:37:00,009 fail2ban.actions[506]: WARNING [ssh] Unban 218.65.30.123
2018-05-08 08:39:18,177 fail2ban.actions[506]: WARNING [ssh] Ban 218.65.30.123
2018-05-08 08:49:18,858 fail2ban.actions[506]: WARNING [ssh] Unban 218.65.30.123
2018-05-08 08:54:18,207 fail2ban.actions[506]: WARNING [ssh] Ban 218.65.30.123
2018-05-08 09:04:18,899 fail2ban.actions[506]: WARNING [ssh] Unban 218.65.30.123
2018-05-08 11:57:12,243 fail2ban.actions[506]: WARNING [ssh] Ban 103.99.2.69
2018-05-08 12:07:12,949 fail2ban.actions[506]: WARNING [ssh] Unban 103.99.2.69
2018-05-08 13:54:26,128 fail2ban.server [506]: INFO    Stopping all jails
2018-05-08 13:54:26,493 fail2ban.actions.action[506]: ERROR   iptables -D INPUT -p tcp -m multiport --dports ssh -j fail2ban-ssh
iptables -F fail2ban-ssh
iptables -X fail2ban-ssh returned 100
2018-05-08 13:54:26,494 fail2ban.jail   [506]: INFO    Jail 'ssh' stopped
2018-05-08 13:54:26,494 fail2ban.server [506]: INFO    Exiting Fail2ban
2018-05-08 14:11:23,441 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:11:23,442 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:11:23,461 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:11:23,477 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:11:23,478 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:11:23,479 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:11:23,480 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:11:23,481 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:11:23,509 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:11:23,509 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:11:23,512 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:11:23,513 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:11:23,514 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:11:23,515 fail2ban.filter [2232]: INFO    Set findtime = 150
2018-05-08 14:11:23,516 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:11:23,520 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:11:23,520 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:11:23,523 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:11:23,524 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:11:23,525 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:11:23,526 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:11:23,526 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:11:23,534 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:11:23,534 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:11:23,537 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:11:23,538 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:11:23,539 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:11:23,540 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:11:23,540 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:11:23,545 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:11:23,548 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:11:23,550 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:11:23,551 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:14:04,443 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 14:14:04,788 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 14:14:05,726 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 14:14:06,724 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 14:14:06,740 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 14:14:06,742 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:14:06,743 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:14:06,743 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:14:06,747 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:14:06,748 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:14:06,749 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:14:06,751 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:14:06,751 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:14:06,764 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:14:06,764 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:14:06,767 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:14:06,769 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:14:06,769 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:14:06,771 fail2ban.filter [2232]: INFO    Set findtime = 150
2018-05-08 14:14:06,771 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:14:06,775 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 14:14:06,775 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 14:14:06,779 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:14:06,780 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:14:06,781 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:14:06,782 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:14:06,782 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:14:06,787 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:14:06,787 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:14:06,790 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:14:06,791 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:14:06,792 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:14:06,793 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:14:06,794 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:14:06,801 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:14:06,801 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:14:06,805 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:14:06,806 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:14:06,806 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:14:06,808 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:14:06,808 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:14:06,812 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:14:06,815 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:14:06,817 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 14:14:06,819 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:14:06,822 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:17:17,983 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 14:17:18,099 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 14:17:19,037 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 14:17:19,086 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 14:17:20,044 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 14:17:20,078 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 14:17:20,079 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:17:20,080 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:17:20,080 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:17:20,084 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:17:20,085 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:17:20,085 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:17:20,087 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:17:20,087 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:17:20,102 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:17:20,102 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:17:20,105 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:17:20,106 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 14:17:20,107 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:17:20,108 fail2ban.filter [2232]: INFO    Set findtime = 120
2018-05-08 14:17:20,109 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:17:20,113 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 14:17:20,113 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 14:17:20,116 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:17:20,117 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:17:20,117 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:17:20,119 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:17:20,119 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:17:20,123 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:17:20,123 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:17:20,126 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:17:20,127 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:17:20,128 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:17:20,129 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:17:20,129 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:17:20,137 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:17:20,137 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:17:20,140 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:17:20,141 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:17:20,141 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:17:20,143 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:17:20,143 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:17:20,147 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:17:20,149 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:17:20,151 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 14:17:20,152 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:17:20,155 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:29:40,567 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 14:29:40,991 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 14:29:41,891 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 14:29:41,982 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 14:29:42,965 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 14:29:43,966 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 14:29:43,967 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:29:43,968 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:29:43,968 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:29:43,971 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:43,972 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:29:43,973 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:29:43,974 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:43,975 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:43,988 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:29:43,988 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:29:43,991 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:43,992 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 14:29:43,993 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:29:43,994 fail2ban.filter [2232]: INFO    Set findtime = 120
2018-05-08 14:29:43,995 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:43,998 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 14:29:43,998 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 14:29:44,001 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:44,002 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:29:44,003 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:29:44,004 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:44,004 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:44,008 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:29:44,008 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:29:44,011 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:44,012 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:29:44,013 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:29:44,014 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:44,014 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:44,022 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:29:44,022 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:29:44,025 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:44,026 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:29:44,026 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:29:44,028 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:44,028 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:44,032 fail2ban.jail   [2232]: INFO    Creating new jail 'exim'
