mco 2025-08

mco 2024-09
maj modele
2025-08-05 22:38:01 +02:00 · 2024-09-06 17:01:42 +00:00 · 2024-05-23 07:18:23 +00:00 · 2024-03-21 21:41:30 +00:00 · 2024-02-07 20:37:49 +00:00 · 2024-01-19 10:53:09 +00:00
22 changed files with 881 additions and 51711 deletions
--- a/2022-03-10.md
+++ b/2022-03-10.md
@@ -0,0 +1,72 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [ ] logs - journalctl --priority warning
+  * [ ] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [ ] accès console depuis dedibox / ovh
+  * [ ] âge des certificats - certbot certificates | ag Expiry
+  * [ ] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [ ] date de la dernière sauvegarde
+  * [ ] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [ ] apachecheck
+  * [ ] score ssl
+  * [ ] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] mysql performance counters
+  * [ ] logs
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [ ] pflogsum
+  * [ ] blacklist check
+
+
+### Rainloop
+  * [ ] mise à jour
+  * [ ] vérification taille répertoire de données
+  * [ ] suppression anciennes versions
+
+### Ldap
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [ ] - logs (y compris logs nextcloud depuis config)
+  * [ ] - mise à jour core
+  * [ ] - mise à jour plugins
+  * [ ] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [ ] - vérifier espace disque des principaux utilisateurs
+  * [ ] - vue d'ensemble
+
+
--- a/2022-09-06.md
+++ b/2022-09-06.md
@@ -0,0 +1,86 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [x] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] apachecheck
+  * [x] score ssl
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] mysql performance counters
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check
+
+
+### Rainloop
+  * [ ] mise à jour
+  * [ ] vérification taille répertoire de données
+  * [ ] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+  * [x] - scan.nextcloud.com A+
+
+### Opérations notables
+
+résultat test mxtoolbox:
+
+DMARC Quarantine/Reject policy not enabled -> corrigé
+
+transaction time (might be high load because of upgrade )
+
+smtp does not support tls -> probably fake
+
+reverse dns != banner -> corrigé
+
+role socle et zabbix client ok
--- a/2022-11-16.md
+++ b/2022-11-16.md
@@ -0,0 +1,79 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [ ] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [ ] apachecheck
+  * [ ] score ssl
+  * [ ] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] mysql performance counters
+  * [ ] logs
+  * [x] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check
+
+
+### Rainloop
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+demande de deban chez https://postmaster.gmx.net/en/case?c=bip&i=ip&v=51.15.253.78
+
+maj rainloop
+
+pb rotation log mail
--- a/2023-01-10.md
+++ b/2023-01-10.md
@@ -0,0 +1,77 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [ ] reboot ( 4/an )
+  * [ ] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [ ] apachecheck
+  * [x] score ssl
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Rainloop
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+role socle avec adaptation burp directory
+
+normalement les pb de rotation de maillog sont résolus (c'est rsyslog qu'il faut re**starter** après logrotate)
+
+
--- a/2023-06-02.md
+++ b/2023-06-02.md
@@ -0,0 +1,74 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [ ] logs
+  * [x] postqueue -p
+  * [ ] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Rainloop
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+deploiement lightmeter
+
+maj nexctcloud vers 26
--- a/2023-09-08.md
+++ b/2023-09-08.md
@@ -0,0 +1,79 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [ ] date de la dernière sauvegarde
+  * [ ] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [ ] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] logs
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### SnappyMail
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [ ] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [X] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+tentative mise en place monitoring predictif de l'usage disque
+
+migration rainloop -> snappymail
+
+Déploiement role socle v2.1
+
+Correction d'une petite erreur dans le certificat du site (maisonduvelolyon.org pas inclus dans subject AltName)
+
--- a/2024-01-19.md
+++ b/2024-01-19.md
@@ -0,0 +1,72 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [ ] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [ ] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Snappymail
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [ ] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [ ] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+suppression php80
--- a/2024-02-07.md
+++ b/2024-02-07.md
@@ -0,0 +1,75 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [x] mysqltuner
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Snappymail
+  * [ ] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+ajout skip-name-resolve dans mysql
+
+surveillance de la taille de la table nextcloud/oc_filecache actuelllement à 165M
+
+:checkmark reboot prévu ce soir
--- a/2024-03-12.md
+++ b/2024-03-12.md
@@ -1,48 +0,0 @@
-vim: set filetype=markdown:
-
-## Légende
-  * [ ] non fait
-  * [!] fait en partie
-  * [x|✓] fait en totalité
-## Général
-
-  * [ ] logs - journalctl --priority warning
-  * [ ] mise à jour - yum check-updates && yum update
-  * [ ] reboot ( 4/an )
-  * [ ] fail2ban - bon fonctionnement, ip bannies...
-  * [ ] services - systemctl --failed
-  * [ ] accès console depuis dedibox / ovh
-  * [ ] âge des certificats - certbot certificates | ag Expiry
-
-## Sauvegardes
-
-  This server is not backed up
-
-## Services
-
-### Sauvegardes 
-  * [ ] sauvegarde lvv sudo ls -l  ~lvv/Backups/courant/
-  * [ ] vérifier si /etc/zabbix/filelist.csv est à jour
-
-### burp
-
-  * [x] mise à jour
-  * [x] logs
-  * [x] mise à jour burp-ui
-  * [x] verif acces burp-ui
-  * [ ] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
-
-(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
-
-sudo burp -c /srv/nas/cig/burp_recup.conf  -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
-
-on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
-
-Ne pas oublier de supprimer les fichiers ensuite.
-### rôle socle
-
-  * [ ] role socle
-
-### Opérations notables
-
-déploiement burpui
--- a/2024-03-21.md
+++ b/2024-03-21.md
@@ -0,0 +1,74 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [ ] lire précédent rapport mco
+  * [ ] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [ ] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [ ] âge des certificats - certbot certificates | ag Expiry
+  * [ ] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [ ] date de la dernière sauvegarde
+  * [ ] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [ ] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [ ] logs
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### Postfix / dovecot
+  * [ ] logs
+  * [ ] postqueue -p
+  * [ ] pflogsum
+  * [ ] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Snappymail
+  * [ ] mise à jour
+  * [ ] vérification taille répertoire de données
+  * [ ] suppression anciennes versions
+
+### Ldap
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+
+#### Nextcloud
+  * [ ] - logs (y compris logs nextcloud depuis config)
+  * [ ] - mise à jour core
+  * [ ] - mise à jour plugins
+  * [ ] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [ ] - vérifier espace disque des principaux utilisateurs
+  * [ ] - vue d'ensemble
+
+### Opérations notables
+
+
+Reboot suite à changement d'hyperviseur chez scaleway
+
--- a/2024-06-03.md
+++ b/2024-06-03.md
@@ -1,59 +0,0 @@
-vim: set filetype=markdown:
-
-## Légende
-  * [ ] non fait
-  * [!] fait en partie
-  * [x|✓] fait en totalité
-## Général
-
-  * [x] logs - journalctl --priority warning
-  * [x] mise à jour - dnf check-updates && yum update
-  * [x] reboot ( 4/an )
-  * [x] fail2ban - bon fonctionnement, ip bannies...
-  * [x] services - systemctl --failed
-  * [x] accès console depuis console scaleway
-  * [x] âge des certificats - certbot certificates | ag Expiry
-
-## Stockage
-
-  * [x] cat /proc/mdstat
-  * [x] df -h
-
-## Sauvegardes
-
-  This server is not backed up
-
-## Services
-
-### Sauvegardes 
-  * [x] sauvegarde lvv sudo ls -l  ~lvv/Backups/courant/
-  * [x] vérifier si /etc/zabbix/filelist.csv est à jour
-
-### burp
-
-  * [x] mise à jour
-  * [x] logs
-  * [x] mise à jour burp-ui
-  * [x] verif acces burp-ui
-  * [x] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
-
-(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
-
-sudo burp -c /srv/nas/cig/burp_recup.conf  -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
-
-on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
-
-Ne pas oublier de supprimer les fichiers ensuite.
-### rôle socle
-
-  * [x] role socle
-
-### Opérations notables
-il a fallu raz manuellement les mdp de root, tom et guillotine ldap account ...
-
-application roles:
-  * socle
-  * burp_server
-  * zabbix
-  * apache
-  * apache_vhost - ça pete la config du vhost
--- a/2024-06-05_guillotine.report
+++ b/2024-06-05_guillotine.report
@@ -1,550 +0,0 @@
-
-
-########## guillotine ##########
-
-
-########## RH UPDATES ########## 
-Last metadata expiration check: 2:17:32 ago on Tue 04 Jun 2024 11:23:35 PM CEST.
