==== DATE ====
Sun Aug 31 00:42:43 WIB 2025
==== UFW STATUS (numbered) ====
Status: inactive
==== UFW LOG (last 200, filtered by IP if set) ====
==== FAIL2BAN sshd STATUS ====
==== FAIL2BAN LOG (last 200) ====
==== CSF LIST (csf -l) ====
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1555  254K LOCALINPUT  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      262 19616 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        9   540 SYNFLOOD   6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
4      106 16115 INVALID    6    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
6        0     0 LOGDROPIN  1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
7        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8       98 15843 ACCEPT     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
9        9   540 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
10       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2222
11       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
12       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:9100
13       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:5201
14       0     0 ACCEPT     17   --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:5201
15      42 20650 LOGDROPIN  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1257 2373K LOCALOUTPUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
4        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
5        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
6      262 19616 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
7      580  157K INVALID    6    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     1    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
9      565  155K ACCEPT     0    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10       0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpts:1:65535
11       9   684 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpts:1:65535
12       0     0 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      534  124K ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
6      743 84752 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
7        0     0 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
8        0     0 ACCEPT     0    --  !lo    *       192.168.55.118       0.0.0.0/0           
9        4   458 ACCEPT     0    --  !lo    *       192.168.48.1         0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      617 2212K ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.55.118      
2        2   146 ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.48.1        

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0           

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122      

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 INVDROP    0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1555  254K ALLOWIN    0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      274 43933 DENYIN     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1257 2373K ALLOWOUT   0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2      638  162K DENYOUT    0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
3        9   684 UDPFLOOD   17   --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12       1   229 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21       0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22      29 14446 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24      41 20421 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4       72  7488 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   540 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 150
2        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain UDPFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 0
2        9   684 RETURN     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 500
3        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
4        0     0 REJECT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable


iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables raw table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables nat table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
==== CSF GREP ATTACKER (csf -g) ====

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination         

filter ALLOWIN          2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
filter ALLOWIN          3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
filter ALLOWIN          4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
filter ALLOWIN          5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80

filter DENYIN           1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0

filter DENYOUT          1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122