2018-05-08 14:29:44,032 fail2ban.jail   [2232]: INFO    Jail 'exim' uses pyinotify
2018-05-08 14:29:44,035 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:44,036 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:29:44,036 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:29:44,038 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:44,038 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:44,042 fail2ban.jail   [2232]: INFO    Creating new jail 'exim-spam'
2018-05-08 14:29:44,042 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 14:29:44,045 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:29:44,046 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:29:44,046 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:29:44,047 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:29:44,048 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:29:44,052 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:29:44,054 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:29:44,056 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 14:29:44,057 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:29:44,060 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:29:44,063 fail2ban.jail   [2232]: INFO    Jail 'exim' started
2018-05-08 14:29:44,065 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' started
2018-05-08 14:32:30,393 fail2ban.comm   [2232]: WARNING Command ['restart'] has failed. Received Exception('Invalid command',)
2018-05-08 14:32:37,824 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 14:32:38,385 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 14:32:39,166 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 14:32:39,435 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 14:32:40,166 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 14:32:40,433 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' stopped
2018-05-08 14:32:41,400 fail2ban.jail   [2232]: INFO    Jail 'exim' stopped
2018-05-08 14:32:42,168 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 14:32:42,169 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:32:42,169 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:32:42,169 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:32:42,173 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,174 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:32:42,175 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:32:42,176 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,177 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,190 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:32:42,191 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:32:42,194 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,195 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 14:32:42,195 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:32:42,197 fail2ban.filter [2232]: INFO    Set findtime = 120
2018-05-08 14:32:42,197 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,201 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 14:32:42,201 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 14:32:42,204 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,205 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:32:42,205 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:32:42,207 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,207 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,211 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:32:42,211 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:32:42,214 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,215 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:32:42,215 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:32:42,217 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,217 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,224 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:32:42,224 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:32:42,227 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,228 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:32:42,229 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:32:42,230 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,230 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,234 fail2ban.jail   [2232]: INFO    Creating new jail 'exim'
2018-05-08 14:32:42,234 fail2ban.jail   [2232]: INFO    Jail 'exim' uses pyinotify
2018-05-08 14:32:42,236 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,237 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:32:42,238 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:32:42,239 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,240 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,243 fail2ban.jail   [2232]: INFO    Creating new jail 'exim-spam'
2018-05-08 14:32:42,243 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 14:32:42,246 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:32:42,247 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:32:42,248 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:32:42,249 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:32:42,249 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:32:42,253 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:32:42,255 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:32:42,257 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 14:32:42,258 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:32:42,261 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:32:42,263 fail2ban.jail   [2232]: INFO    Jail 'exim' started
2018-05-08 14:32:42,265 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' started
2018-05-08 14:36:20,413 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 14:36:20,612 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 14:36:21,508 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 14:36:21,692 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 14:36:22,513 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 14:36:22,660 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' stopped
2018-05-08 14:36:23,583 fail2ban.jail   [2232]: INFO    Jail 'exim' stopped
2018-05-08 14:36:24,486 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 14:36:24,487 fail2ban.server [2232]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 14:36:24,487 fail2ban.jail   [2232]: INFO    Creating new jail 'ssh'
2018-05-08 14:36:24,487 fail2ban.jail   [2232]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 14:36:24,491 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,493 fail2ban.filter [2232]: INFO    Added logfile = /var/log/auth.log
2018-05-08 14:36:24,493 fail2ban.filter [2232]: INFO    Set maxRetry = 6
2018-05-08 14:36:24,495 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,495 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,508 fail2ban.jail   [2232]: INFO    Creating new jail 'http-get-dos'
2018-05-08 14:36:24,508 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 14:36:24,512 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,513 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 14:36:24,513 fail2ban.filter [2232]: INFO    Set maxRetry = 360
2018-05-08 14:36:24,515 fail2ban.filter [2232]: INFO    Set findtime = 120
2018-05-08 14:36:24,515 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,519 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 14:36:24,519 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 14:36:24,522 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,523 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:36:24,523 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:36:24,525 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,525 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,529 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 14:36:24,529 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 14:36:24,533 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,534 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:36:24,535 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:36:24,536 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,537 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,546 fail2ban.jail   [2232]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 14:36:24,546 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 14:36:24,549 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,550 fail2ban.filter [2232]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 14:36:24,551 fail2ban.filter [2232]: INFO    Set maxRetry = 1
2018-05-08 14:36:24,552 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,552 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,556 fail2ban.jail   [2232]: INFO    Creating new jail 'exim'
2018-05-08 14:36:24,556 fail2ban.jail   [2232]: INFO    Jail 'exim' uses pyinotify
2018-05-08 14:36:24,559 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,560 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:36:24,561 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:36:24,562 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,562 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,566 fail2ban.jail   [2232]: INFO    Creating new jail 'exim-spam'
2018-05-08 14:36:24,566 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 14:36:24,569 fail2ban.jail   [2232]: INFO    Initiated 'pyinotify' backend
2018-05-08 14:36:24,570 fail2ban.filter [2232]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 14:36:24,571 fail2ban.filter [2232]: INFO    Set maxRetry = 3
2018-05-08 14:36:24,572 fail2ban.filter [2232]: INFO    Set findtime = 600
2018-05-08 14:36:24,573 fail2ban.actions[2232]: INFO    Set banTime = 600
2018-05-08 14:36:24,576 fail2ban.jail   [2232]: INFO    Jail 'ssh' started
2018-05-08 14:36:24,579 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' started
2018-05-08 14:36:24,581 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 14:36:24,582 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 14:36:24,585 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' started
2018-05-08 14:36:24,587 fail2ban.jail   [2232]: INFO    Jail 'exim' started
2018-05-08 14:36:24,589 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' started
2018-05-08 14:38:00,148 fail2ban.comm   [2232]: WARNING Command ['status', '--all'] has failed. Received UnknownJailException('--all',)
2018-05-08 14:38:15,323 fail2ban.comm   [2232]: WARNING Command ['status', '-all'] has failed. Received UnknownJailException('-all',)
2018-05-08 14:38:30,724 fail2ban.actions[2232]: WARNING [ssh] Ban 122.2.223.242
2018-05-08 14:48:31,322 fail2ban.actions[2232]: WARNING [ssh] Unban 122.2.223.242
2018-05-08 15:56:42,308 fail2ban.actions[2232]: WARNING [ssh] Ban 5.188.10.185
2018-05-08 16:06:42,907 fail2ban.actions[2232]: WARNING [ssh] Unban 5.188.10.185
2018-05-08 16:23:07,716 fail2ban.actions[2232]: WARNING [ssh] Ban 103.99.2.69
2018-05-08 16:33:08,180 fail2ban.actions[2232]: WARNING [ssh] Unban 103.99.2.69
2018-05-08 16:58:49,596 fail2ban.actions[2232]: WARNING [ssh] Ban 103.99.0.190
2018-05-08 17:08:50,270 fail2ban.actions[2232]: WARNING [ssh] Unban 103.99.0.190
2018-05-08 18:50:56,762 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181