-
-
-########## Debian UPDATES ########## 
-
-
-########## CERTIFICATES ##########
-
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-Found the following certs:
-  Certificate Name: backup.opendoor.fr
-    Serial Number: 43d1bbaadb9d3bd99af6fb4c1fd65269db8
-    Key Type: ECDSA
-    Domains: backup.opendoor.fr guillotine.opendoor.fr sauvegarde.opendoor.fr
-    Expiry Date: 2024-07-23 00:48:59+00:00 (VALID: 48 days)
-    Certificate Path: /etc/letsencrypt/live/backup.opendoor.fr/fullchain.pem
-    Private Key Path: /etc/letsencrypt/live/backup.opendoor.fr/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
-
-
-########## UPTIME ##########
- 01:41:10 up 1 day, 14:59,  0 users,  load average: 0.15, 0.03, 0.01
-
-
-########## SERVICE STATUS ##########
-  UNIT LOAD ACTIVE SUB DESCRIPTION
-0 loaded units listed.
-
-
-########## BACKUP LIST ##########
-2024-06-05 01:41:10 +0200: burp[181394] Connecting to localhost:4971
-2024-06-05 01:41:10 +0200: burp[181394] auth ok
-2024-06-05 01:41:10 +0200: burp[181394] Server version: 2.4.0
-2024-06-05 01:41:10 +0200: burp[181394] nocsr ok
-2024-06-05 01:41:10 +0200: burp[181394] SSL is using cipher: TLS_AES_256_GCM_SHA384         TLSv1.3 Kx=any      Au=any   Enc=AESGCM(256)            Mac=AEAD
-
-2024-06-05 01:41:10 +0200: burp[181394] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:failover:vss_restore:regex_icase:counters_json:msg:csetproto:rshash=blake2:seed:
-2024-06-05 01:41:10 +0200: burp[181394] Server has protocol=0 (auto)
-2024-06-05 01:41:10 +0200: burp[181394] Using protocol=1
-no backups
-2024-06-05 01:41:10 +0200: burp[181394] List finished ok
-
-
-########## LAST USER ##########
-tom      pts/0        81.250.227.252   Tue Jun  4 16:00 - 18:21  (02:20)
-tom      pts/0        2a01:e34:ec1b:6e Mon Jun  3 11:49 - 11:49  (00:00)
-tom      pts/4        2a01:e34:ec1b:6e Mon Jun  3 11:29 - 11:49  (00:19)
-tom      pts/3        2a01:e34:ec1b:6e Mon Jun  3 11:25 - 23:52  (12:26)
-tom      pts/0        2a01:e34:ec1b:6e Mon Jun  3 10:43 - 11:49  (01:06)
-reboot   system boot  5.14.0-427.18.1. Mon Jun  3 10:42   still running
-root     tty2                          Mon Jun  3 10:35 - down   (00:03)
-tom      pts/3        2a01:e34:ec1b:6e Mon Jun  3 10:19 - 10:37  (00:17)
-tom      pts/0        2a01:e34:ec1b:6e Mon Jun  3 10:15 - 10:20  (00:04)
-tom      pts/0        2a01:e34:ec1b:6e Sun Jun  2 22:17 - 22:18  (00:01)
-
-\########## LOG Warnings ##########
-Jun 03 10:42:05 guillotine kernel: ACPI: SPCR: Unexpected SPCR Access Width.  Defaulting to byte size
-Jun 03 10:42:05 guillotine kernel: MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
-Jun 03 10:42:05 guillotine kernel:   #5  #6  #7
-Jun 03 10:42:05 guillotine kernel: ERST: NVRAM ERST Log Address Range not implemented yet.
-Jun 03 10:42:08 guillotine systemd[1]: sys-devices-virtual-block-md1.device: Failed to enqueue SYSTEMD_WANTS= job, ignoring: Unit mdmonitor.service not found.
-Jun 03 10:42:13 guillotine kernel: ACPI Error: No handler for Region [SYSI] (00000000dcc52840) [IPMI] (20221020/evregion-130)
-Jun 03 10:42:13 guillotine kernel: ACPI Error: Region IPMI (ID=7) has no handler (20221020/exfldio-261)
-Jun 03 10:42:13 guillotine kernel: ACPI Error: Aborting method \_SB.PMI0._GHL due to previous error (AE_NOT_EXIST) (20221020/psparse-529)
-Jun 03 10:42:13 guillotine kernel: ACPI Error: Aborting method \_SB.PMI0._PMC due to previous error (AE_NOT_EXIST) (20221020/psparse-529)
-Jun 03 10:42:13 guillotine kernel: ACPI: \_SB_.PMI0: _PMC evaluation failed: AE_NOT_EXIST
-Jun 03 10:42:13 guillotine kernel: ipmi_si dmi-ipmi-si.0: The BMC does not support setting the recv irq bit, compensating, but the BMC needs to be fixed.
-Jun 03 10:42:13 guillotine kernel: dell_smbios: No SMBIOS backends available (wmi: -19, smm: -19)
-Jun 03 10:42:16 guillotine kernel: msr: Write to unrecognized MSR 0x17f by mcelog (pid: 906).
-Jun 03 10:42:16 guillotine kernel: msr: See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.
-Jun 03 10:42:20 guillotine kernel: Warning: Unmaintained driver is detected: ip_set
-Jun 03 10:42:27 guillotine /usr/sbin/irqbalance[904]: Cannot change IRQ 0 affinity: Input/output error
-Jun 03 10:42:27 guillotine /usr/sbin/irqbalance[904]: IRQ 0 affinity is now unmanaged
-Jun 03 10:42:37 guillotine kernel: block md1: the capability attribute has been deprecated.
-Jun 03 10:46:02 guillotine sshd[6658]: fatal: Timeout before authentication for 218.76.104.12 port 16418
-Jun 03 10:53:01 guillotine kernel: Warning: Unmaintained driver is detected: nft_compat
-Jun 03 11:31:13 guillotine fail2ban[110933]: [sshd] Restore Ban 103.25.47.94
-Jun 03 11:31:16 guillotine fail2ban[110933]: [sshd] Restore Ban 43.128.81.137
-Jun 03 11:31:17 guillotine fail2ban[110933]: [sshd] Restore Ban 43.131.249.200
-Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 43.153.46.251
-Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 43.156.80.15
-Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 72.240.125.133
-Jun 03 11:31:19 guillotine fail2ban[110933]: [sshd] Restore Ban 77.91.78.115
-Jun 03 11:49:14 guillotine sudo[158903]:      tom : a password is required ; TTY=pts/1 ; PWD=/home/tom/MCO ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 03 11:49:15 guillotine sudo[158952]:      tom : a password is required ; TTY=pts/2 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 03 11:49:17 guillotine sudo[158982]:      tom : a password is required ; TTY=pts/0 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 03 11:49:22 guillotine sudo[159412]:      tom : a password is required ; TTY=pts/0 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 03 11:49:24 guillotine sudo[159453]:      tom : a password is required ; TTY=pts/4 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 03 11:49:38 guillotine fail2ban[110933]: [sshd] Ban 51.255.167.42
-Jun 03 11:52:39 guillotine fail2ban[110933]: [sshd] Ban 183.56.226.5
-Jun 03 11:52:59 guillotine fail2ban[110933]: [sshd] Unban 43.153.46.251
-Jun 03 11:53:36 guillotine fail2ban[110933]: [sshd] Unban 103.25.47.94
-Jun 03 11:53:39 guillotine fail2ban[110933]: [sshd] Unban 43.128.81.137
-Jun 03 11:53:40 guillotine fail2ban[110933]: [sshd] Unban 72.240.125.133
-Jun 03 11:53:48 guillotine fail2ban[110933]: [sshd] Unban 43.131.249.200
-Jun 03 11:53:55 guillotine fail2ban[110933]: [sshd] Unban 43.156.80.15
-Jun 03 11:54:03 guillotine fail2ban[110933]: [sshd] Unban 77.91.78.115
-Jun 03 12:49:38 guillotine fail2ban[110933]: [sshd] Unban 51.255.167.42
-Jun 03 12:52:39 guillotine fail2ban[110933]: [sshd] Unban 183.56.226.5
-Jun 03 13:17:23 guillotine sshd[160201]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 13:17:33 guillotine sshd[160202]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 13:53:55 guillotine sshd[160460]: error: kex_exchange_identification: Connection closed by remote host
