==== DATE ====
Sun Aug 31 03:19:46 WIB 2025
==== UFW STATUS (numbered) ====
Status: inactive
==== UFW LOG (last 200, filtered by IP if set) ====
==== FAIL2BAN sshd STATUS ====
==== FAIL2BAN LOG (last 200) ====
==== CSF LIST (csf -l) ====
iptables filter table
=====================
Chain INPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    8853K  432G LOCALINPUT  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2      140  7126 ACCEPT     0    --  lo     *       0.0.0.0/0            0.0.0.0/0           
3        0     0 SYNFLOOD   6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02
4       25  1300 INVALID    6    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
5        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8 limit: avg 1/sec burst 5
6        0     0 LOGDROPIN  1    --  !lo    *       0.0.0.0/0            0.0.0.0/0            icmptype 8
7        0     0 ACCEPT     1    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
8       26  1736 ACCEPT     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
9        0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:22
10       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:2222
11       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:80
12       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:9100
13       0     0 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpt:5201
14       0     0 ACCEPT     17   --  !lo    *       0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpt:5201
15      47 22090 LOGDROPIN  0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain FORWARD (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy DROP 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
1    4385K  230M LOCALOUTPUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp dpt:53
3        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp dpt:53
4        0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            tcp spt:53
5        0     0 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            udp spt:53
6      140  7126 ACCEPT     0    --  *      lo      0.0.0.0/0            0.0.0.0/0           
7    4384K  228M INVALID    6    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
8        0     0 ACCEPT     1    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
9    4384K  228M ACCEPT     0    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
10       0     0 ACCEPT     6    --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW tcp dpts:1:65535
11      16  1216 ACCEPT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            ctstate NEW udp dpts:1:65535
12       0     0 LOGDROPOUT  0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain ALLOWIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1       94 21156 ACCEPT     6    --  !lo    *       0.0.0.0/0            0.0.0.0/0            tcp dpt:2222
2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
4    8852K  432G ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
6      723 83712 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
7        0     0 ACCEPT     6    --  !lo    *       192.168.55.118       0.0.0.0/0            tcp dpt:9100
8        0     0 ACCEPT     0    --  !lo    *       192.168.55.118       0.0.0.0/0           
9        3   385 ACCEPT     0    --  !lo    *       192.168.48.1         0.0.0.0/0           

Chain ALLOWOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1      660 2209K ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.55.118      
2        1    73 ACCEPT     0    --  *      !lo     0.0.0.0/0            192.168.48.1        

Chain DENYIN (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain DENYOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INVALID (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 INVDROP    0    --  *      *       0.0.0.0/0            0.0.0.0/0            ctstate INVALID
2        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x00
3        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x3F/0x3F
4        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x03/0x03
5        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x06/0x06
6        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x05/0x05
7        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x11/0x01
8        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x18/0x08
9        0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x30/0x20
10       0     0 INVDROP    6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:!0x17/0x02 ctstate NEW

Chain INVDROP (10 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALINPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    8853K  432G ALLOWIN    0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           
2       63 23306 DENYIN     0    --  !lo    *       0.0.0.0/0            0.0.0.0/0           

Chain LOCALOUTPUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1    4385K  230M ALLOWOUT   0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
2    4384K  228M DENYOUT    0    --  *      !lo     0.0.0.0/0            0.0.0.0/0           
3       16  1216 UDPFLOOD   17   --  *      !lo     0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPIN (2 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:23
2        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:23
3        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:67
4        2   676 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:67
5        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:68
6        2  1152 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:68
7        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:111
8        0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:111
9        0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:113
10       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:113
11       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpts:135:139
12       4   463 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpts:135:139
13       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:445
14       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:445
15       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:500
16       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:500
17       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:513
18       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:513
19       0     0 DROP       6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp dpt:520
20       0     0 DROP       17   --  *      *       0.0.0.0/0            0.0.0.0/0            udp dpt:520
21       0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *TCP_IN Blocked* "
22      29 14825 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *UDP_IN Blocked* "
23       0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *ICMP_IN Blocked* "
24      39 19799 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain LOGDROPOUT (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 LOG        6    --  *      *       0.0.0.0/0            0.0.0.0/0            tcp flags:0x17/0x02 limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *TCP_OUT Blocked* "
2        0     0 LOG        17   --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDP_OUT Blocked* "
3        0     0 LOG        1    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *ICMP_OUT Blocked* "
4        0     0 REJECT     0    --  *      *       0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable

