==== DATE ====
Sun Aug 31 02:03:49 WIB 2025
==== UFW STATUS (numbered) ====
Status: inactive
==== UFW LOG (last 200, filtered by IP if set) ====
==== FAIL2BAN sshd STATUS ====
==== FAIL2BAN LOG (last 200) ====
==== CSF LIST (csf -l) ====
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     2111  332K LOCALINPUT  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      356 24336 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        9   540 SYNFLOOD   6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
4      118 16739 INVALID    6    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
6        0     0 LOGDROPIN  1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
7        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8      108 16483 ACCEPT     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
9        9   540 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
10       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2222
11       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
12       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:9100
13       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:5201
14       0     0 ACCEPT     17   --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:5201
15      73 37992 LOGDROPIN  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1689 3955K LOCALOUTPUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
4        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
5        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
6      356 24336 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
7      582  158K INVALID    6    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     1    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
9      567  155K ACCEPT     0    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10       0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpts:1:65535
11      14  1064 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpts:1:65535
12       0     0 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      537  125K ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
6     1258  144K ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
7        0     0 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
8        0     0 ACCEPT     0    --  !lo    *       192.168.55.118       0.0.0.0/0           
9        6   770 ACCEPT     0    --  !lo    *       192.168.48.1         0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1042 3792K ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.55.118      
2        2   146 ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.48.1        

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0           

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122      

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 INVDROP    0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     2111  332K ALLOWIN    0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      310 61655 DENYIN     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1689 3955K ALLOWOUT   0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2      645  162K DENYOUT    0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
3       14  1064 UDPFLOOD   17   --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21       0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22      54 28308 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24      73 37992 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4       72  7488 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   540 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 150
2        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain UDPFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 0
2       14  1064 RETURN     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 500
3        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
4        0     0 REJECT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable


iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables raw table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables nat table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
==== CSF GREP ATTACKER (csf -g) ====

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination         

filter ALLOWIN          2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
filter ALLOWIN          3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
filter ALLOWIN          4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
filter ALLOWIN          5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80

filter DENYIN           1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0

filter DENYOUT          1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122