-Jun 03 14:00:39 guillotine sshd[160499]: error: kex_exchange_identification: Connection closed by remote host
-Jun 03 14:04:43 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 03 14:36:24 guillotine sshd[160817]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 14:36:38 guillotine sshd[160818]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 15:04:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 03 15:05:52 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 03 15:11:55 guillotine fail2ban[110933]: [sshd] Ban 34.172.117.17
-Jun 03 15:12:00 guillotine fail2ban[110933]: [sshd] Ban 42.96.46.204
-Jun 03 15:12:06 guillotine fail2ban[110933]: [sshd] Ban 43.134.102.169
-Jun 03 15:12:15 guillotine fail2ban[110933]: [sshd] Ban 161.35.86.122
-Jun 03 15:12:17 guillotine fail2ban[110933]: [sshd] Ban 43.163.194.242
-Jun 03 15:12:31 guillotine fail2ban[110933]: [sshd] Ban 186.227.193.156
-Jun 03 15:12:32 guillotine fail2ban[110933]: [sshd] Ban 43.163.230.39
-Jun 03 15:12:33 guillotine fail2ban[110933]: [sshd] Ban 43.135.134.197
-Jun 03 15:12:36 guillotine fail2ban[110933]: [sshd] Ban 129.226.219.243
-Jun 03 15:12:40 guillotine fail2ban[110933]: [sshd] Ban 42.112.16.10
-Jun 03 15:12:41 guillotine fail2ban[110933]: [sshd] Ban 101.32.141.81
-Jun 03 15:12:53 guillotine fail2ban[110933]: [sshd] Ban 180.242.130.169
-Jun 03 15:14:29 guillotine fail2ban[110933]: [sshd] Ban 167.172.82.103
-Jun 03 16:05:51 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 03 16:07:26 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 03 16:11:55 guillotine fail2ban[110933]: [sshd] Unban 34.172.117.17
-Jun 03 16:12:00 guillotine fail2ban[110933]: [sshd] Unban 42.96.46.204
-Jun 03 16:12:06 guillotine fail2ban[110933]: [sshd] Unban 43.134.102.169
-Jun 03 16:12:15 guillotine fail2ban[110933]: [sshd] Unban 161.35.86.122
-Jun 03 16:12:16 guillotine fail2ban[110933]: [sshd] Unban 43.163.194.242
-Jun 03 16:12:30 guillotine fail2ban[110933]: [sshd] Unban 186.227.193.156
-Jun 03 16:12:32 guillotine fail2ban[110933]: [sshd] Unban 43.163.230.39
-Jun 03 16:12:33 guillotine fail2ban[110933]: [sshd] Unban 43.135.134.197
-Jun 03 16:12:35 guillotine fail2ban[110933]: [sshd] Unban 129.226.219.243
-Jun 03 16:12:39 guillotine fail2ban[110933]: [sshd] Unban 42.112.16.10
-Jun 03 16:12:40 guillotine fail2ban[110933]: [sshd] Unban 101.32.141.81
-Jun 03 16:12:53 guillotine fail2ban[110933]: [sshd] Unban 180.242.130.169
-Jun 03 16:14:28 guillotine fail2ban[110933]: [sshd] Unban 167.172.82.103
-Jun 03 16:29:46 guillotine sshd[161856]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 16:32:48 guillotine sshd[161901]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
-Jun 03 16:47:00 guillotine fail2ban[110933]: [sshd] Ban 43.156.169.236
-Jun 03 16:56:03 guillotine fail2ban[110933]: [sshd] Ban 159.65.181.182
-Jun 03 16:56:32 guillotine fail2ban[110933]: [sshd] Ban 43.153.172.6
-Jun 03 16:56:35 guillotine fail2ban[110933]: [sshd] Ban 94.254.0.234
-Jun 03 16:56:42 guillotine fail2ban[110933]: [sshd] Ban 138.68.169.219
-Jun 03 16:56:46 guillotine fail2ban[110933]: [sshd] Ban 64.226.75.247
-Jun 03 16:56:50 guillotine fail2ban[110933]: [sshd] Ban 79.137.198.143
-Jun 03 16:56:55 guillotine fail2ban[110933]: [sshd] Ban 35.209.160.244
-Jun 03 16:57:02 guillotine fail2ban[110933]: [sshd] Ban 43.159.59.67
-Jun 03 16:57:03 guillotine fail2ban[110933]: [sshd] Ban 43.134.175.129
-Jun 03 17:07:26 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 03 17:47:00 guillotine fail2ban[110933]: [sshd] Unban 43.156.169.236
-Jun 03 17:56:02 guillotine fail2ban[110933]: [sshd] Unban 159.65.181.182
-Jun 03 17:56:31 guillotine fail2ban[110933]: [sshd] Unban 43.153.172.6
-Jun 03 17:56:35 guillotine fail2ban[110933]: [sshd] Unban 94.254.0.234
-Jun 03 17:56:41 guillotine fail2ban[110933]: [sshd] Unban 138.68.169.219
-Jun 03 17:56:45 guillotine fail2ban[110933]: [sshd] Unban 64.226.75.247
-Jun 03 17:56:50 guillotine fail2ban[110933]: [sshd] Unban 79.137.198.143
-Jun 03 17:56:55 guillotine fail2ban[110933]: [sshd] Unban 35.209.160.244
-Jun 03 17:57:01 guillotine fail2ban[110933]: [sshd] Unban 43.159.59.67
-Jun 03 17:57:02 guillotine fail2ban[110933]: [sshd] Unban 43.134.175.129
-Jun 03 18:15:04 guillotine sshd[162854]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 18:15:14 guillotine sshd[162856]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 03 18:15:22 guillotine sshd[162857]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 18:15:22 guillotine fail2ban[110933]: [sshd] Ban 8.210.93.44
-Jun 03 18:15:47 guillotine sshd[162875]: error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_51.159.104.131_2222"
-Jun 03 18:28:51 guillotine sshd[162951]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 18:29:00 guillotine sshd[162952]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 19:15:22 guillotine fail2ban[110933]: [sshd] Unban 8.210.93.44
-Jun 03 19:16:34 guillotine sshd[163373]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 19:16:42 guillotine sshd[163374]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 19:20:14 guillotine sshd[163387]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 19:20:26 guillotine sshd[163390]: error: kex_exchange_identification: Connection closed by remote host
-Jun 03 19:20:39 guillotine sshd[163391]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 19:20:39 guillotine fail2ban[110933]: [sshd] Ban 8.217.2.214
-Jun 03 19:25:56 guillotine fail2ban[110933]: [sshd] Ban 43.163.244.40
-Jun 03 19:26:05 guillotine fail2ban[110933]: [sshd] Ban 159.203.170.197
-Jun 03 19:26:11 guillotine fail2ban[110933]: [sshd] Ban 43.156.33.129
-Jun 03 19:26:16 guillotine fail2ban[110933]: [sshd] Ban 43.159.143.206
-Jun 03 19:26:18 guillotine fail2ban[110933]: [sshd] Ban 43.134.44.86
-Jun 03 19:26:23 guillotine fail2ban[110933]: [sshd] Ban 43.134.232.254
-Jun 03 19:26:25 guillotine fail2ban[110933]: [sshd] Ban 34.139.17.74
-Jun 03 19:26:30 guillotine fail2ban[110933]: [sshd] Ban 43.163.219.110
-Jun 03 19:26:30 guillotine fail2ban[110933]: [sshd] Ban 106.60.69.136
-Jun 03 19:26:41 guillotine fail2ban[110933]: [sshd] Ban 137.220.191.189
-Jun 03 19:26:45 guillotine fail2ban[110933]: [sshd] Ban 165.22.59.198
-Jun 03 19:26:48 guillotine fail2ban[110933]: [sshd] Ban 43.128.106.66
-Jun 03 19:32:36 guillotine fail2ban[110933]: [sshd] Ban 186.67.248.8
-Jun 03 19:54:53 guillotine sshd[163733]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 20:20:39 guillotine fail2ban[110933]: [sshd] Unban 8.217.2.214
-Jun 03 20:25:56 guillotine fail2ban[110933]: [sshd] Unban 43.163.244.40
-Jun 03 20:26:05 guillotine fail2ban[110933]: [sshd] Unban 159.203.170.197
-Jun 03 20:26:11 guillotine fail2ban[110933]: [sshd] Unban 43.156.33.129
-Jun 03 20:26:15 guillotine fail2ban[110933]: [sshd] Unban 43.159.143.206
-Jun 03 20:26:18 guillotine fail2ban[110933]: [sshd] Unban 43.134.44.86