csf.deny: 192.168.55.122 # lfd: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - Sun Aug 31 00:41:43 2025
==== LFD LOG (last 200) ====
Aug 31 00:30:41 sut lfd[5373]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:31:12 sut lfd[5386]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:31:12 sut lfd[5386]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:31:12 sut lfd[5386]: Log Scanner...
Aug 31 00:31:12 sut lfd[5386]: CSF Tracking...
Aug 31 00:31:12 sut lfd[5386]: LOAD Tracking...
Aug 31 00:31:12 sut lfd[5386]: Country Code Lookups...
Aug 31 00:31:12 sut lfd[5386]: System Integrity Tracking...
Aug 31 00:31:12 sut lfd[5386]: Exploit Tracking...
Aug 31 00:31:12 sut lfd[5386]: Directory Watching...
Aug 31 00:31:12 sut lfd[5386]: Process Tracking...
Aug 31 00:31:12 sut lfd[5386]: Account Tracking...
Aug 31 00:31:12 sut lfd[5386]: SSH Tracking...
Aug 31 00:31:12 sut lfd[5386]: Webmin Tracking...
Aug 31 00:31:12 sut lfd[5386]: SU Tracking...
Aug 31 00:31:12 sut lfd[5386]: Console Tracking...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/secure...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/syslog...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/lfd.log...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/auth.log...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/messages...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/customlog...
Aug 31 00:31:12 sut lfd[5386]: Watching /var/log/apache2/error.log...
Aug 31 00:31:12 sut lfd[5399]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:31:17 sut lfd[5424]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:32:12 sut lfd[5436]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:32:17 sut lfd[5462]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:33:17 sut lfd[5530]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:33:18 sut lfd[5386]: Main Process: TERM
Aug 31 00:33:18 sut lfd[5530]: Main Process: TERM
Aug 31 00:33:18 sut lfd[5386]: daemon stopped
Aug 31 00:33:18 sut lfd[5704]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:33:18 sut lfd[5704]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:33:18 sut lfd[5704]: Log Scanner...
Aug 31 00:33:18 sut lfd[5704]: CSF Tracking...
Aug 31 00:33:18 sut lfd[5704]: LOAD Tracking...
Aug 31 00:33:18 sut lfd[5704]: Country Code Lookups...
Aug 31 00:33:18 sut lfd[5704]: System Integrity Tracking...
Aug 31 00:33:18 sut lfd[5704]: Exploit Tracking...
Aug 31 00:33:18 sut lfd[5704]: Directory Watching...
Aug 31 00:33:18 sut lfd[5704]: Process Tracking...
Aug 31 00:33:18 sut lfd[5704]: Account Tracking...
Aug 31 00:33:18 sut lfd[5704]: SSH Tracking...
Aug 31 00:33:18 sut lfd[5704]: Webmin Tracking...
Aug 31 00:33:18 sut lfd[5704]: SU Tracking...
Aug 31 00:33:18 sut lfd[5704]: Console Tracking...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/apache2/error.log...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/auth.log...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/messages...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/lfd.log...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/customlog...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/syslog...
Aug 31 00:33:18 sut lfd[5704]: Watching /var/log/secure...
Aug 31 00:33:18 sut lfd[5717]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:34:18 sut lfd[5722]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:34:48 sut lfd[5991]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:34:48 sut lfd[5991]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:34:48 sut lfd[5991]: Log Scanner...
Aug 31 00:34:48 sut lfd[5991]: CSF Tracking...
Aug 31 00:34:48 sut lfd[5991]: LOAD Tracking...
Aug 31 00:34:48 sut lfd[5991]: Country Code Lookups...
Aug 31 00:34:48 sut lfd[5991]: System Integrity Tracking...
Aug 31 00:34:48 sut lfd[5991]: Exploit Tracking...
Aug 31 00:34:48 sut lfd[5991]: Directory Watching...
Aug 31 00:34:48 sut lfd[5991]: Process Tracking...
Aug 31 00:34:48 sut lfd[5991]: Account Tracking...
Aug 31 00:34:48 sut lfd[5991]: SSH Tracking...
Aug 31 00:34:48 sut lfd[5991]: Webmin Tracking...
Aug 31 00:34:48 sut lfd[5991]: SU Tracking...
Aug 31 00:34:48 sut lfd[5991]: Console Tracking...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/lfd.log...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/customlog...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/messages...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/auth.log...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/secure...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/apache2/error.log...
Aug 31 00:34:48 sut lfd[5991]: Watching /var/log/syslog...
Aug 31 00:34:48 sut lfd[6004]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:34:53 sut lfd[6028]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:35:48 sut lfd[6039]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:35:53 sut lfd[6065]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:36:23 sut lfd[6116]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:36:24 sut lfd[5991]: Main Process: TERM
Aug 31 00:36:24 sut lfd[5991]: daemon stopped
Aug 31 00:36:24 sut lfd[6065]: Main Process: TERM
Aug 31 00:36:24 sut lfd[6302]: Main Process: TERM
Aug 31 00:36:24 sut lfd[6302]: daemon stopped
Aug 31 00:36:25 sut lfd[6316]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:36:25 sut lfd[6316]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:36:25 sut lfd[6316]: Log Scanner...
Aug 31 00:36:25 sut lfd[6316]: CSF Tracking...
Aug 31 00:36:25 sut lfd[6316]: LOAD Tracking...
Aug 31 00:36:25 sut lfd[6316]: Country Code Lookups...
Aug 31 00:36:25 sut lfd[6316]: System Integrity Tracking...
Aug 31 00:36:25 sut lfd[6316]: Exploit Tracking...
Aug 31 00:36:25 sut lfd[6316]: Directory Watching...
Aug 31 00:36:25 sut lfd[6316]: Process Tracking...
Aug 31 00:36:25 sut lfd[6316]: Account Tracking...
Aug 31 00:36:25 sut lfd[6316]: SSH Tracking...
Aug 31 00:36:25 sut lfd[6316]: Webmin Tracking...
Aug 31 00:36:25 sut lfd[6316]: SU Tracking...