shewy80 · Mai 8, 2018, 6:50pm

La suite

2018-05-08 19:00:57,329 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 19:04:23,463 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 19:14:24,106 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 19:15:59,223 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 19:25:59,658 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 19:28:02,809 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 19:32:00,024 fail2ban.actions[2232]: WARNING [ssh] Ban 42.7.26.60
2018-05-08 19:38:03,319 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 19:39:20,414 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 19:42:00,516 fail2ban.actions[2232]: WARNING [ssh] Unban 42.7.26.60
2018-05-08 19:49:21,026 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 19:51:26,165 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:01:26,840 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:02:39,897 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:12:40,579 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:14:40,673 fail2ban.actions[2232]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:24:07,700 fail2ban.server [2232]: INFO    Stopping all jails
2018-05-08 20:24:07,825 fail2ban.jail   [2232]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 20:24:08,002 fail2ban.jail   [2232]: INFO    Jail 'http-get-dos' stopped
2018-05-08 20:24:08,301 fail2ban.jail   [2232]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 20:24:09,297 fail2ban.actions[2232]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:24:09,306 fail2ban.jail   [2232]: INFO    Jail 'ssh' stopped
2018-05-08 20:24:10,022 fail2ban.jail   [2232]: INFO    Jail 'exim-spam' stopped
2018-05-08 20:24:10,082 fail2ban.jail   [2232]: INFO    Jail 'exim' stopped
2018-05-08 20:24:10,808 fail2ban.jail   [2232]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 20:24:10,809 fail2ban.server [2232]: INFO    Exiting Fail2ban
2018-05-08 20:24:11,304 fail2ban.server [6562]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 20:24:11,304 fail2ban.jail   [6562]: INFO    Creating new jail 'ssh'
2018-05-08 20:24:11,321 fail2ban.jail   [6562]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 20:24:11,335 fail2ban.jail   [6562]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:24:11,336 fail2ban.filter [6562]: INFO    Added logfile = /var/log/auth.log
2018-05-08 20:24:11,337 fail2ban.filter [6562]: INFO    Set maxRetry = 6
2018-05-08 20:24:11,338 fail2ban.filter [6562]: INFO    Set findtime = 600
2018-05-08 20:24:11,339 fail2ban.actions[6562]: INFO    Set banTime = 600
2018-05-08 20:24:11,366 fail2ban.jail   [6562]: INFO    Jail 'ssh' started
2018-05-08 20:26:14,600 fail2ban.server [6562]: INFO    Stopping all jails
2018-05-08 20:26:15,536 fail2ban.jail   [6562]: INFO    Jail 'ssh' stopped
2018-05-08 20:26:15,537 fail2ban.server [6562]: INFO    Exiting Fail2ban
2018-05-08 20:26:16,270 fail2ban.server [6614]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 20:26:16,270 fail2ban.jail   [6614]: INFO    Creating new jail 'ssh'
2018-05-08 20:26:16,287 fail2ban.jail   [6614]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 20:26:16,301 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,302 fail2ban.filter [6614]: INFO    Added logfile = /var/log/auth.log
2018-05-08 20:26:16,303 fail2ban.filter [6614]: INFO    Set maxRetry = 6
2018-05-08 20:26:16,304 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,305 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,334 fail2ban.jail   [6614]: INFO    Creating new jail 'http-get-dos'
2018-05-08 20:26:16,334 fail2ban.jail   [6614]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 20:26:16,338 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,339 fail2ban.filter [6614]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 20:26:16,340 fail2ban.filter [6614]: INFO    Set maxRetry = 360
2018-05-08 20:26:16,342 fail2ban.filter [6614]: INFO    Set findtime = 120
2018-05-08 20:26:16,342 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,347 fail2ban.jail   [6614]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 20:26:16,347 fail2ban.jail   [6614]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 20:26:16,350 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,351 fail2ban.filter [6614]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:26:16,352 fail2ban.filter [6614]: INFO    Set maxRetry = 3
2018-05-08 20:26:16,353 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,354 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,359 fail2ban.jail   [6614]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 20:26:16,359 fail2ban.jail   [6614]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 20:26:16,362 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,363 fail2ban.filter [6614]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:26:16,363 fail2ban.filter [6614]: INFO    Set maxRetry = 1
2018-05-08 20:26:16,365 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,365 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,374 fail2ban.jail   [6614]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 20:26:16,374 fail2ban.jail   [6614]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 20:26:16,378 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,379 fail2ban.filter [6614]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:26:16,379 fail2ban.filter [6614]: INFO    Set maxRetry = 1
2018-05-08 20:26:16,381 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,381 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,386 fail2ban.jail   [6614]: INFO    Creating new jail 'exim'
2018-05-08 20:26:16,386 fail2ban.jail   [6614]: INFO    Jail 'exim' uses pyinotify
