==== DATE ====
Sun Aug 31 03:23:59 WIB 2025
==== UFW STATUS (numbered) ====
Status: inactive
==== UFW LOG (last 200, filtered by IP if set) ====
==== FAIL2BAN sshd STATUS ====
==== FAIL2BAN LOG (last 200) ====
==== CSF LIST (csf -l) ====
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1547  252K LOCALINPUT  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      262 19616 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        9   540 SYNFLOOD   6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
4      118 16739 INVALID    6    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
6        0     0 LOGDROPIN  1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
7        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8      103 16103 ACCEPT     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
9        9   540 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
10       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2222
11       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
12       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:9100
13       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:5201
14       0     0 ACCEPT     17   --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:5201
15      38 19091 LOGDROPIN  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1     1251 2390K LOCALOUTPUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
4        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
5        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
6      262 19616 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
7      579  157K INVALID    6    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     1    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
9      564  155K ACCEPT     0    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10       0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpts:1:65535
11       9   684 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpts:1:65535
12       0     0 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      534  124K ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
6      739 84910 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
7        0     0 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
8        0     0 ACCEPT     0    --  !lo    *       192.168.55.118       0.0.0.0/0           
9        4   458 ACCEPT     0    --  !lo    *       192.168.48.1         0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      612 2228K ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.55.118      
2        2   146 ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.48.1        

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0           

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122      

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 INVDROP    0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1547  252K ALLOWIN    0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      270 42374 DENYIN     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1     1251 2390K ALLOWOUT   0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2      637  162K DENYOUT    0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
3        9   684 UDPFLOOD   17   --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12       1   229 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21       0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22      26 13916 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24      37 18862 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4       72  7488 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        9   540 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 150
2        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain UDPFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 0
2        9   684 RETURN     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 500
3        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
4        0     0 REJECT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable


iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables raw table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables nat table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
==== CSF GREP ATTACKER (csf -g) ====

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination         

filter ALLOWIN          2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
filter ALLOWIN          3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
filter ALLOWIN          4        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
filter ALLOWIN          5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80

filter DENYIN           1      130  7160 DROP       0    --  !lo    *       192.168.55.122       0.0.0.0/0

filter DENYOUT          1       72  7488 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            192.168.55.122