Chain SYNFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 150
2        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 0 level 4 prefix "Firewall: *SYNFLOOD Blocked* "
3        0     0 DROP       0    --  *      *       0.0.0.0/0            0.0.0.0/0           

Chain UDPFLOOD (1 references)
num   pkts bytes target     prot opt in     out     source               destination         
1        0     0 RETURN     17   --  *      *       0.0.0.0/0            0.0.0.0/0            owner UID match 0
2       16  1216 RETURN     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            limit: avg 100/sec burst 500
3        0     0 LOG        0    --  *      *       0.0.0.0/0            0.0.0.0/0            limit: avg 30/min burst 5 LOG flags 8 level 4 prefix "Firewall: *UDPFLOOD* "
4        0     0 REJECT     17   --  *      !lo     0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable


iptables mangle table
=====================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables raw table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         


iptables nat table
==================
Chain PREROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain OUTPUT (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         

Chain POSTROUTING (policy ACCEPT 0 packets, 0 bytes)
num   pkts bytes target     prot opt in     out     source               destination         
==== CSF GREP ATTACKER (csf -g) ====

Table  Chain            num   pkts bytes target     prot opt in     out     source               destination         

filter ALLOWIN          2        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:2222
filter ALLOWIN          3        0     0 ACCEPT     17   --  !lo    *       192.168.55.122       0.0.0.0/0            udp dpt:5201
filter ALLOWIN          4    8852K  432G ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:5201
filter ALLOWIN          5        0     0 ACCEPT     6    --  !lo    *       192.168.55.122       0.0.0.0/0            tcp dpt:80
==== LFD LOG (last 200) ====
Aug 31 03:05:10 sut lfd[3741]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:05:10 sut lfd[3741]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:05:10 sut lfd[3741]: Log Scanner...
Aug 31 03:05:10 sut lfd[3741]: CSF Tracking...
Aug 31 03:05:10 sut lfd[3741]: LOAD Tracking...
Aug 31 03:05:10 sut lfd[3741]: Country Code Lookups...
Aug 31 03:05:10 sut lfd[3741]: System Integrity Tracking...
Aug 31 03:05:10 sut lfd[3741]: Exploit Tracking...
Aug 31 03:05:10 sut lfd[3741]: Directory Watching...
Aug 31 03:05:10 sut lfd[3741]: Process Tracking...
Aug 31 03:05:10 sut lfd[3741]: Account Tracking...
Aug 31 03:05:10 sut lfd[3741]: SSH Tracking...
Aug 31 03:05:10 sut lfd[3741]: Webmin Tracking...
Aug 31 03:05:10 sut lfd[3741]: SU Tracking...
Aug 31 03:05:10 sut lfd[3741]: Console Tracking...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/messages...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/auth.log...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/secure...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/lfd.log...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/apache2/error.log...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/customlog...
Aug 31 03:05:10 sut lfd[3741]: Watching /var/log/syslog...
Aug 31 03:05:10 sut lfd[3756]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:05:11 sut lfd[3753]: Main Process: TERM
Aug 31 03:05:11 sut lfd[3753]: daemon stopped
Aug 31 03:05:11 sut lfd[3756]: Main Process: TERM
Aug 31 03:05:11 sut lfd[3756]: daemon stopped
Aug 31 03:05:11 sut lfd[3757]: Main Process: TERM
Aug 31 03:05:11 sut lfd[3757]: daemon stopped
Aug 31 03:05:11 sut lfd[3741]: Main Process: TERM
Aug 31 03:05:11 sut lfd[3741]: daemon stopped
Aug 31 03:05:11 sut lfd[3887]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:05:11 sut lfd[3887]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:05:11 sut lfd[3887]: Log Scanner...