-Jun 03 20:26:23 guillotine fail2ban[110933]: [sshd] Unban 43.134.232.254
-Jun 03 20:26:25 guillotine fail2ban[110933]: [sshd] Unban 34.139.17.74
-Jun 03 20:26:29 guillotine fail2ban[110933]: [sshd] Unban 43.163.219.110
-Jun 03 20:26:30 guillotine fail2ban[110933]: [sshd] Unban 106.60.69.136
-Jun 03 20:26:41 guillotine fail2ban[110933]: [sshd] Unban 137.220.191.189
-Jun 03 20:26:45 guillotine fail2ban[110933]: [sshd] Unban 165.22.59.198
-Jun 03 20:26:48 guillotine fail2ban[110933]: [sshd] Unban 43.128.106.66
-Jun 03 20:29:18 guillotine sshd[164038]: error: kex_exchange_identification: Connection closed by remote host
-Jun 03 20:29:19 guillotine sshd[164039]: error: kex_exchange_identification: Connection closed by remote host
-Jun 03 20:32:36 guillotine fail2ban[110933]: [sshd] Unban 186.67.248.8
-Jun 03 20:35:47 guillotine fail2ban[110933]: [sshd] Ban 51.159.103.10
-Jun 03 20:39:16 guillotine fail2ban[110933]: [sshd] Ban 178.128.101.31
-Jun 03 20:39:28 guillotine fail2ban[110933]: [sshd] Ban 43.134.166.245
-Jun 03 20:39:32 guillotine fail2ban[110933]: [sshd] Ban 187.49.152.10
-Jun 03 20:39:55 guillotine fail2ban[110933]: [sshd] Ban 43.133.72.103
-Jun 03 20:46:54 guillotine chronyd[913]: Detected falseticker 51.158.147.185 (2.rocky.pool.ntp.org)
-Jun 03 21:17:57 guillotine fail2ban[110933]: [sshd] Ban 125.16.191.57
-Jun 03 21:35:47 guillotine fail2ban[110933]: [sshd] Unban 51.159.103.10
-Jun 03 21:39:16 guillotine fail2ban[110933]: [sshd] Unban 178.128.101.31
-Jun 03 21:39:27 guillotine fail2ban[110933]: [sshd] Unban 43.134.166.245
-Jun 03 21:39:32 guillotine fail2ban[110933]: [sshd] Unban 187.49.152.10
-Jun 03 21:39:54 guillotine fail2ban[110933]: [sshd] Unban 43.133.72.103
-Jun 03 21:46:29 guillotine sshd[164706]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 03 21:46:36 guillotine sshd[164707]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 03 22:17:56 guillotine fail2ban[110933]: [sshd] Unban 125.16.191.57
-Jun 03 23:22:19 guillotine sshd[165451]: fatal: Timeout before authentication for 61.153.208.38 port 37308
-Jun 03 23:50:25 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 2 [preauth]
-Jun 03 23:50:25 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 3 [preauth]
-Jun 03 23:50:26 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 4 [preauth]
-Jun 03 23:50:26 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 5 [preauth]
-Jun 03 23:50:28 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 6 [preauth]
-Jun 03 23:50:28 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 7 [preauth]
-Jun 03 23:52:04 guillotine sudo[165720]:      tom : a password is required ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 04 00:04:16 guillotine sshd[166223]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 00:59:10 guillotine fail2ban[110933]: [sshd] Ban 102.53.9.67
-Jun 04 00:59:39 guillotine fail2ban[110933]: [sshd] Ban 51.178.183.237
-Jun 04 01:00:25 guillotine sshd[166673]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 01:00:35 guillotine sshd[166674]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 01:00:48 guillotine sshd[166681]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 01:00:49 guillotine fail2ban[110933]: [sshd] Ban 128.199.219.184
-Jun 04 01:23:30 guillotine sshd[166903]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 01:24:02 guillotine sshd[166902]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 01:48:39 guillotine fail2ban[110933]: [sshd] Ban 203.228.30.198
-Jun 04 01:48:45 guillotine fail2ban[110933]: [sshd] Ban 82.102.12.130
-Jun 04 01:48:48 guillotine fail2ban[110933]: [sshd] Ban 156.232.11.32
-Jun 04 01:48:58 guillotine fail2ban[110933]: [sshd] Ban 211.253.9.49
-Jun 04 01:49:00 guillotine fail2ban[110933]: [sshd] Ban 129.226.152.106
-Jun 04 01:49:19 guillotine fail2ban[110933]: [sshd] Ban 206.189.175.87
-Jun 04 01:59:09 guillotine fail2ban[110933]: [sshd] Unban 102.53.9.67
-Jun 04 01:59:39 guillotine fail2ban[110933]: [sshd] Unban 51.178.183.237
-Jun 04 02:00:48 guillotine fail2ban[110933]: [sshd] Unban 128.199.219.184
-Jun 04 02:28:43 guillotine fail2ban[110933]: [sshd] Ban 47.180.114.229
-Jun 04 02:48:39 guillotine fail2ban[110933]: [sshd] Unban 203.228.30.198
-Jun 04 02:48:45 guillotine fail2ban[110933]: [sshd] Unban 82.102.12.130
-Jun 04 02:48:47 guillotine fail2ban[110933]: [sshd] Unban 156.232.11.32
-Jun 04 02:48:58 guillotine fail2ban[110933]: [sshd] Unban 211.253.9.49
-Jun 04 02:49:00 guillotine fail2ban[110933]: [sshd] Unban 129.226.152.106
-Jun 04 02:49:19 guillotine fail2ban[110933]: [sshd] Unban 206.189.175.87
-Jun 04 02:53:41 guillotine fail2ban[110933]: [sshd] Ban 8.219.234.76
-Jun 04 02:55:05 guillotine fail2ban[110933]: [sshd] Ban 206.217.133.9
-Jun 04 02:55:10 guillotine fail2ban[110933]: [sshd] Ban 81.192.46.45
-Jun 04 02:55:10 guillotine fail2ban[110933]: [sshd] Ban 1.238.106.229
-Jun 04 02:55:14 guillotine fail2ban[110933]: [sshd] Ban 47.247.116.211
-Jun 04 02:55:20 guillotine fail2ban[110933]: [sshd] Ban 47.236.180.33
-Jun 04 02:55:46 guillotine fail2ban[110933]: [sshd] Ban 20.204.165.90
-Jun 04 03:01:01 guillotine fail2ban[110933]: [sshd] Ban 186.67.248.5
-Jun 04 03:09:30 guillotine fail2ban[110933]: [sshd] Ban 157.148.123.243
-Jun 04 03:24:22 guillotine sshd[168116]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 03:27:32 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 03:28:43 guillotine fail2ban[110933]: [sshd] Unban 47.180.114.229
-Jun 04 03:53:41 guillotine fail2ban[110933]: [sshd] Unban 8.219.234.76
-Jun 04 03:55:05 guillotine fail2ban[110933]: [sshd] Unban 206.217.133.9
-Jun 04 03:55:09 guillotine fail2ban[110933]: [sshd] Unban 81.192.46.45
-Jun 04 03:55:10 guillotine fail2ban[110933]: [sshd] Unban 1.238.106.229
-Jun 04 03:55:14 guillotine fail2ban[110933]: [sshd] Unban 47.247.116.211
-Jun 04 03:55:20 guillotine fail2ban[110933]: [sshd] Unban 47.236.180.33
-Jun 04 03:55:45 guillotine fail2ban[110933]: [sshd] Unban 20.204.165.90
-Jun 04 03:55:47 guillotine fail2ban[110933]: [sshd] Ban 200.234.228.23
-Jun 04 03:56:03 guillotine fail2ban[110933]: [sshd] Ban 43.134.165.54
-Jun 04 03:56:16 guillotine fail2ban[110933]: [sshd] Ban 43.133.231.57
-Jun 04 03:56:20 guillotine fail2ban[110933]: [sshd] Ban 128.199.73.168
-Jun 04 04:01:00 guillotine fail2ban[110933]: [sshd] Unban 186.67.248.5
-Jun 04 04:04:40 guillotine fail2ban[110933]: [sshd] Ban 58.33.58.37
-Jun 04 04:09:29 guillotine fail2ban[110933]: [sshd] Unban 157.148.123.243
-Jun 04 04:27:31 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 04:28:41 guillotine fail2ban[110933]: [sshd] Ban 43.131.254.59
-Jun 04 04:28:42 guillotine fail2ban[110933]: [sshd] Ban 135.0.208.122
-Jun 04 04:28:59 guillotine fail2ban[110933]: [sshd] Ban 174.138.61.67
-Jun 04 04:29:00 guillotine fail2ban[110933]: [sshd] Ban 146.190.60.168
-Jun 04 04:29:10 guillotine fail2ban[110933]: [sshd] Ban 50.206.19.62
