==== DATE ====
Sun Aug 31 01:50:46 WIB 2025
==== UFW STATUS (numbered) ====
Status: inactive
==== UFW LOG (last 200, filtered by IP if set) ====
==== FAIL2BAN sshd STATUS ====
==== FAIL2BAN LOG (last 200) ====
==== CSF LIST (csf -l) ====
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     494K   21M LOCALINPUT  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      526 26670 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
3     131K 5767K SYNFLOOD   6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
4     369K   15M INVALID    6    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
6        0     0 LOGDROPIN  1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
7        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8       65  4904 ACCEPT     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
9        1    44 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
10       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2222
11       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
12       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:9100
13       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:5201
14       0     0 ACCEPT     17   --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:5201
15    8797  459K LOGDROPIN  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     2630 8458K LOCALOUTPUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
4        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
5        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
6      526 26670 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
7      136 19765 INVALID    6    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     1    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
9      136 19765 ACCEPT     0    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10       0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpts:1:65535
11      64  4864 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpts:1:65535
12       0     0 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       79 16489 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
4        8   324 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
5      142  5952 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
6     2915  329K ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
7        0     0 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
8        0     0 ACCEPT     0    --  !lo    *       192.168.55.118       0.0.0.0/0           
9       11  1467 ACCEPT     0    --  !lo    *       192.168.48.1         0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     2427 8433K ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.55.118      
2        3   219 ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.48.1        

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     360K   14M INVDROP    0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     360K   14M DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     494K   21M ALLOWIN    0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2     491K   20M DENYIN     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     2630 8458K ALLOWOUT   0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2      200 24629 DENYOUT    0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
3       64  4864 UDPFLOOD   17   --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        2    88 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        2    88 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        2    88 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       4   176 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12      15  1738 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       2    88 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       1    44 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21      47  2068 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22     113 57144 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24    8769  457K DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4        0     0 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     8631  380K RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 150
2       47  2068 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3     122K 5387K DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain UDPFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 0
2       64  4864 RETURN     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 500
3        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
4        0     0 REJECT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable


iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables raw table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables nat table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
==== CSF GREP ATTACKER (csf -g) ====

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination         

filter ALLOWIN          2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
filter ALLOWIN          3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
filter ALLOWIN          4        8   324 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
filter ALLOWIN          5      142  5952 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
==== LFD LOG (last 200) ====
Aug 31 01:42:35 sut lfd[3742]: daemon started on sut - csf v14.24 (generic)
Aug 31 01:42:35 sut lfd[3742]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 01:42:35 sut lfd[3742]: Log Scanner...
Aug 31 01:42:35 sut lfd[3742]: CSF Tracking...
Aug 31 01:42:35 sut lfd[3742]: LOAD Tracking...
Aug 31 01:42:35 sut lfd[3742]: Country Code Lookups...
Aug 31 01:42:35 sut lfd[3742]: System Integrity Tracking...
Aug 31 01:42:35 sut lfd[3742]: Exploit Tracking...
Aug 31 01:42:35 sut lfd[3742]: Directory Watching...
Aug 31 01:42:35 sut lfd[3742]: Process Tracking...
Aug 31 01:42:35 sut lfd[3742]: Account Tracking...
Aug 31 01:42:35 sut lfd[3742]: SSH Tracking...
Aug 31 01:42:35 sut lfd[3742]: Webmin Tracking...
Aug 31 01:42:35 sut lfd[3742]: SU Tracking...
Aug 31 01:42:35 sut lfd[3742]: Console Tracking...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/syslog...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/secure...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/messages...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/customlog...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/auth.log...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/lfd.log...
Aug 31 01:42:35 sut lfd[3742]: Watching /var/log/apache2/error.log...
Aug 31 01:42:35 sut lfd[3757]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:42:35 sut lfd[3757]: Main Process: TERM
Aug 31 01:42:35 sut lfd[3757]: daemon stopped
Aug 31 01:42:35 sut lfd[3758]: Main Process: TERM
Aug 31 01:42:35 sut lfd[3758]: daemon stopped
Aug 31 01:42:35 sut lfd[3754]: Main Process: TERM
Aug 31 01:42:35 sut lfd[3742]: Main Process: TERM
Aug 31 01:42:35 sut lfd[3754]: daemon stopped
Aug 31 01:42:35 sut lfd[3742]: daemon stopped
Aug 31 01:42:35 sut lfd[3889]: daemon started on sut - csf v14.24 (generic)
Aug 31 01:42:35 sut lfd[3889]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 01:42:35 sut lfd[3889]: Log Scanner...
Aug 31 01:42:35 sut lfd[3889]: CSF Tracking...
Aug 31 01:42:35 sut lfd[3889]: LOAD Tracking...
Aug 31 01:42:35 sut lfd[3889]: Country Code Lookups...
Aug 31 01:42:35 sut lfd[3889]: System Integrity Tracking...
Aug 31 01:42:35 sut lfd[3889]: Exploit Tracking...
Aug 31 01:42:35 sut lfd[3889]: Directory Watching...
Aug 31 01:42:35 sut lfd[3889]: Process Tracking...
Aug 31 01:42:35 sut lfd[3889]: Account Tracking...
Aug 31 01:42:35 sut lfd[3889]: SSH Tracking...
Aug 31 01:42:35 sut lfd[3889]: Webmin Tracking...
Aug 31 01:42:35 sut lfd[3889]: SU Tracking...
Aug 31 01:42:35 sut lfd[3889]: Console Tracking...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/secure...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/apache2/error.log...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/customlog...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/messages...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/lfd.log...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/auth.log...
Aug 31 01:42:35 sut lfd[3889]: Watching /var/log/syslog...
Aug 31 01:42:35 sut lfd[3901]: *User Processing* PID:681 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 01:42:40 sut lfd[3889]: csf (re)start requested - running *csf startup*...
Aug 31 01:42:41 sut lfd[3889]: csf (re)start completed
Aug 31 01:42:41 sut lfd[4147]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:42:41 sut lfd[4149]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:42:41 sut lfd[4151]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:42:41 sut lfd[4165]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:42:41 sut lfd[4171]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:42:46 sut lfd[4208]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:43:21 sut lfd[4235]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 01:50:46 sut lfd[4333]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