Aug 31 03:05:11 sut lfd[3887]: CSF Tracking...
Aug 31 03:05:11 sut lfd[3887]: LOAD Tracking...
Aug 31 03:05:11 sut lfd[3887]: Country Code Lookups...
Aug 31 03:05:11 sut lfd[3887]: System Integrity Tracking...
Aug 31 03:05:11 sut lfd[3887]: Exploit Tracking...
Aug 31 03:05:11 sut lfd[3887]: Directory Watching...
Aug 31 03:05:11 sut lfd[3887]: Process Tracking...
Aug 31 03:05:11 sut lfd[3887]: Account Tracking...
Aug 31 03:05:11 sut lfd[3887]: SSH Tracking...
Aug 31 03:05:11 sut lfd[3887]: Webmin Tracking...
Aug 31 03:05:11 sut lfd[3887]: SU Tracking...
Aug 31 03:05:11 sut lfd[3887]: Console Tracking...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/messages...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/customlog...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/lfd.log...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/apache2/error.log...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/syslog...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/auth.log...
Aug 31 03:05:11 sut lfd[3887]: Watching /var/log/secure...
Aug 31 03:05:11 sut lfd[3899]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:05:16 sut lfd[3887]: csf (re)start requested - running *csf startup*...
Aug 31 03:05:16 sut lfd[3887]: csf (re)start completed
Aug 31 03:05:16 sut lfd[4145]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4147]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4157]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4163]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:16 sut lfd[4169]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:21 sut lfd[4207]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:05:56 sut lfd[4234]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:13:56 sut lfd[4324]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:13:57 sut lfd[3887]: Main Process: TERM
Aug 31 03:13:57 sut lfd[4324]: Main Process: TERM
Aug 31 03:13:57 sut lfd[3887]: daemon stopped
Aug 31 03:13:57 sut lfd[4324]: daemon stopped
Aug 31 03:13:58 sut lfd[4518]: Main Process: TERM
Aug 31 03:13:58 sut lfd[4518]: daemon stopped
Aug 31 03:13:58 sut lfd[4531]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:13:58 sut lfd[4531]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:13:58 sut lfd[4531]: Log Scanner...
Aug 31 03:13:58 sut lfd[4531]: CSF Tracking...
Aug 31 03:13:58 sut lfd[4531]: LOAD Tracking...
Aug 31 03:13:58 sut lfd[4531]: Country Code Lookups...
Aug 31 03:13:58 sut lfd[4531]: System Integrity Tracking...
Aug 31 03:13:58 sut lfd[4531]: Exploit Tracking...
Aug 31 03:13:58 sut lfd[4531]: Directory Watching...
Aug 31 03:13:58 sut lfd[4531]: Process Tracking...
Aug 31 03:13:58 sut lfd[4531]: Account Tracking...
Aug 31 03:13:58 sut lfd[4531]: SSH Tracking...
Aug 31 03:13:58 sut lfd[4531]: Webmin Tracking...
Aug 31 03:13:58 sut lfd[4531]: SU Tracking...
Aug 31 03:13:58 sut lfd[4531]: Console Tracking...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/customlog...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/lfd.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/apache2/error.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/auth.log...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/syslog...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/messages...
Aug 31 03:13:58 sut lfd[4531]: Watching /var/log/secure...
Aug 31 03:13:58 sut lfd[4544]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:14:03 sut lfd[4569]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:15:03 sut lfd[4606]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:16:03 sut lfd[4674]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:16:04 sut lfd[4531]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4674]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4674]: daemon stopped
Aug 31 03:16:04 sut lfd[4531]: daemon stopped
Aug 31 03:16:04 sut lfd[4847]: Main Process: TERM