csf.deny: 192.168.55.122 # lfd: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - Sun Aug 31 03:22:59 2025
==== LFD LOG (last 200) ====
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/apache2/error.log...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/syslog...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/auth.log...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/secure...
Aug 31 03:05:11 sut lfd[3899]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:05:16 sut lfd[3887]: csf (re)start requested - running *csf startup*...
Aug 31 03:05:16 sut lfd[3887]: csf (re)start completed
Aug 31 03:05:16 sut lfd[4145]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4147]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4157]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4163]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4169]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:21 sut lfd[4207]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:56 sut lfd[4234]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:13:56 sut lfd[4324]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:13:57 sut lfd[3887]: Main Process: TERM
Aug 31 03:13:57 sut lfd[4324]: Main Process: TERM
Aug 31 03:13:57 sut lfd[3887]: daemon stopped
Aug 31 03:13:57 sut lfd[4324]: daemon stopped
Aug 31 03:13:58 sut lfd[4518]: Main Process: TERM
Aug 31 03:13:58 sut lfd[4518]: daemon stopped
Aug 31 03:13:58 sut lfd[4531]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:13:58 sut lfd[4531]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:13:58 sut lfd[4531]: Log Scanner...
Aug 31 03:13:58 sut lfd[4531]: CSF Tracking...
Aug 31 03:13:58 sut lfd[4531]: LOAD Tracking...
Aug 31 03:13:58 sut lfd[4531]: Country Code Lookups...
Aug 31 03:13:58 sut lfd[4531]: System Integrity Tracking...
Aug 31 03:13:58 sut lfd[4531]: Exploit Tracking...
Aug 31 03:13:58 sut lfd[4531]: Directory Watching...
Aug 31 03:13:58 sut lfd[4531]: Process Tracking...
Aug 31 03:13:58 sut lfd[4531]: Account Tracking...
Aug 31 03:13:58 sut lfd[4531]: SSH Tracking...
Aug 31 03:13:58 sut lfd[4531]: Webmin Tracking...
Aug 31 03:13:58 sut lfd[4531]: SU Tracking...
Aug 31 03:13:58 sut lfd[4531]: Console Tracking...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/customlog...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/lfd.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/apache2/error.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/auth.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/syslog...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/messages...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/secure...
Aug 31 03:13:58 sut lfd[4544]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:14:03 sut lfd[4569]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:15:03 sut lfd[4606]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:16:03 sut lfd[4674]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:16:04 sut lfd[4531]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4674]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4674]: daemon stopped
Aug 31 03:16:04 sut lfd[4531]: daemon stopped
Aug 31 03:16:04 sut lfd[4847]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4847]: daemon stopped
Aug 31 03:16:04 sut lfd[4862]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:16:04 sut lfd[4862]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:16:04 sut lfd[4862]: Log Scanner...
Aug 31 03:16:04 sut lfd[4862]: CSF Tracking...
Aug 31 03:16:04 sut lfd[4862]: LOAD Tracking...
Aug 31 03:16:04 sut lfd[4862]: Country Code Lookups...
Aug 31 03:16:04 sut lfd[4862]: System Integrity Tracking...
Aug 31 03:16:04 sut lfd[4862]: Exploit Tracking...
Aug 31 03:16:04 sut lfd[4862]: Directory Watching...
Aug 31 03:16:04 sut lfd[4862]: Process Tracking...
Aug 31 03:16:04 sut lfd[4862]: Account Tracking...
Aug 31 03:16:04 sut lfd[4862]: SSH Tracking...
Aug 31 03:16:04 sut lfd[4862]: Webmin Tracking...
Aug 31 03:16:04 sut lfd[4862]: SU Tracking...
Aug 31 03:16:04 sut lfd[4862]: Console Tracking...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/customlog...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/syslog...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/auth.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/messages...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/lfd.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/apache2/error.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/secure...
Aug 31 03:16:04 sut lfd[4875]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:16:09 sut lfd[4899]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:04 sut lfd[4909]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 03:17:09 sut lfd[4935]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:39 sut lfd[4982]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:40 sut lfd[4862]: Main Process: TERM
Aug 31 03:17:40 sut lfd[4935]: Main Process: TERM
Aug 31 03:17:40 sut lfd[4862]: daemon stopped
Aug 31 03:17:40 sut lfd[4935]: daemon stopped
Aug 31 03:17:40 sut lfd[4982]: Main Process: TERM
Aug 31 03:17:41 sut lfd[5171]: Main Process: TERM
Aug 31 03:17:41 sut lfd[5171]: daemon stopped
Aug 31 03:17:41 sut lfd[5184]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:17:41 sut lfd[5184]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:17:41 sut lfd[5184]: Log Scanner...
Aug 31 03:17:41 sut lfd[5184]: CSF Tracking...
Aug 31 03:17:41 sut lfd[5184]: LOAD Tracking...
Aug 31 03:17:41 sut lfd[5184]: Country Code Lookups...
Aug 31 03:17:41 sut lfd[5184]: System Integrity Tracking...
Aug 31 03:17:41 sut lfd[5184]: Exploit Tracking...
Aug 31 03:17:41 sut lfd[5184]: Directory Watching...
Aug 31 03:17:41 sut lfd[5184]: Process Tracking...
Aug 31 03:17:41 sut lfd[5184]: Account Tracking...
Aug 31 03:17:41 sut lfd[5184]: SSH Tracking...
Aug 31 03:17:41 sut lfd[5184]: Webmin Tracking...
Aug 31 03:17:41 sut lfd[5184]: SU Tracking...