2018-05-08 20:26:16,389 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,391 fail2ban.filter [6614]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:26:16,392 fail2ban.filter [6614]: INFO    Set maxRetry = 3
2018-05-08 20:26:16,393 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,393 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,398 fail2ban.jail   [6614]: INFO    Creating new jail 'exim-spam'
2018-05-08 20:26:16,398 fail2ban.jail   [6614]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 20:26:16,401 fail2ban.jail   [6614]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:26:16,402 fail2ban.filter [6614]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:26:16,403 fail2ban.filter [6614]: INFO    Set maxRetry = 3
2018-05-08 20:26:16,404 fail2ban.filter [6614]: INFO    Set findtime = 600
2018-05-08 20:26:16,405 fail2ban.actions[6614]: INFO    Set banTime = 600
2018-05-08 20:26:16,409 fail2ban.jail   [6614]: INFO    Jail 'ssh' started
2018-05-08 20:26:16,412 fail2ban.jail   [6614]: INFO    Jail 'http-get-dos' started
2018-05-08 20:26:16,415 fail2ban.jail   [6614]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 20:26:16,417 fail2ban.jail   [6614]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 20:26:16,420 fail2ban.jail   [6614]: INFO    Jail 'apache-bruteforce' started
2018-05-08 20:26:16,424 fail2ban.jail   [6614]: INFO    Jail 'exim' started
2018-05-08 20:26:16,425 fail2ban.jail   [6614]: INFO    Jail 'exim-spam' started
2018-05-08 20:28:32,576 fail2ban.actions[6614]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:30:43,977 fail2ban.server [6614]: INFO    Stopping all jails
2018-05-08 20:30:44,774 fail2ban.jail   [6614]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 20:30:45,699 fail2ban.jail   [6614]: INFO    Jail 'http-get-dos' stopped
2018-05-08 20:30:45,861 fail2ban.jail   [6614]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 20:30:46,697 fail2ban.actions[6614]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:30:46,705 fail2ban.jail   [6614]: INFO    Jail 'ssh' stopped
2018-05-08 20:30:46,738 fail2ban.jail   [6614]: INFO    Jail 'exim-spam' stopped
2018-05-08 20:30:47,739 fail2ban.jail   [6614]: INFO    Jail 'exim' stopped
2018-05-08 20:30:48,723 fail2ban.jail   [6614]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 20:30:48,724 fail2ban.server [6614]: INFO    Exiting Fail2ban
2018-05-08 20:30:49,433 fail2ban.server [10459]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 20:30:49,434 fail2ban.jail   [10459]: INFO    Creating new jail 'ssh'
2018-05-08 20:30:49,461 fail2ban.jail   [10459]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 20:30:49,481 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,483 fail2ban.filter [10459]: INFO    Added logfile = /var/log/auth.log
2018-05-08 20:30:49,484 fail2ban.filter [10459]: INFO    Set maxRetry = 6
2018-05-08 20:30:49,485 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,486 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,520 fail2ban.jail   [10459]: INFO    Creating new jail 'http-get-dos'
2018-05-08 20:30:49,520 fail2ban.jail   [10459]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 20:30:49,524 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,525 fail2ban.filter [10459]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 20:30:49,526 fail2ban.filter [10459]: INFO    Set maxRetry = 360
2018-05-08 20:30:49,527 fail2ban.filter [10459]: INFO    Set findtime = 120
2018-05-08 20:30:49,528 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,532 fail2ban.jail   [10459]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 20:30:49,532 fail2ban.jail   [10459]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 20:30:49,535 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,536 fail2ban.filter [10459]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:30:49,537 fail2ban.filter [10459]: INFO    Set maxRetry = 3
2018-05-08 20:30:49,538 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,539 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,544 fail2ban.jail   [10459]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 20:30:49,544 fail2ban.jail   [10459]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 20:30:49,547 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,548 fail2ban.filter [10459]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:30:49,548 fail2ban.filter [10459]: INFO    Set maxRetry = 1
2018-05-08 20:30:49,550 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,550 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,558 fail2ban.jail   [10459]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 20:30:49,558 fail2ban.jail   [10459]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 20:30:49,561 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,562 fail2ban.filter [10459]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:30:49,563 fail2ban.filter [10459]: INFO    Set maxRetry = 1
2018-05-08 20:30:49,564 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,564 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,568 fail2ban.jail   [10459]: INFO    Creating new jail 'exim'
2018-05-08 20:30:49,569 fail2ban.jail   [10459]: INFO    Jail 'exim' uses pyinotify
2018-05-08 20:30:49,571 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,573 fail2ban.filter [10459]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:30:49,574 fail2ban.filter [10459]: INFO    Set maxRetry = 3
2018-05-08 20:30:49,575 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,576 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,579 fail2ban.jail   [10459]: INFO    Creating new jail 'exim-spam'
2018-05-08 20:30:49,579 fail2ban.jail   [10459]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 20:30:49,582 fail2ban.jail   [10459]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:30:49,583 fail2ban.filter [10459]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:30:49,584 fail2ban.filter [10459]: INFO    Set maxRetry = 3
