2012-10-03 10:37:12,490 fail2ban.filter : DEBUG Found ******
2012-10-03 10:37:12,491 fail2ban.filter : DEBUG Currently have failures from 1 IPs: ['*******']
2012-10-03 10:37:12,491 fail2ban.filter.datedetector: DEBUG Sorting the template list
2012-10-03 10:37:50,516 fail2ban.filter : DEBUG Got event: 1 for /var/log/auth.log
2012-10-03 10:37:50,516 fail2ban.filter : DEBUG File changed: /var/log/auth.log
2012-10-03 10:37:50,516 fail2ban.filter.datedetector: DEBUG Sorting the template list
2012-10-03 10:38:32,546 fail2ban.filter : DEBUG Got event: 1 for /var/log/auth.log
2012-10-03 10:38:32,546 fail2ban.filter : DEBUG File changed: /var/log/auth.log
2012-10-03 10:38:32,546 fail2ban.filter.datedetector: DEBUG Sorting the template list
2012-10-03 10:32:22,117 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?Authentication failure for .* from <HOST>\\s*$']
2012-10-03 10:32:22,119 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*(?:error: PAM: )?User not known to the underlying authentication module for .* from <HOST>\\s*$']
2012-10-03 10:32:22,120 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Failed (?:password|publickey) for .* from <HOST>(?: port \\d*)?(?: ssh\\d*)?$']
2012-10-03 10:32:22,123 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*ROOT LOGIN REFUSED.* FROM <HOST>\\s*$']
2012-10-03 10:32:22,125 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*[iI](?:llegal|nvalid) user .* from <HOST>\\s*$']
2012-10-03 10:32:22,128 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because not listed in AllowUsers$']
2012-10-03 10:32:22,130 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*authentication failure; logname=\\S* uid=\\S* euid=\\S* tty=\\S* ruser=\\S* rhost=<HOST>(?:\\s+user=.*)?\\s*$']
2012-10-03 10:32:22,133 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*refused connect from \\S+ \\(<HOST>\\)\\s*$']
2012-10-03 10:32:22,136 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', '^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*Address <HOST> .* POSSIBLE BREAK-IN ATTEMPT!*\\s*$']
2012-10-03 10:32:22,139 fail2ban.comm : DEBUG Command: ['set', 'ssh', 'addfailregex', "^\\s*(?:\\S+ )?(?:kernel: \\[\\d+\\.\\d+\\] )?(?:@vserver_\\S+ )?(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:)?\\s*User .+ from <HOST> not allowed because none of user's groups are listed in AllowGroups\\s*$"]
]
Oct 3 10:37:10 Ubuntu-1204-precise-64-minimal sshd[25579]: User root from vsrv06.****** not allowed because not listed in AllowUsers (Alarm von Fail2ban danach wars das)
Oct 3 10:37:10 Ubuntu-1204-precise-64-minimal sshd[25579]: input_userauth_request: invalid user root [preauth]
Oct 3 10:37:10 Ubuntu-1204-precise-64-minimal sshd[25579]: Connection closed by ****** [preauth] (login versuche..... keine reaktion von Fail2ban..)
Oct 3 10:37:48 Ubuntu-1204-precise-64-minimal sshd[25675]: Connection closed by ***** [preauth]
Oct 3 10:38:30 Ubuntu-1204-precise-64-minimal sshd[25785]: Connection closed by ***** [preauth]
Oct 3 10:38:31 Ubuntu-1204-precise-64-minimal sshd[25791]: Connection closed by ***** [preauth]
Oct 3 10:40:01 Ubuntu-1204-precise-64-minimal CRON[26007]: pam_unix(cron:session): session opened for user root by (uid=0)
Oct 3 10:40:01 Ubuntu-1204-precise-64-minimal CRON[26007]: pam_unix(cron:session): session closed for user root
Oct 3 10:41:19 Ubuntu-1204-precise-64-minimal sshd[26071]: Received disconnect from ******: 13: Unable to authenticate [preauth]
Oct 3 11:05:07 Ubuntu-1204-precise-64-minimal sshd[492]: User root from ***** not allowed because not listed in AllowUsers
Oct 3 11:05:07 Ubuntu-1204-precise-64-minimal sshd[492]: input_userauth_request: invalid user root [preauth]
Oct 3 11:05:07 Ubuntu-1204-precise-64-minimal sshd[492]: Connection closed by ****** [preauth]
We use essential cookies to make this site work, and optional cookies to enhance your experience.