csf.deny: 192.168.55.122 # lfd: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - Sun Aug 31 02:02:49 2025
==== LFD LOG (last 200) ====
Aug 31 01:52:17 sut lfd[4549]: CSF Tracking...
Aug 31 01:52:17 sut lfd[4549]: LOAD Tracking...
Aug 31 01:52:17 sut lfd[4549]: Country Code Lookups...
Aug 31 01:52:17 sut lfd[4549]: System Integrity Tracking...
Aug 31 01:52:17 sut lfd[4549]: Exploit Tracking...
Aug 31 01:52:17 sut lfd[4549]: Directory Watching...
Aug 31 01:52:17 sut lfd[4549]: Process Tracking...
Aug 31 01:52:17 sut lfd[4549]: Account Tracking...
Aug 31 01:52:17 sut lfd[4549]: SSH Tracking...
Aug 31 01:52:17 sut lfd[4549]: Webmin Tracking...
Aug 31 01:52:17 sut lfd[4549]: SU Tracking...
Aug 31 01:52:17 sut lfd[4549]: Console Tracking...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/secure...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/syslog...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/customlog...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/lfd.log...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/apache2/error.log...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/messages...
Aug 31 01:52:17 sut lfd[4549]: Watching /var/log/auth.log...
Aug 31 01:52:17 sut lfd[4562]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:52:22 sut lfd[4586]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:53:22 sut lfd[4623]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:54:22 sut lfd[4690]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:54:23 sut lfd[4549]: Main Process: TERM
Aug 31 01:54:23 sut lfd[4690]: Main Process: TERM
Aug 31 01:54:23 sut lfd[4549]: daemon stopped
Aug 31 01:54:23 sut lfd[4690]: daemon stopped
Aug 31 01:54:24 sut lfd[4863]: Main Process: TERM
Aug 31 01:54:24 sut lfd[4863]: daemon stopped
Aug 31 01:54:24 sut lfd[4876]: daemon started on sut - csf v14.24 (generic)
Aug 31 01:54:24 sut lfd[4876]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 01:54:24 sut lfd[4876]: Log Scanner...
Aug 31 01:54:24 sut lfd[4876]: CSF Tracking...
Aug 31 01:54:24 sut lfd[4876]: LOAD Tracking...
Aug 31 01:54:24 sut lfd[4876]: Country Code Lookups...
Aug 31 01:54:24 sut lfd[4876]: System Integrity Tracking...
Aug 31 01:54:24 sut lfd[4876]: Exploit Tracking...
Aug 31 01:54:24 sut lfd[4876]: Directory Watching...
Aug 31 01:54:24 sut lfd[4876]: Process Tracking...
Aug 31 01:54:24 sut lfd[4876]: Account Tracking...
Aug 31 01:54:24 sut lfd[4876]: SSH Tracking...
Aug 31 01:54:24 sut lfd[4876]: Webmin Tracking...
Aug 31 01:54:24 sut lfd[4876]: SU Tracking...
Aug 31 01:54:24 sut lfd[4876]: Console Tracking...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/syslog...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/apache2/error.log...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/lfd.log...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/customlog...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/secure...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/auth.log...
Aug 31 01:54:24 sut lfd[4876]: Watching /var/log/messages...
Aug 31 01:54:24 sut lfd[4889]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:54:29 sut lfd[4913]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:55:29 sut lfd[5597]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:55:59 sut lfd[5905]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:56:00 sut lfd[4876]: Main Process: TERM
Aug 31 01:56:00 sut lfd[5597]: Main Process: TERM
Aug 31 01:56:00 sut lfd[4876]: daemon stopped
Aug 31 01:56:00 sut lfd[5597]: daemon stopped
Aug 31 01:56:00 sut lfd[6087]: Main Process: TERM
Aug 31 01:56:00 sut lfd[6087]: daemon stopped
Aug 31 01:56:00 sut lfd[6102]: daemon started on sut - csf v14.24 (generic)
Aug 31 01:56:00 sut lfd[6102]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 01:56:00 sut lfd[6102]: Log Scanner...
Aug 31 01:56:00 sut lfd[6102]: CSF Tracking...
Aug 31 01:56:00 sut lfd[6102]: LOAD Tracking...
Aug 31 01:56:00 sut lfd[6102]: Country Code Lookups...
Aug 31 01:56:00 sut lfd[6102]: System Integrity Tracking...
Aug 31 01:56:00 sut lfd[6102]: Exploit Tracking...
Aug 31 01:56:00 sut lfd[6102]: Directory Watching...
Aug 31 01:56:00 sut lfd[6102]: Process Tracking...
Aug 31 01:56:00 sut lfd[6102]: Account Tracking...
Aug 31 01:56:00 sut lfd[6102]: SSH Tracking...
Aug 31 01:56:00 sut lfd[6102]: Webmin Tracking...
Aug 31 01:56:00 sut lfd[6102]: SU Tracking...
Aug 31 01:56:00 sut lfd[6102]: Console Tracking...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/apache2/error.log...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/messages...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/secure...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/lfd.log...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/customlog...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/auth.log...
Aug 31 01:56:00 sut lfd[6102]: Watching /var/log/syslog...
Aug 31 01:56:00 sut lfd[6115]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:56:05 sut lfd[6139]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:57:00 sut lfd[6150]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 01:57:05 sut lfd[6209]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:57:05 sut lfd[6211]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:58:05 sut lfd[6368]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:58:07 sut lfd[6102]: Main Process: TERM
Aug 31 01:58:07 sut lfd[6368]: Main Process: TERM
Aug 31 01:58:07 sut lfd[6102]: daemon stopped
Aug 31 01:58:07 sut lfd[6368]: daemon stopped
Aug 31 01:58:07 sut lfd[6560]: Main Process: TERM
Aug 31 01:58:07 sut lfd[6560]: daemon stopped
Aug 31 01:58:07 sut lfd[6573]: daemon started on sut - csf v14.24 (generic)
Aug 31 01:58:07 sut lfd[6573]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 01:58:07 sut lfd[6573]: Log Scanner...
Aug 31 01:58:07 sut lfd[6573]: CSF Tracking...
Aug 31 01:58:07 sut lfd[6573]: LOAD Tracking...
Aug 31 01:58:07 sut lfd[6573]: Country Code Lookups...
Aug 31 01:58:07 sut lfd[6573]: System Integrity Tracking...
Aug 31 01:58:07 sut lfd[6573]: Exploit Tracking...