2018-05-08 20:30:49,585 fail2ban.filter [10459]: INFO    Set findtime = 600
2018-05-08 20:30:49,585 fail2ban.actions[10459]: INFO    Set banTime = 600
2018-05-08 20:30:49,589 fail2ban.jail   [10459]: INFO    Jail 'ssh' started
2018-05-08 20:30:49,592 fail2ban.jail   [10459]: INFO    Jail 'http-get-dos' started
2018-05-08 20:30:49,594 fail2ban.jail   [10459]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 20:30:49,597 fail2ban.jail   [10459]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 20:30:49,599 fail2ban.jail   [10459]: INFO    Jail 'apache-bruteforce' started
2018-05-08 20:30:49,601 fail2ban.jail   [10459]: INFO    Jail 'exim' started
2018-05-08 20:30:49,602 fail2ban.jail   [10459]: INFO    Jail 'exim-spam' started
2018-05-08 20:30:51,598 fail2ban.actions[10459]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:31:45,350 fail2ban.server [10459]: INFO    Stopping all jails
2018-05-08 20:31:45,766 fail2ban.jail   [10459]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 20:31:46,674 fail2ban.jail   [10459]: INFO    Jail 'http-get-dos' stopped
2018-05-08 20:31:46,841 fail2ban.jail   [10459]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 20:31:47,668 fail2ban.actions[10459]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:31:47,677 fail2ban.jail   [10459]: INFO    Jail 'ssh' stopped
2018-05-08 20:31:47,817 fail2ban.jail   [10459]: INFO    Jail 'exim-spam' stopped
2018-05-08 20:31:48,783 fail2ban.jail   [10459]: INFO    Jail 'exim' stopped
2018-05-08 20:31:49,700 fail2ban.jail   [10459]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 20:31:49,701 fail2ban.server [10459]: INFO    Exiting Fail2ban
2018-05-08 20:31:50,409 fail2ban.server [10610]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 20:31:50,409 fail2ban.jail   [10610]: INFO    Creating new jail 'ssh'
2018-05-08 20:31:50,426 fail2ban.jail   [10610]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 20:31:50,440 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,442 fail2ban.filter [10610]: INFO    Added logfile = /var/log/auth.log
2018-05-08 20:31:50,443 fail2ban.filter [10610]: INFO    Set maxRetry = 6
2018-05-08 20:31:50,444 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,444 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,472 fail2ban.jail   [10610]: INFO    Creating new jail 'http-get-dos'
2018-05-08 20:31:50,472 fail2ban.jail   [10610]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 20:31:50,475 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,476 fail2ban.filter [10610]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 20:31:50,477 fail2ban.filter [10610]: INFO    Set maxRetry = 360
2018-05-08 20:31:50,478 fail2ban.filter [10610]: INFO    Set findtime = 120
2018-05-08 20:31:50,478 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,482 fail2ban.jail   [10610]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 20:31:50,482 fail2ban.jail   [10610]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 20:31:50,485 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,486 fail2ban.filter [10610]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:31:50,487 fail2ban.filter [10610]: INFO    Set maxRetry = 3
2018-05-08 20:31:50,488 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,489 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,493 fail2ban.jail   [10610]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 20:31:50,494 fail2ban.jail   [10610]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 20:31:50,496 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,497 fail2ban.filter [10610]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:31:50,498 fail2ban.filter [10610]: INFO    Set maxRetry = 1
2018-05-08 20:31:50,499 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,500 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,508 fail2ban.jail   [10610]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 20:31:50,508 fail2ban.jail   [10610]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 20:31:50,511 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,512 fail2ban.filter [10610]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:31:50,512 fail2ban.filter [10610]: INFO    Set maxRetry = 1
2018-05-08 20:31:50,513 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,514 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,518 fail2ban.jail   [10610]: INFO    Creating new jail 'exim'
2018-05-08 20:31:50,518 fail2ban.jail   [10610]: INFO    Jail 'exim' uses pyinotify
2018-05-08 20:31:50,521 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,523 fail2ban.filter [10610]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:31:50,524 fail2ban.filter [10610]: INFO    Set maxRetry = 3
2018-05-08 20:31:50,525 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,526 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,529 fail2ban.jail   [10610]: INFO    Creating new jail 'exim-spam'
2018-05-08 20:31:50,530 fail2ban.jail   [10610]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 20:31:50,533 fail2ban.jail   [10610]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:31:50,534 fail2ban.filter [10610]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:31:50,534 fail2ban.filter [10610]: INFO    Set maxRetry = 3
2018-05-08 20:31:50,536 fail2ban.filter [10610]: INFO    Set findtime = 600
2018-05-08 20:31:50,536 fail2ban.actions[10610]: INFO    Set banTime = 600
2018-05-08 20:31:50,540 fail2ban.jail   [10610]: INFO    Jail 'ssh' started
2018-05-08 20:31:50,543 fail2ban.jail   [10610]: INFO    Jail 'http-get-dos' started
2018-05-08 20:31:50,545 fail2ban.jail   [10610]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 20:31:50,547 fail2ban.jail   [10610]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 20:31:50,549 fail2ban.jail   [10610]: INFO    Jail 'apache-bruteforce' started