-Jun 04 04:29:12 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 04:29:12 guillotine fail2ban[110933]: [sshd] Ban 34.175.118.185
-Jun 04 04:29:20 guillotine fail2ban[110933]: [sshd] Ban 171.104.143.176
-Jun 04 04:29:35 guillotine fail2ban[110933]: [sshd] Ban 148.72.246.251
-Jun 04 04:30:04 guillotine fail2ban[110933]: [sshd] Ban 185.227.136.16
-Jun 04 04:35:18 guillotine fail2ban[110933]: [sshd] Ban 93.120.240.202
-Jun 04 04:55:46 guillotine fail2ban[110933]: [sshd] Unban 200.234.228.23
-Jun 04 04:56:02 guillotine fail2ban[110933]: [sshd] Unban 43.134.165.54
-Jun 04 04:56:15 guillotine fail2ban[110933]: [sshd] Unban 43.133.231.57
-Jun 04 04:56:19 guillotine fail2ban[110933]: [sshd] Unban 128.199.73.168
-Jun 04 04:58:52 guillotine sshd[168977]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 04:59:16 guillotine sshd[168978]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 05:04:40 guillotine fail2ban[110933]: [sshd] Unban 58.33.58.37
-Jun 04 05:14:37 guillotine sshd[169146]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 05:14:55 guillotine sshd[169147]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 05:28:41 guillotine fail2ban[110933]: [sshd] Unban 43.131.254.59
-Jun 04 05:28:42 guillotine fail2ban[110933]: [sshd] Unban 135.0.208.122
-Jun 04 05:28:58 guillotine fail2ban[110933]: [sshd] Unban 174.138.61.67
-Jun 04 05:28:59 guillotine fail2ban[110933]: [sshd] Unban 146.190.60.168
-Jun 04 05:29:10 guillotine fail2ban[110933]: [sshd] Unban 50.206.19.62
-Jun 04 05:29:12 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 05:29:12 guillotine fail2ban[110933]: [sshd] Unban 34.175.118.185
-Jun 04 05:29:20 guillotine fail2ban[110933]: [sshd] Unban 171.104.143.176
-Jun 04 05:29:35 guillotine fail2ban[110933]: [sshd] Unban 148.72.246.251
-Jun 04 05:30:04 guillotine fail2ban[110933]: [sshd] Unban 185.227.136.16
-Jun 04 05:30:39 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 05:35:18 guillotine fail2ban[110933]: [sshd] Unban 93.120.240.202
-Jun 04 06:30:38 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 06:34:08 guillotine sshd[169808]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 07:13:04 guillotine sshd[170138]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 07:38:32 guillotine sshd[170298]: error: kex_protocol_error: type 20 seq 2 [preauth]
-Jun 04 07:38:32 guillotine sshd[170298]: error: kex_protocol_error: type 30 seq 3 [preauth]
-Jun 04 08:22:14 guillotine fail2ban[110933]: [sshd] Ban 160.153.234.75
-Jun 04 08:25:16 guillotine sshd[170675]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 08:28:07 guillotine sshd[170706]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 09:22:14 guillotine fail2ban[110933]: [sshd] Unban 160.153.234.75
-Jun 04 09:35:40 guillotine fail2ban[110933]: [sshd] Ban 8.222.233.248
-Jun 04 09:35:42 guillotine fail2ban[110933]: [sshd] Ban 8.222.244.69
-Jun 04 09:36:16 guillotine fail2ban[110933]: [sshd] Ban 73.135.38.134
-Jun 04 09:36:48 guillotine fail2ban[110933]: [sshd] Ban 139.59.86.114
-Jun 04 09:36:49 guillotine fail2ban[110933]: [sshd] Ban 43.153.220.11
-Jun 04 09:36:57 guillotine fail2ban[110933]: [sshd] Ban 45.5.159.36
-Jun 04 09:37:22 guillotine fail2ban[110933]: [sshd] Ban 124.156.203.181
-Jun 04 09:39:35 guillotine fail2ban[110933]: [sshd] Ban 119.82.65.203
-Jun 04 10:15:46 guillotine sshd[171636]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 10:19:43 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 10:28:00 guillotine fail2ban[110933]: [sshd] Ban 113.125.89.142
-Jun 04 10:31:52 guillotine sshd[171784]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 10:31:59 guillotine sshd[171785]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 10:34:20 guillotine fail2ban[110933]: [sshd] Ban 101.126.70.135
-Jun 04 10:35:40 guillotine fail2ban[110933]: [sshd] Unban 8.222.233.248
-Jun 04 10:35:41 guillotine fail2ban[110933]: [sshd] Unban 8.222.244.69
-Jun 04 10:36:15 guillotine fail2ban[110933]: [sshd] Unban 73.135.38.134
-Jun 04 10:36:48 guillotine fail2ban[110933]: [sshd] Unban 139.59.86.114
-Jun 04 10:36:49 guillotine fail2ban[110933]: [sshd] Unban 43.153.220.11
-Jun 04 10:36:57 guillotine fail2ban[110933]: [sshd] Unban 45.5.159.36
-Jun 04 10:37:22 guillotine fail2ban[110933]: [sshd] Unban 124.156.203.181
-Jun 04 10:39:34 guillotine fail2ban[110933]: [sshd] Unban 119.82.65.203
-Jun 04 11:09:37 guillotine fail2ban[110933]: [sshd] Ban 8.222.254.198
-Jun 04 11:10:10 guillotine fail2ban[110933]: [sshd] Ban 43.133.69.180
-Jun 04 11:10:37 guillotine fail2ban[110933]: [sshd] Ban 14.18.92.211
-Jun 04 11:10:50 guillotine fail2ban[110933]: [sshd] Ban 102.217.123.243
-Jun 04 11:19:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 11:20:44 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 11:27:59 guillotine fail2ban[110933]: [sshd] Unban 113.125.89.142
-Jun 04 11:28:59 guillotine fail2ban[110933]: [sshd] Ban 91.107.155.186
-Jun 04 11:29:20 guillotine fail2ban[110933]: [sshd] Ban 146.59.127.25
-Jun 04 11:29:24 guillotine fail2ban[110933]: [sshd] Ban 98.70.39.209
-Jun 04 11:29:32 guillotine fail2ban[110933]: [sshd] Ban 182.76.168.226
-Jun 04 11:29:36 guillotine fail2ban[110933]: [sshd] Ban 185.174.136.146
-Jun 04 11:29:52 guillotine fail2ban[110933]: [sshd] Ban 139.59.56.53
-Jun 04 11:30:01 guillotine fail2ban[110933]: [sshd] Ban 185.255.90.193
-Jun 04 11:30:23 guillotine fail2ban[110933]: [sshd] Ban 179.51.153.37
-Jun 04 11:30:27 guillotine fail2ban[110933]: [sshd] Ban 97.74.95.243
-Jun 04 11:34:20 guillotine fail2ban[110933]: [sshd] Unban 101.126.70.135
-Jun 04 11:36:22 guillotine sshd[172409]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 11:36:32 guillotine sshd[172410]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 12:09:37 guillotine fail2ban[110933]: [sshd] Unban 8.222.254.198
-Jun 04 12:10:10 guillotine fail2ban[110933]: [sshd] Unban 43.133.69.180
-Jun 04 12:10:37 guillotine fail2ban[110933]: [sshd] Unban 14.18.92.211
-Jun 04 12:10:49 guillotine fail2ban[110933]: [sshd] Unban 102.217.123.243
-Jun 04 12:20:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 12:22:26 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 12:28:59 guillotine fail2ban[110933]: [sshd] Unban 91.107.155.186
-Jun 04 12:29:19 guillotine fail2ban[110933]: [sshd] Unban 146.59.127.25
-Jun 04 12:29:23 guillotine fail2ban[110933]: [sshd] Unban 98.70.39.209
-Jun 04 12:29:31 guillotine fail2ban[110933]: [sshd] Unban 182.76.168.226
-Jun 04 12:29:37 guillotine fail2ban[110933]: [sshd] Unban 185.174.136.146
-Jun 04 12:29:53 guillotine fail2ban[110933]: [sshd] Unban 139.59.56.53
-Jun 04 12:30:01 guillotine fail2ban[110933]: [sshd] Unban 185.255.90.193
-Jun 04 12:30:23 guillotine fail2ban[110933]: [sshd] Unban 179.51.153.37
-Jun 04 12:30:26 guillotine fail2ban[110933]: [sshd] Unban 97.74.95.243