Aug 31 01:58:07 sut lfd[6573]: Directory Watching...
Aug 31 01:58:07 sut lfd[6573]: Process Tracking...
Aug 31 01:58:07 sut lfd[6573]: Account Tracking...
Aug 31 01:58:07 sut lfd[6573]: SSH Tracking...
Aug 31 01:58:07 sut lfd[6573]: Webmin Tracking...
Aug 31 01:58:07 sut lfd[6573]: SU Tracking...
Aug 31 01:58:07 sut lfd[6573]: Console Tracking...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/auth.log...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/apache2/error.log...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/syslog...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/lfd.log...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/messages...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/customlog...
Aug 31 01:58:07 sut lfd[6573]: Watching /var/log/secure...
Aug 31 01:58:07 sut lfd[6586]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:58:12 sut lfd[6695]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:59:07 sut lfd[6705]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 01:59:12 sut lfd[6757]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:59:12 sut lfd[6759]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:00:12 sut lfd[6816]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:00:13 sut lfd[6573]: Main Process: TERM
Aug 31 02:00:13 sut lfd[6762]: Main Process: TERM
Aug 31 02:00:13 sut lfd[6762]: daemon stopped
Aug 31 02:00:13 sut lfd[6573]: daemon stopped
Aug 31 02:00:13 sut lfd[7002]: daemon started on sut - csf v14.24 (generic)
Aug 31 02:00:13 sut lfd[7002]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 02:00:13 sut lfd[7002]: Log Scanner...
Aug 31 02:00:13 sut lfd[7002]: CSF Tracking...
Aug 31 02:00:13 sut lfd[7002]: LOAD Tracking...
Aug 31 02:00:13 sut lfd[7002]: Country Code Lookups...
Aug 31 02:00:13 sut lfd[7002]: System Integrity Tracking...
Aug 31 02:00:13 sut lfd[7002]: Exploit Tracking...
Aug 31 02:00:13 sut lfd[7002]: Directory Watching...
Aug 31 02:00:13 sut lfd[7002]: Process Tracking...
Aug 31 02:00:13 sut lfd[7002]: Account Tracking...
Aug 31 02:00:13 sut lfd[7002]: SSH Tracking...
Aug 31 02:00:13 sut lfd[7002]: Webmin Tracking...
Aug 31 02:00:13 sut lfd[7002]: SU Tracking...
Aug 31 02:00:13 sut lfd[7002]: Console Tracking...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/lfd.log...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/syslog...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/apache2/error.log...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/secure...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/messages...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/auth.log...
Aug 31 02:00:13 sut lfd[7002]: Watching /var/log/customlog...
Aug 31 02:00:13 sut lfd[7015]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 02:01:13 sut lfd[7020]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 02:01:43 sut lfd[7032]: daemon started on sut - csf v14.24 (generic)
Aug 31 02:01:43 sut lfd[7032]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 02:01:43 sut lfd[7032]: Log Scanner...
Aug 31 02:01:43 sut lfd[7032]: CSF Tracking...
Aug 31 02:01:43 sut lfd[7032]: LOAD Tracking...
Aug 31 02:01:43 sut lfd[7032]: Country Code Lookups...
Aug 31 02:01:43 sut lfd[7032]: System Integrity Tracking...
Aug 31 02:01:43 sut lfd[7032]: Exploit Tracking...
Aug 31 02:01:43 sut lfd[7032]: Directory Watching...
Aug 31 02:01:43 sut lfd[7032]: Process Tracking...
Aug 31 02:01:43 sut lfd[7032]: Account Tracking...
Aug 31 02:01:43 sut lfd[7032]: SSH Tracking...
Aug 31 02:01:43 sut lfd[7032]: Webmin Tracking...
Aug 31 02:01:43 sut lfd[7032]: SU Tracking...
Aug 31 02:01:43 sut lfd[7032]: Console Tracking...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/auth.log...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/secure...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/messages...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/lfd.log...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/customlog...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/syslog...
Aug 31 02:01:43 sut lfd[7032]: Watching /var/log/apache2/error.log...
Aug 31 02:01:43 sut lfd[7045]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 02:01:48 sut lfd[7069]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:02:43 sut lfd[7081]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 02:02:48 sut lfd[7125]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:02:49 sut lfd[7127]: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
Aug 31 02:02:54 sut lfd[7207]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:02:54 sut lfd[7209]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:02:59 sut lfd[7230]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:04 sut lfd[7272]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:09 sut lfd[7333]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:09 sut lfd[7335]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:14 sut lfd[7397]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:14 sut lfd[7399]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:19 sut lfd[7461]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:19 sut lfd[7463]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:24 sut lfd[7524]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:24 sut lfd[7526]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:29 sut lfd[7587]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:29 sut lfd[7589]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:34 sut lfd[7651]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:34 sut lfd[7653]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:39 sut lfd[7714]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:39 sut lfd[7716]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:44 sut lfd[7778]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:44 sut lfd[7780]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:49 sut lfd[7832]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 02:03:49 sut lfd[7834]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