2018-05-08 20:31:50,553 fail2ban.jail   [10610]: INFO    Jail 'exim' started
2018-05-08 20:31:50,554 fail2ban.jail   [10610]: INFO    Jail 'exim-spam' started
2018-05-08 20:31:52,550 fail2ban.actions[10610]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:32:25,248 fail2ban.server [10610]: INFO    Stopping all jails
2018-05-08 20:32:25,700 fail2ban.jail   [10610]: INFO    Jail 'apache-w00tw00t' stopped
2018-05-08 20:32:26,605 fail2ban.jail   [10610]: INFO    Jail 'http-get-dos' stopped
2018-05-08 20:32:26,777 fail2ban.jail   [10610]: INFO    Jail 'apache-bruteforce' stopped
2018-05-08 20:32:27,597 fail2ban.actions[10610]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:32:27,606 fail2ban.jail   [10610]: INFO    Jail 'ssh' stopped
2018-05-08 20:32:27,743 fail2ban.jail   [10610]: INFO    Jail 'exim-spam' stopped
2018-05-08 20:32:28,715 fail2ban.jail   [10610]: INFO    Jail 'exim' stopped
2018-05-08 20:32:29,633 fail2ban.jail   [10610]: INFO    Jail 'apache-phpmyadmin' stopped
2018-05-08 20:32:29,634 fail2ban.server [10610]: INFO    Exiting Fail2ban
2018-05-08 20:32:30,366 fail2ban.server [10763]: INFO    Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2018-05-08 20:32:30,367 fail2ban.jail   [10763]: INFO    Creating new jail 'ssh'
2018-05-08 20:32:30,382 fail2ban.jail   [10763]: INFO    Jail 'ssh' uses pyinotify
2018-05-08 20:32:30,396 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,397 fail2ban.filter [10763]: INFO    Added logfile = /var/log/auth.log
2018-05-08 20:32:30,398 fail2ban.filter [10763]: INFO    Set maxRetry = 6
2018-05-08 20:32:30,399 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,400 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,429 fail2ban.jail   [10763]: INFO    Creating new jail 'http-get-dos'
2018-05-08 20:32:30,429 fail2ban.jail   [10763]: INFO    Jail 'http-get-dos' uses pyinotify
2018-05-08 20:32:30,432 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,433 fail2ban.filter [10763]: INFO    Added logfile = /var/log/apache2/access.log
2018-05-08 20:32:30,433 fail2ban.filter [10763]: INFO    Set maxRetry = 360
2018-05-08 20:32:30,435 fail2ban.filter [10763]: INFO    Set findtime = 120
2018-05-08 20:32:30,435 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,439 fail2ban.jail   [10763]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 20:32:30,439 fail2ban.jail   [10763]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 20:32:30,442 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,443 fail2ban.filter [10763]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:32:30,444 fail2ban.filter [10763]: INFO    Set maxRetry = 3
2018-05-08 20:32:30,445 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,445 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,450 fail2ban.jail   [10763]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 20:32:30,450 fail2ban.jail   [10763]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 20:32:30,453 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,454 fail2ban.filter [10763]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:32:30,455 fail2ban.filter [10763]: INFO    Set maxRetry = 1
2018-05-08 20:32:30,456 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,456 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,464 fail2ban.jail   [10763]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 20:32:30,464 fail2ban.jail   [10763]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 20:32:30,467 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,468 fail2ban.filter [10763]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 20:32:30,469 fail2ban.filter [10763]: INFO    Set maxRetry = 1
2018-05-08 20:32:30,470 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,470 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,475 fail2ban.jail   [10763]: INFO    Creating new jail 'exim'
2018-05-08 20:32:30,475 fail2ban.jail   [10763]: INFO    Jail 'exim' uses pyinotify
2018-05-08 20:32:30,477 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,480 fail2ban.filter [10763]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:32:30,480 fail2ban.filter [10763]: INFO    Set maxRetry = 3
2018-05-08 20:32:30,482 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,482 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,486 fail2ban.jail   [10763]: INFO    Creating new jail 'exim-spam'
2018-05-08 20:32:30,486 fail2ban.jail   [10763]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 20:32:30,488 fail2ban.jail   [10763]: INFO    Initiated 'pyinotify' backend
2018-05-08 20:32:30,489 fail2ban.filter [10763]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 20:32:30,490 fail2ban.filter [10763]: INFO    Set maxRetry = 3
2018-05-08 20:32:30,491 fail2ban.filter [10763]: INFO    Set findtime = 600
2018-05-08 20:32:30,492 fail2ban.actions[10763]: INFO    Set banTime = 600
2018-05-08 20:32:30,496 fail2ban.jail   [10763]: INFO    Jail 'ssh' started
2018-05-08 20:32:30,499 fail2ban.jail   [10763]: INFO    Jail 'http-get-dos' started
2018-05-08 20:32:30,500 fail2ban.jail   [10763]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 20:32:30,502 fail2ban.jail   [10763]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 20:32:30,504 fail2ban.jail   [10763]: INFO    Jail 'apache-bruteforce' started
2018-05-08 20:32:30,507 fail2ban.jail   [10763]: INFO    Jail 'exim' started
2018-05-08 20:32:30,509 fail2ban.jail   [10763]: INFO    Jail 'exim-spam' started
2018-05-08 20:32:32,506 fail2ban.actions[10763]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 20:42:33,010 fail2ban.actions[10763]: WARNING [ssh] Unban 58.218.201.181
2018-05-08 20:43:47,097 fail2ban.actions[10763]: WARNING [ssh] Ban 58.218.201.181