-Jun 04 13:22:26 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 14:18:38 guillotine sshd[173741]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 14:24:54 guillotine fail2ban[110933]: [sshd] Ban 51.159.103.10
-Jun 04 14:57:42 guillotine sshd[174042]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 14:57:49 guillotine sshd[174043]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 15:23:00 guillotine sshd[174265]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 15:23:14 guillotine sshd[174266]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 15:23:27 guillotine sshd[174267]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 15:23:27 guillotine fail2ban[110933]: [sshd] Ban 8.210.0.180
-Jun 04 15:24:54 guillotine fail2ban[110933]: [sshd] Unban 51.159.103.10
-Jun 04 16:02:12 guillotine sshd[174994]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 16:09:14 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
-Jun 04 16:23:27 guillotine fail2ban[110933]: [sshd] Unban 8.210.0.180
-Jun 04 16:50:21 guillotine fail2ban[110933]: [sshd] Ban 190.181.15.3
-Jun 04 16:51:15 guillotine fail2ban[110933]: [sshd] Ban 14.29.255.83
-Jun 04 17:08:43 guillotine fail2ban[110933]: [sshd] Ban 47.236.202.247
-Jun 04 17:08:54 guillotine fail2ban[110933]: [sshd] Ban 8.219.234.169
-Jun 04 17:09:14 guillotine fail2ban[110933]: [sshd] Ban 102.223.92.101
-Jun 04 17:09:15 guillotine fail2ban[110933]: [sshd] Ban 43.133.58.7
-Jun 04 17:09:16 guillotine fail2ban[110933]: [sshd] Ban 47.236.159.218
-Jun 04 17:09:16 guillotine fail2ban[110933]: [sshd] Ban 192.210.203.178
-Jun 04 17:09:17 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
-Jun 04 17:09:26 guillotine fail2ban[110933]: [sshd] Ban 118.45.205.44
-Jun 04 17:09:27 guillotine fail2ban[110933]: [sshd] Ban 43.163.230.39
-Jun 04 17:09:32 guillotine fail2ban[110933]: [sshd] Ban 43.163.197.66
-Jun 04 17:09:35 guillotine fail2ban[110933]: [sshd] Ban 43.156.14.158
-Jun 04 17:09:36 guillotine fail2ban[110933]: [sshd] Ban 43.133.235.144
-Jun 04 17:09:41 guillotine fail2ban[110933]: [sshd] Ban 103.113.177.231
-Jun 04 17:09:44 guillotine fail2ban[110933]: [sshd] Ban 193.151.151.9
-Jun 04 17:10:04 guillotine fail2ban[110933]: [sshd] Ban 112.196.70.142
-Jun 04 17:10:05 guillotine fail2ban[110933]: [sshd] Ban 190.146.39.82
-Jun 04 17:10:57 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
-Jun 04 17:17:20 guillotine sshd[176450]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 17:17:40 guillotine sshd[176451]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 17:18:20 guillotine fail2ban[110933]: [sshd] Ban 159.75.115.211
-Jun 04 17:33:52 guillotine fail2ban[110933]: [sshd] Ban 119.188.90.230
-Jun 04 17:50:21 guillotine fail2ban[110933]: [sshd] Unban 190.181.15.3
-Jun 04 17:51:15 guillotine fail2ban[110933]: [sshd] Unban 14.29.255.83
-Jun 04 18:08:43 guillotine fail2ban[110933]: [sshd] Unban 47.236.202.247
-Jun 04 18:08:54 guillotine fail2ban[110933]: [sshd] Unban 8.219.234.169
-Jun 04 18:09:14 guillotine fail2ban[110933]: [sshd] Unban 102.223.92.101
-Jun 04 18:09:14 guillotine fail2ban[110933]: [sshd] Unban 43.133.58.7
-Jun 04 18:09:15 guillotine fail2ban[110933]: [sshd] Unban 47.236.159.218
-Jun 04 18:09:16 guillotine fail2ban[110933]: [sshd] Unban 192.210.203.178
-Jun 04 18:09:26 guillotine fail2ban[110933]: [sshd] Unban 118.45.205.44
-Jun 04 18:09:27 guillotine fail2ban[110933]: [sshd] Unban 43.163.230.39
-Jun 04 18:09:32 guillotine fail2ban[110933]: [sshd] Unban 43.163.197.66
-Jun 04 18:09:35 guillotine fail2ban[110933]: [sshd] Unban 43.156.14.158
-Jun 04 18:09:36 guillotine fail2ban[110933]: [sshd] Unban 43.133.235.144
-Jun 04 18:09:41 guillotine fail2ban[110933]: [sshd] Unban 103.113.177.231
-Jun 04 18:09:44 guillotine fail2ban[110933]: [sshd] Unban 193.151.151.9
-Jun 04 18:10:04 guillotine fail2ban[110933]: [sshd] Unban 112.196.70.142
-Jun 04 18:10:05 guillotine fail2ban[110933]: [sshd] Unban 190.146.39.82
-Jun 04 18:10:57 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
-Jun 04 18:12:42 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
-Jun 04 18:18:19 guillotine fail2ban[110933]: [sshd] Unban 159.75.115.211
-Jun 04 18:21:48 guillotine sudo[177022]:      tom : a password is required ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
-Jun 04 18:33:52 guillotine fail2ban[110933]: [sshd] Unban 119.188.90.230
-Jun 04 19:07:23 guillotine fail2ban[110933]: [sshd] Ban 142.93.174.224
-Jun 04 19:07:51 guillotine fail2ban[110933]: [sshd] Ban 185.201.49.245
-Jun 04 19:08:29 guillotine sshd[177423]: error: kex_exchange_identification: Connection closed by remote host
-Jun 04 19:11:05 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 19:11:20 guillotine fail2ban[110933]: [sshd] Ban 124.225.41.217
-Jun 04 19:12:42 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
-Jun 04 19:28:37 guillotine sshd[177583]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 19:45:45 guillotine fail2ban[110933]: [sshd] Ban 125.74.194.50
-Jun 04 19:47:22 guillotine fail2ban[110933]: [sshd] Ban 43.163.242.195
-Jun 04 19:47:43 guillotine fail2ban[110933]: [sshd] Ban 43.163.244.112
-Jun 04 19:47:45 guillotine fail2ban[110933]: [sshd] Ban 92.222.180.245
-Jun 04 19:47:48 guillotine fail2ban[110933]: [sshd] Ban 81.88.196.117
-Jun 04 19:48:04 guillotine fail2ban[110933]: [sshd] Ban 43.134.49.143
-Jun 04 19:48:17 guillotine fail2ban[110933]: [sshd] Ban 169.255.134.248
-Jun 04 19:48:22 guillotine fail2ban[110933]: [sshd] Ban 43.155.176.172
-Jun 04 19:48:41 guillotine fail2ban[110933]: [sshd] Ban 139.59.120.195
-Jun 04 20:07:22 guillotine fail2ban[110933]: [sshd] Unban 142.93.174.224
-Jun 04 20:07:50 guillotine fail2ban[110933]: [sshd] Unban 185.201.49.245
-Jun 04 20:11:05 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 20:11:19 guillotine fail2ban[110933]: [sshd] Unban 124.225.41.217
-Jun 04 20:12:40 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 20:19:22 guillotine sshd[178062]: fatal: Timeout before authentication for 220.135.162.68 port 52084
-Jun 04 20:33:31 guillotine fail2ban[110933]: [sshd] Ban 43.159.35.254
-Jun 04 20:33:32 guillotine fail2ban[110933]: [sshd] Ban 186.208.146.137
-Jun 04 20:33:44 guillotine fail2ban[110933]: [sshd] Ban 82.156.55.164
-Jun 04 20:33:49 guillotine fail2ban[110933]: [sshd] Ban 103.154.63.71
-Jun 04 20:33:52 guillotine fail2ban[110933]: [sshd] Ban 43.134.118.9
-Jun 04 20:34:04 guillotine fail2ban[110933]: [sshd] Ban 43.163.226.92
-Jun 04 20:42:54 guillotine fail2ban[110933]: [sshd] Ban 140.246.137.102
-Jun 04 20:45:44 guillotine fail2ban[110933]: [sshd] Unban 125.74.194.50
-Jun 04 20:47:21 guillotine fail2ban[110933]: [sshd] Unban 43.163.242.195
-Jun 04 20:47:43 guillotine fail2ban[110933]: [sshd] Unban 43.163.244.112
-Jun 04 20:47:44 guillotine fail2ban[110933]: [sshd] Unban 92.222.180.245
-Jun 04 20:47:48 guillotine fail2ban[110933]: [sshd] Unban 81.88.196.117
-Jun 04 20:48:04 guillotine fail2ban[110933]: [sshd] Unban 43.134.49.143