Aug 31 00:36:25 sut lfd[6316]: Console Tracking...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/syslog...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/auth.log...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/customlog...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/secure...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/messages...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/lfd.log...
Aug 31 00:36:25 sut lfd[6316]: Watching /var/log/apache2/error.log...
Aug 31 00:36:25 sut lfd[6329]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:36:30 sut lfd[6354]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:37:25 sut lfd[6364]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:37:30 sut lfd[6423]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:37:30 sut lfd[6425]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:38:30 sut lfd[6484]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:38:31 sut lfd[6316]: Main Process: TERM
Aug 31 00:38:31 sut lfd[6316]: daemon stopped
Aug 31 00:38:31 sut lfd[6666]: Main Process: TERM
Aug 31 00:38:31 sut lfd[6666]: daemon stopped
Aug 31 00:38:31 sut lfd[6681]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:38:31 sut lfd[6681]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:38:31 sut lfd[6681]: Log Scanner...
Aug 31 00:38:31 sut lfd[6681]: CSF Tracking...
Aug 31 00:38:31 sut lfd[6681]: LOAD Tracking...
Aug 31 00:38:31 sut lfd[6681]: Country Code Lookups...
Aug 31 00:38:31 sut lfd[6681]: System Integrity Tracking...
Aug 31 00:38:31 sut lfd[6681]: Exploit Tracking...
Aug 31 00:38:31 sut lfd[6681]: Directory Watching...
Aug 31 00:38:31 sut lfd[6681]: Process Tracking...
Aug 31 00:38:31 sut lfd[6681]: Account Tracking...
Aug 31 00:38:31 sut lfd[6681]: SSH Tracking...
Aug 31 00:38:31 sut lfd[6681]: Webmin Tracking...
Aug 31 00:38:31 sut lfd[6681]: SU Tracking...
Aug 31 00:38:31 sut lfd[6681]: Console Tracking...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/messages...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/secure...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/syslog...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/apache2/error.log...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/lfd.log...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/customlog...
Aug 31 00:38:31 sut lfd[6681]: Watching /var/log/auth.log...
Aug 31 00:38:31 sut lfd[6694]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:38:36 sut lfd[6718]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:39:31 sut lfd[6728]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:39:36 sut lfd[6780]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:39:36 sut lfd[6782]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:40:36 sut lfd[6841]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:40:37 sut lfd[6681]: Main Process: TERM
Aug 31 00:40:37 sut lfd[6681]: daemon stopped
Aug 31 00:40:37 sut lfd[7022]: Main Process: TERM
Aug 31 00:40:37 sut lfd[7022]: daemon stopped
Aug 31 00:40:37 sut lfd[7035]: daemon started on sut - csf v14.24 (generic)
Aug 31 00:40:37 sut lfd[7035]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 00:40:37 sut lfd[7035]: Log Scanner...
Aug 31 00:40:37 sut lfd[7035]: CSF Tracking...
Aug 31 00:40:37 sut lfd[7035]: LOAD Tracking...
Aug 31 00:40:37 sut lfd[7035]: Country Code Lookups...
Aug 31 00:40:37 sut lfd[7035]: System Integrity Tracking...
Aug 31 00:40:37 sut lfd[7035]: Exploit Tracking...
Aug 31 00:40:37 sut lfd[7035]: Directory Watching...
Aug 31 00:40:37 sut lfd[7035]: Process Tracking...
Aug 31 00:40:37 sut lfd[7035]: Account Tracking...
Aug 31 00:40:37 sut lfd[7035]: SSH Tracking...
Aug 31 00:40:37 sut lfd[7035]: Webmin Tracking...
Aug 31 00:40:37 sut lfd[7035]: SU Tracking...
Aug 31 00:40:37 sut lfd[7035]: Console Tracking...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/syslog...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/auth.log...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/lfd.log...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/messages...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/apache2/error.log...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/secure...
Aug 31 00:40:37 sut lfd[7035]: Watching /var/log/customlog...
Aug 31 00:40:37 sut lfd[7048]: *User Processing* PID:679 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 00:40:42 sut lfd[7072]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:41:38 sut lfd[7084]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 00:41:43 sut lfd[7129]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:41:43 sut lfd[7131]: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
Aug 31 00:41:48 sut lfd[7212]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:41:48 sut lfd[7214]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:41:53 sut lfd[7236]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:41:58 sut lfd[7278]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:03 sut lfd[7339]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:03 sut lfd[7341]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:08 sut lfd[7402]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:08 sut lfd[7404]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:13 sut lfd[7466]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:13 sut lfd[7468]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:18 sut lfd[7529]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:18 sut lfd[7531]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:23 sut lfd[7592]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:23 sut lfd[7594]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:28 sut lfd[7655]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:28 sut lfd[7657]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:33 sut lfd[7718]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:33 sut lfd[7720]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:38 sut lfd[7782]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:38 sut lfd[7784]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:43 sut lfd[7843]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 00:42:43 sut lfd[7845]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