shewy80 · Mai 8, 2018, 6:54pm

Ce log me permet de voir que j’ai un autre soucis avec les Ban <> Unban

Le Unban interviens 10 mins après alors que j’ai paramétré mon fichier avec

bantime = 3600
findtime = 600
maxretry = 2

je comprend plus rien moi …

im_a_teapot · Mai 8, 2018, 7:10pm

Bonjour,

Rapidement, peut ont avoir le resultat de la commande fail2ban-client status pure-ftpd et de tail -n 50 /var/log/fail2ban.log après un systemctl restart fail2ban.service.

Quel tuto as tu suivie pour configurer fail2ban ?

shewy80 · Mai 8, 2018, 9:27pm

root@vpsxxxx:~# sudo fail2ban-client status pure-ftpd
ERROR  NOK: ('pure-ftpd',)
Sorry but the jail 'pure-ftpd' does not exist

root@vpsxxx:~# tail -n 50 /var/log/fail2ban.log
2018-05-08 21:12:01,735 fail2ban.filter [11303]: INFO    Set maxRetry = 360
2018-05-08 21:12:01,736 fail2ban.filter [11303]: INFO    Set findtime = 120
2018-05-08 21:12:01,736 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,740 fail2ban.jail   [11303]: INFO    Creating new jail 'apache-phpmyadmin'
2018-05-08 21:12:01,740 fail2ban.jail   [11303]: INFO    Jail 'apache-phpmyadmin' uses pyinotify
2018-05-08 21:12:01,743 fail2ban.jail   [11303]: INFO    Initiated 'pyinotify' backend
2018-05-08 21:12:01,744 fail2ban.filter [11303]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 21:12:01,745 fail2ban.filter [11303]: INFO    Set maxRetry = 3
2018-05-08 21:12:01,746 fail2ban.filter [11303]: INFO    Set findtime = 600
2018-05-08 21:12:01,746 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,751 fail2ban.jail   [11303]: INFO    Creating new jail 'apache-w00tw00t'
2018-05-08 21:12:01,751 fail2ban.jail   [11303]: INFO    Jail 'apache-w00tw00t' uses pyinotify
2018-05-08 21:12:01,754 fail2ban.jail   [11303]: INFO    Initiated 'pyinotify' backend
2018-05-08 21:12:01,755 fail2ban.filter [11303]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 21:12:01,755 fail2ban.filter [11303]: INFO    Set maxRetry = 1
2018-05-08 21:12:01,756 fail2ban.filter [11303]: INFO    Set findtime = 600
2018-05-08 21:12:01,757 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,764 fail2ban.jail   [11303]: INFO    Creating new jail 'apache-bruteforce'
2018-05-08 21:12:01,764 fail2ban.jail   [11303]: INFO    Jail 'apache-bruteforce' uses pyinotify
2018-05-08 21:12:01,767 fail2ban.jail   [11303]: INFO    Initiated 'pyinotify' backend
2018-05-08 21:12:01,768 fail2ban.filter [11303]: INFO    Added logfile = /var/log/apache2/error.log
2018-05-08 21:12:01,769 fail2ban.filter [11303]: INFO    Set maxRetry = 1
2018-05-08 21:12:01,770 fail2ban.filter [11303]: INFO    Set findtime = 600
2018-05-08 21:12:01,771 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,775 fail2ban.jail   [11303]: INFO    Creating new jail 'exim'
2018-05-08 21:12:01,775 fail2ban.jail   [11303]: INFO    Jail 'exim' uses pyinotify
2018-05-08 21:12:01,778 fail2ban.jail   [11303]: INFO    Initiated 'pyinotify' backend
2018-05-08 21:12:01,780 fail2ban.filter [11303]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 21:12:01,781 fail2ban.filter [11303]: INFO    Set maxRetry = 3
2018-05-08 21:12:01,782 fail2ban.filter [11303]: INFO    Set findtime = 600
2018-05-08 21:12:01,782 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,785 fail2ban.jail   [11303]: INFO    Creating new jail 'exim-spam'
2018-05-08 21:12:01,786 fail2ban.jail   [11303]: INFO    Jail 'exim-spam' uses pyinotify
2018-05-08 21:12:01,789 fail2ban.jail   [11303]: INFO    Initiated 'pyinotify' backend
2018-05-08 21:12:01,790 fail2ban.filter [11303]: INFO    Added logfile = /var/log/exim4/mainlog
2018-05-08 21:12:01,790 fail2ban.filter [11303]: INFO    Set maxRetry = 3