-Jun 04 20:48:17 guillotine fail2ban[110933]: [sshd] Unban 169.255.134.248
-Jun 04 20:48:21 guillotine fail2ban[110933]: [sshd] Unban 43.155.176.172
-Jun 04 20:48:40 guillotine fail2ban[110933]: [sshd] Unban 139.59.120.195
-Jun 04 20:52:12 guillotine sshd[178400]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 20:54:19 guillotine sshd[178401]: fatal: Timeout before authentication for 8.138.83.224 port 38470
-Jun 04 20:54:52 guillotine sshd[178403]: fatal: Timeout before authentication for 8.138.83.224 port 50732
-Jun 04 20:55:20 guillotine sshd[178405]: fatal: Timeout before authentication for 8.138.83.224 port 45986
-Jun 04 20:56:22 guillotine sshd[178407]: fatal: Timeout before authentication for 8.138.83.224 port 38058
-Jun 04 21:12:39 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 21:13:48 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
-Jun 04 21:33:30 guillotine fail2ban[110933]: [sshd] Unban 43.159.35.254
-Jun 04 21:33:31 guillotine fail2ban[110933]: [sshd] Unban 186.208.146.137
-Jun 04 21:33:44 guillotine fail2ban[110933]: [sshd] Unban 82.156.55.164
-Jun 04 21:33:49 guillotine fail2ban[110933]: [sshd] Unban 103.154.63.71
-Jun 04 21:33:52 guillotine fail2ban[110933]: [sshd] Unban 43.134.118.9
-Jun 04 21:34:04 guillotine fail2ban[110933]: [sshd] Unban 43.163.226.92
-Jun 04 21:42:53 guillotine fail2ban[110933]: [sshd] Unban 140.246.137.102
-Jun 04 22:13:47 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
-Jun 04 22:38:22 guillotine sshd[179242]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 23:01:37 guillotine fail2ban[110933]: [sshd] Ban 200.129.69.7
-Jun 04 23:01:51 guillotine fail2ban[110933]: [sshd] Ban 165.227.9.20
-Jun 04 23:02:03 guillotine fail2ban[110933]: [sshd] Ban 43.153.23.214
-Jun 04 23:02:10 guillotine fail2ban[110933]: [sshd] Ban 187.237.252.211
-Jun 04 23:02:11 guillotine fail2ban[110933]: [sshd] Ban 43.163.222.63
-Jun 04 23:09:16 guillotine fail2ban[110933]: [sshd] Ban 59.120.213.62
-Jun 04 23:17:11 guillotine sshd[179621]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 04 23:17:34 guillotine sshd[179624]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 04 23:17:45 guillotine sshd[179626]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 04 23:17:46 guillotine fail2ban[110933]: [sshd] Ban 8.210.81.89
-Jun 04 23:19:01 guillotine sshd[179622]: fatal: Timeout before authentication for 191.36.153.200 port 39548
-Jun 04 23:50:23 guillotine fail2ban[110933]: [sshd] Ban 180.167.207.234
-Jun 04 23:57:17 guillotine fail2ban[110933]: [sshd] Ban 119.84.70.221
-Jun 05 00:01:36 guillotine fail2ban[110933]: [sshd] Unban 200.129.69.7
-Jun 05 00:01:51 guillotine fail2ban[110933]: [sshd] Unban 165.227.9.20
-Jun 05 00:02:04 guillotine fail2ban[110933]: [sshd] Unban 43.153.23.214
-Jun 05 00:02:10 guillotine fail2ban[110933]: [sshd] Unban 187.237.252.211
-Jun 05 00:02:11 guillotine fail2ban[110933]: [sshd] Unban 43.163.222.63
-Jun 05 00:09:15 guillotine fail2ban[110933]: [sshd] Unban 59.120.213.62
-Jun 05 00:09:18 guillotine fail2ban[110933]: [sshd] Ban 116.196.109.53
-Jun 05 00:17:45 guillotine fail2ban[110933]: [sshd] Unban 8.210.81.89
-Jun 05 00:50:23 guillotine fail2ban[110933]: [sshd] Unban 180.167.207.234
-Jun 05 00:56:28 guillotine fail2ban[110933]: [sshd] Ban 69.49.245.160
-Jun 05 00:56:31 guillotine fail2ban[110933]: [sshd] Ban 103.142.87.177
-Jun 05 00:56:35 guillotine fail2ban[110933]: [sshd] Ban 198.46.210.89
-Jun 05 00:56:39 guillotine fail2ban[110933]: [sshd] Ban 159.75.119.3
-Jun 05 00:56:47 guillotine fail2ban[110933]: [sshd] Ban 45.152.112.157
-Jun 05 00:56:48 guillotine fail2ban[110933]: [sshd] Ban 220.74.58.37
-Jun 05 00:56:50 guillotine fail2ban[110933]: [sshd] Ban 185.17.229.65
-Jun 05 00:56:51 guillotine fail2ban[110933]: [sshd] Ban 43.153.192.241
-Jun 05 00:57:02 guillotine fail2ban[110933]: [sshd] Ban 43.156.26.222
-Jun 05 00:57:17 guillotine fail2ban[110933]: [sshd] Unban 119.84.70.221
-Jun 05 00:57:41 guillotine fail2ban[110933]: [sshd] Ban 190.129.122.86
-Jun 05 00:57:44 guillotine fail2ban[110933]: [sshd] Ban 124.156.198.8
-Jun 05 00:58:14 guillotine fail2ban[110933]: [sshd] Ban 36.137.196.34
-Jun 05 00:59:47 guillotine fail2ban[110933]: [sshd] Ban 82.157.101.163
-Jun 05 01:09:18 guillotine fail2ban[110933]: [sshd] Unban 116.196.109.53
-Jun 05 01:28:24 guillotine fail2ban[110933]: [sshd] Ban 34.126.125.175
-Jun 05 01:28:33 guillotine fail2ban[110933]: [sshd] Ban 43.134.29.37
-Jun 05 01:29:02 guillotine fail2ban[110933]: [sshd] Ban 150.109.5.130
-Jun 05 01:36:19 guillotine fail2ban[110933]: [sshd] Ban 111.235.212.247
-Jun 05 01:39:11 guillotine sshd[181337]: error: kex_exchange_identification: banner line contains invalid characters
-Jun 05 01:39:13 guillotine sshd[181338]: error: kex_exchange_identification: read: Connection reset by peer
-Jun 05 01:39:46 guillotine sshd[181342]: error: kex_exchange_identification: Connection closed by remote host
-Jun 05 01:40:32 guillotine sshd[181358]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
-Jun 05 01:40:32 guillotine fail2ban[110933]: [sshd] Ban 103.29.249.218
-
-\########## fail2ban  ##########
-Status for the jail: sshd
-|- Filter
-|  |- Currently failed:	4
-|  |- Total failed:	1010
-|  `- Journal matches:	_SYSTEMD_UNIT=sshd.service + _COMM=sshd
-`- Actions
-   |- Currently banned:	18
-   |- Total banned:	194
-   `- Banned IP list:	69.49.245.160 103.142.87.177 198.46.210.89 159.75.119.3 45.152.112.157 220.74.58.37 185.17.229.65 43.153.192.241 43.156.26.222 190.129.122.86 124.156.198.8 36.137.196.34 82.157.101.163 34.126.125.175 43.134.29.37 150.109.5.130 111.235.212.247 103.29.249.218
--- a/2024-07-05_guillotine.report
+++ b/2024-07-05_guillotine.report
--- a/2024-08-05_guillotine.report
+++ b/2024-08-05_guillotine.report
--- a/2024-09-05_guillotine.report
+++ b/2024-09-05_guillotine.report
--- a/2024-09-06.md
+++ b/2024-09-06.md
@@ -0,0 +1,74 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [x] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [ ] mysqltuner
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Snappymail
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### PHPLdapAdmin
+  * [x] mise à jour - attention de ne pas oublier les templates
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+passage en NC 29 && reboot
--- a/2024-10-05_guillotine.report
+++ b/2024-10-05_guillotine.report
--- a/2024-11-05_guillotine.report
+++ b/2024-11-05_guillotine.report
--- a/2024-12-05_guillotine.report
+++ b/2024-12-05_guillotine.report
--- a/2024-12-23.md
+++ b/2024-12-23.md
@@ -1,50 +0,0 @@
-vim: set filetype=markdown:
-
-## Légende
-  * [ ] non fait
-  * [!] fait en partie
-  * [x|✓] fait en totalité
-## Général
-
-  * [x] logs - journalctl --priority warning
-  * [x] mise à jour - dnf check-updates && yum update
-  * [x] reboot ( 4/an )
-  * [x] fail2ban - bon fonctionnement, ip bannies...