Aug 31 03:17:41 sut lfd[5184]: Console Tracking...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/messages...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/lfd.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/syslog...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/apache2/error.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/customlog...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/auth.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/secure...
Aug 31 03:17:41 sut lfd[5197]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:17:46 sut lfd[5221]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:18:41 sut lfd[5488]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 03:18:46 sut lfd[5547]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:18:46 sut lfd[5549]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:19:46 sut lfd[5605]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:19:47 sut lfd[5184]: Main Process: TERM
Aug 31 03:19:47 sut lfd[5184]: daemon stopped
Aug 31 03:19:47 sut lfd[5791]: Main Process: TERM
Aug 31 03:19:47 sut lfd[5791]: daemon stopped
Aug 31 03:19:47 sut lfd[5806]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:19:47 sut lfd[5806]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:19:47 sut lfd[5806]: Log Scanner...
Aug 31 03:19:47 sut lfd[5806]: CSF Tracking...
Aug 31 03:19:47 sut lfd[5806]: LOAD Tracking...
Aug 31 03:19:47 sut lfd[5806]: Country Code Lookups...
Aug 31 03:19:47 sut lfd[5806]: System Integrity Tracking...
Aug 31 03:19:47 sut lfd[5806]: Exploit Tracking...
Aug 31 03:19:47 sut lfd[5806]: Directory Watching...
Aug 31 03:19:47 sut lfd[5806]: Process Tracking...
Aug 31 03:19:47 sut lfd[5806]: Account Tracking...
Aug 31 03:19:47 sut lfd[5806]: SSH Tracking...
Aug 31 03:19:47 sut lfd[5806]: Webmin Tracking...
Aug 31 03:19:47 sut lfd[5806]: SU Tracking...
Aug 31 03:19:47 sut lfd[5806]: Console Tracking...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/messages...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/syslog...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/lfd.log...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/apache2/error.log...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/customlog...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/auth.log...
Aug 31 03:19:47 sut lfd[5806]: Watching /var/log/secure...
Aug 31 03:19:47 sut lfd[5819]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:19:52 sut lfd[5843]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:20:52 sut lfd[5906]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:20:52 sut lfd[5908]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:21:52 sut lfd[5963]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:21:53 sut lfd[5806]: Main Process: TERM
Aug 31 03:21:53 sut lfd[5963]: Main Process: TERM
Aug 31 03:21:53 sut lfd[5806]: daemon stopped
Aug 31 03:21:53 sut lfd[5963]: daemon stopped
Aug 31 03:21:54 sut lfd[6149]: Main Process: TERM
Aug 31 03:21:54 sut lfd[6149]: daemon stopped
Aug 31 03:21:54 sut lfd[6163]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:21:54 sut lfd[6163]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:21:54 sut lfd[6163]: Log Scanner...
Aug 31 03:21:54 sut lfd[6163]: CSF Tracking...
Aug 31 03:21:54 sut lfd[6163]: LOAD Tracking...
Aug 31 03:21:54 sut lfd[6163]: Country Code Lookups...
Aug 31 03:21:54 sut lfd[6163]: System Integrity Tracking...
Aug 31 03:21:54 sut lfd[6163]: Exploit Tracking...
Aug 31 03:21:54 sut lfd[6163]: Directory Watching...
Aug 31 03:21:54 sut lfd[6163]: Process Tracking...
Aug 31 03:21:54 sut lfd[6163]: Account Tracking...
Aug 31 03:21:54 sut lfd[6163]: SSH Tracking...
Aug 31 03:21:54 sut lfd[6163]: Webmin Tracking...
Aug 31 03:21:54 sut lfd[6163]: SU Tracking...
Aug 31 03:21:54 sut lfd[6163]: Console Tracking...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/apache2/error.log...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/lfd.log...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/customlog...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/syslog...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/messages...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/auth.log...
Aug 31 03:21:54 sut lfd[6163]: Watching /var/log/secure...
Aug 31 03:21:54 sut lfd[6176]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:21:59 sut lfd[6200]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:22:59 sut lfd[6255]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:22:59 sut lfd[6257]: (sshd) Failed SSH login from 192.168.55.122 (-): 5 in the last 3600 secs - *Blocked in csf* [LF_SSHD]
Aug 31 03:23:04 sut lfd[6338]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:04 sut lfd[6340]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:09 sut lfd[6362]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:14 sut lfd[6403]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:19 sut lfd[6464]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:19 sut lfd[6466]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:24 sut lfd[6527]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:24 sut lfd[6529]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:29 sut lfd[6591]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:29 sut lfd[6593]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:34 sut lfd[6654]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:34 sut lfd[6656]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:39 sut lfd[6717]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:39 sut lfd[6719]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:44 sut lfd[6780]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:44 sut lfd[6782]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:49 sut lfd[6843]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:49 sut lfd[6845]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:54 sut lfd[6907]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:54 sut lfd[6909]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:59 sut lfd[6957]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:23:59 sut lfd[6959]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