2018-05-08 21:12:01,791 fail2ban.filter [11303]: INFO    Set findtime = 600
2018-05-08 21:12:01,792 fail2ban.actions[11303]: INFO    Set banTime = 600
2018-05-08 21:12:01,796 fail2ban.jail   [11303]: INFO    Jail 'ssh' started
2018-05-08 21:12:01,799 fail2ban.jail   [11303]: INFO    Jail 'http-get-dos' started
2018-05-08 21:12:01,800 fail2ban.jail   [11303]: INFO    Jail 'apache-phpmyadmin' started
2018-05-08 21:12:01,802 fail2ban.jail   [11303]: INFO    Jail 'apache-w00tw00t' started
2018-05-08 21:12:01,805 fail2ban.jail   [11303]: INFO    Jail 'apache-bruteforce' started
2018-05-08 21:12:01,808 fail2ban.jail   [11303]: INFO    Jail 'exim' started
2018-05-08 21:12:01,810 fail2ban.jail   [11303]: INFO    Jail 'exim-spam' started
2018-05-08 21:12:01,852 fail2ban.filter [11303]: ERROR   Error in FilterPyinotify callback: 'module' object has no attribute '_strptime_time'
2018-05-08 21:12:06,808 fail2ban.actions[11303]: WARNING [ssh] Ban 58.218.201.181
2018-05-08 21:12:26,294 fail2ban.comm   [11303]: WARNING Command ['status', 'pure-ftpd'] has failed. Received UnknownJailException('pure-ftpd',)
2018-05-08 21:12:39,660 fail2ban.comm   [11303]: WARNING Command ['status', 'pure-ftpd'] has failed. Received UnknownJailException('pure-ftpd',)
2018-05-08 21:12:49,390 fail2ban.comm   [11303]: WARNING Command ['status', 'pure-ftpd'] has failed. Received UnknownJailException('pure-ftpd',)

Concernant les tuto : plusieurs en fait. J’ai cherché avec Google du style
"fail2ban apache" et je suis tombé sur ces deux sites où j’ai pioché ce qui m’intéressai

https://technique.arscenic.org/securite/article/fail2ban-limitation-des-tentatives-d-intrusion
https://www.supinfo.com/articles/single/2660-proteger-votre-vps-apache-avec-fail2ban
http://powtos.fr/632-fail2ban-apache/

im_a_teapot · Mai 8, 2018, 7:37pm

Dans ton fichier de config il y a deux entrées [http-get-dos] commante la seconde pour voir.

Quant on voie ton log on constate que toutes las jails ont un banTime de 600, on peut noté que les seuls entrés qui possède un ban time de 600 sont les [http-get-dos].

Sinon tu peut aussi repartir d’une config de base est tester chaque ajout de ton fichier de config un par un. Fait attention au copier coller en gros comme ça, ce n’est pas trop une bonne idée je pense. Va y par étape.

shewy80 · Mai 8, 2018, 7:55pm

Juste pour confirmation avec les fichiers :
Dans /etc/fail2ban je ne dois avoir QUE

fail2ban.conf
jail.conf
qui sont les fichiers d’origine à ne pas toucher et qui ne demande aucune modification

Dans /etc/fail2ban/jail.d

jailperso.conf

(J’imagine que fail2ban comprend seul qu’il faut utiliser ce fichier quelque soit son nom à la place de jail.conf ?)

Et on relance le service QU’avec cette commande : sudo systemctl restart fail2ban.service

Selon vos confirmations je vais repartir de zéro à savoir :
Copier le fichier jail.conf dans ./jail.d et le modifier petit a petit

parceque là après avoir supprimé [http-get-dos] que j’avais ajouté et laissé celui qui se trouvait plus bas je n’ai plus qu’un seul jail !

Leobo · Mai 8, 2018, 8:00pm

Yep !

ll semble y avoir plusieurs commandes disponibles (comme souvent). Tu peux aussi utiliser :

sudo systemctl reload fail2ban

À voir à l’usage ce qui apparaît comme le plus pertinent pour toi. Je ne suis pas assez connaisseur sur ce point.

Commence par le commenter entièrement si tu veux avoir la conf’ sous les yeux. C’est important de se répéter le moins possible pour éviter l’entassement de directives. Par exemple, si la conf’ par défaut d’un service te va, tu peux simplement noter :

[service]

enabled = true

Sans ajouter des directives redondantes.