-  * [x] services - systemctl --failed
-  * [x] accès console depuis console scaleway
-  * [x] âge des certificats - certbot certificates | ag Expiry
-
-## Stockage
-
-  * [x] cat /proc/mdstat
-  * [x] df -h
-
-## Sauvegardes
-
-  This server is not backed up
-
-## Services
-
-### Sauvegardes 
-  * [x] vérifier si /etc/zabbix/filelist.csv est à jour
-
-### burp
-
-  * [x] mise à jour
-  * [x] logs
-  * [x] mise à jour burp-ui
-  * [x] verif acces burp-ui
-  * [x] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
-
-(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
-
-sudo burp -c /etc/burp/recupe.conf -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
-
-on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
-
-Ne pas oublier de supprimer les fichiers ensuite.
-### rôle socle
-
-  * [ ] role socle
-
-### Opérations notables
--- a/2025-08-05.md
+++ b/2025-08-05.md
@@ -0,0 +1,74 @@
+# <+hostname+>
+vim: set filetype=markdown:
+
+## Légende
+  * [ ] non fait
+  * [!] fait en partie
+  * [x|✓] fait en totalité
+## Général
+
+  * [x] lire précédent rapport mco
+  * [x] logs - journalctl --priority warning
+  * [x] mise à jour - yum check-updates && yum update
+  * [x] reboot ( 4/an )
+  * [x] fail2ban - bon fonctionnement, ip bannies...
+  * [x] services - systemctl --failed
+  * [x] accès console depuis dedibox / ovh
+  * [x] âge des certificats - certbot certificates | ag Expiry
+  * [x] zabbix: vérifier les graph / alertes du mois, les items invalides ...
+
+## Sauvegardes
+
+  * [x] date de la dernière sauvegarde
+  * [x] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root
+
+## Services
+
+### Apache et PHP-FPM
+  * [x] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation
+
+### MySQL
+  * [x] mysqltuner
+  * [x] logs
+  * [x] vérification âge sauvegarde
+  * [x] vérification externalisation sauvegarde
+  * [x] test restauration
+
+### Postfix / dovecot
+  * [x] logs
+  * [x] postqueue -p
+  * [x] pflogsum
+  * [x] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org
+
+
+### Snappymail
+  * [x] mise à jour
+  * [x] vérification taille répertoire de données
+  * [x] suppression anciennes versions
+
+### Ldap
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration
+
+### PHPLdapAdmin
+  * [x] mise à jour - attention de ne pas oublier les templates
+
+#### Nextcloud
+  * [x] - logs (y compris logs nextcloud depuis config)
+  * [x] - mise à jour core
+  * [x] - mise à jour plugins
+  * [x] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [x] - vérifier espace disque des principaux utilisateurs
+  * [x] - vue d'ensemble
+
+### Opérations notables
+
+Désactivation de l'app nextcloud "circles", à priori non utilisée et causes de nombreuses erreurs dans les logs
--- a/mco.md
+++ b/mco.md
@@ -1,3 +1,4 @@
+# <+hostname+>
 vim: set filetype=markdown:

 ## Légende
@@ -6,45 +7,67 @@ vim: set filetype=markdown:
  * [x|✓] fait en totalité
 ## Général

+  * [ ] lire précédent rapport mco
  * [ ] logs - journalctl --priority warning
-  * [ ] mise à jour - dnf check-updates && yum update
+  * [ ] mise à jour - yum check-updates && yum update
  * [ ] reboot ( 4/an )
  * [ ] fail2ban - bon fonctionnement, ip bannies...
  * [ ] services - systemctl --failed
-  * [ ] accès console depuis console scaleway
+  * [ ] accès console depuis dedibox / ovh
  * [ ] âge des certificats - certbot certificates | ag Expiry
-
-## Stockage
-
-  * [ ] cat /proc/mdstat
-  * [ ] df -h
+  * [ ] zabbix: vérifier les graph / alertes du mois, les items invalides ...

 ## Sauvegardes

-  This server is not backed up
+  * [ ] date de la dernière sauvegarde
+  * [ ] test de restauration
+
+## Envoi de mail
+
+  * [ ] test send mail to root

 ## Services

-### Sauvegardes 
-  * [ ] vérifier si /etc/zabbix/filelist.csv est à jour
+### Apache et PHP-FPM
+  * [ ] logs - ne pas oublier les logs des différents vhosts !
+   * taille
+   * fréquence dévenements
+   * rotation

-### burp
-
-  * [ ] mise à jour
+### MySQL
+  * [ ] mysqltuner
  * [ ] logs
-  * [ ] mise à jour burp-ui
-  * [ ] verif acces burp-ui
-  * [ ] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration

-(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
+### Postfix / dovecot
+  * [ ] logs
+  * [ ] postqueue -p
+  * [ ] pflogsum
+  * [ ] blacklist check - https://mxtoolbox.com/emailhealth/maisonduvelolyon.org

-sudo burp -c /srv/nas/cig/burp_recup.conf  -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5

-on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
+### Snappymail
+  * [ ] mise à jour
+  * [ ] vérification taille répertoire de données
+  * [ ] suppression anciennes versions

-Ne pas oublier de supprimer les fichiers ensuite.
-### rôle socle
+### Ldap
+  * [ ] vérification âge sauvegarde
+  * [ ] vérification externalisation sauvegarde
+  * [ ] test restauration

-  * [ ] role socle
+### PHPLdapAdmin
+  * [ ] mise à jour - attention de ne pas oublier les templates
+
+#### Nextcloud
+  * [ ] - logs (y compris logs nextcloud depuis config)
+  * [ ] - mise à jour core
+  * [ ] - mise à jour plugins
+  * [ ] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
+  * [ ] - vérifier espace disque des principaux utilisateurs
+  * [ ] - vue d'ensemble

 ### Opérations notables
+
Author	SHA1	Message	Date
thomas	c38a4aafe6	mco 2025-08	2025-08-05 22:38:01 +02:00
thomas	23d4bb3f06	mco 2024-09	2024-09-06 17:01:42 +00:00
thomas	6e6a40903a	maj modele	2024-05-23 07:18:23 +00:00
thomas	273d1b90b1	reboot	2024-03-21 21:41:30 +00:00
thomas	4f3dbd2d25	mco 2024-02	2024-02-07 20:37:49 +00:00
thomas	816f5624a5	2024-01 mco	2024-01-19 10:53:09 +00:00
thomas	a64b55becc	mco 2023-09	2023-09-08 12:14:38 +00:00
thomas	13702f1c5a	modele: mco s/rainloop/snappymail/g	2023-09-08 12:14:16 +00:00
thomas	7af95908d7	mco juin	2023-06-04 12:35:50 +00:00
thomas	77fe1bc41f	2023-01 : mco	2023-01-10 20:02:15 +00:00
thomas	369d3ffb6d	2023-01 mco	2023-01-10 12:59:43 +00:00
thomas	979ad7e99a	maj modele	2023-01-10 12:49:20 +00:00
thomas	bc486982a8	mco 2022-11	2022-12-26 20:23:15 +00:00
thomas	bb35d5237e	mco 2022-09	2022-09-06 20:28:43 +00:00
thomas	a103847524	maj modele	2022-09-06 12:20:24 +00:00
tom	a428e2ce62	partial mco	2022-03-10 14:49:01 +00:00
tom	0c2c30308c	misre au point modele cosine	2022-03-10 14:26:22 +00:00