Aug 31 03:16:04 sut lfd[4847]: daemon stopped
Aug 31 03:16:04 sut lfd[4862]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:16:04 sut lfd[4862]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:16:04 sut lfd[4862]: Log Scanner...
Aug 31 03:16:04 sut lfd[4862]: CSF Tracking...
Aug 31 03:16:04 sut lfd[4862]: LOAD Tracking...
Aug 31 03:16:04 sut lfd[4862]: Country Code Lookups...
Aug 31 03:16:04 sut lfd[4862]: System Integrity Tracking...
Aug 31 03:16:04 sut lfd[4862]: Exploit Tracking...
Aug 31 03:16:04 sut lfd[4862]: Directory Watching...
Aug 31 03:16:04 sut lfd[4862]: Process Tracking...
Aug 31 03:16:04 sut lfd[4862]: Account Tracking...
Aug 31 03:16:04 sut lfd[4862]: SSH Tracking...
Aug 31 03:16:04 sut lfd[4862]: Webmin Tracking...
Aug 31 03:16:04 sut lfd[4862]: SU Tracking...
Aug 31 03:16:04 sut lfd[4862]: Console Tracking...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/customlog...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/syslog...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/auth.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/messages...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/lfd.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/apache2/error.log...
Aug 31 03:16:04 sut lfd[4862]: Watching /var/log/secure...
Aug 31 03:16:04 sut lfd[4875]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:16:09 sut lfd[4899]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:04 sut lfd[4909]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 03:17:09 sut lfd[4935]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:39 sut lfd[4982]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:17:40 sut lfd[4862]: Main Process: TERM
Aug 31 03:17:40 sut lfd[4935]: Main Process: TERM
Aug 31 03:17:40 sut lfd[4862]: daemon stopped
Aug 31 03:17:40 sut lfd[4935]: daemon stopped
Aug 31 03:17:40 sut lfd[4982]: Main Process: TERM
Aug 31 03:17:41 sut lfd[5171]: Main Process: TERM
Aug 31 03:17:41 sut lfd[5171]: daemon stopped
Aug 31 03:17:41 sut lfd[5184]: daemon started on sut - csf v14.24 (generic)
Aug 31 03:17:41 sut lfd[5184]: LF_APACHE_ERRPORT: Set to [2]
Aug 31 03:17:41 sut lfd[5184]: Log Scanner...
Aug 31 03:17:41 sut lfd[5184]: CSF Tracking...
Aug 31 03:17:41 sut lfd[5184]: LOAD Tracking...
Aug 31 03:17:41 sut lfd[5184]: Country Code Lookups...
Aug 31 03:17:41 sut lfd[5184]: System Integrity Tracking...
Aug 31 03:17:41 sut lfd[5184]: Exploit Tracking...
Aug 31 03:17:41 sut lfd[5184]: Directory Watching...
Aug 31 03:17:41 sut lfd[5184]: Process Tracking...
Aug 31 03:17:41 sut lfd[5184]: Account Tracking...
Aug 31 03:17:41 sut lfd[5184]: SSH Tracking...
Aug 31 03:17:41 sut lfd[5184]: Webmin Tracking...
Aug 31 03:17:41 sut lfd[5184]: SU Tracking...
Aug 31 03:17:41 sut lfd[5184]: Console Tracking...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/messages...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/lfd.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/syslog...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/apache2/error.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/customlog...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/auth.log...
Aug 31 03:17:41 sut lfd[5184]: Watching /var/log/secure...
Aug 31 03:17:41 sut lfd[5197]: *User Processing* PID:680 Kill:0 User:prometheus VM:1574(MB) EXE:/usr/bin/prometheus-node-exporter CMD:/usr/bin/prometheus-node-exporter --web.listen-address=0.0.0.0:9100 --collector.textfile.directory=/var/lib/node_exporter/text
Aug 31 03:17:46 sut lfd[5221]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:18:41 sut lfd[5488]: Child : *Lock Error* [PT_INTERVAL] still active - section skipped
Aug 31 03:18:46 sut lfd[5547]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:18:46 sut lfd[5549]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
Aug 31 03:19:46 sut lfd[5605]: *SSH login* from 192.168.55.222 into the root account using publickey authentication
