tom/MCO
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Compare commits

merge into: tom:master
Branches Tags
tom:master tom:altc01 tom:aigue-marine tom:feutrine tom:submarine tom:ravine tom:mimine tom:cosine tom:airline tom:crinoline tom:qnap-eac tom:alpine tom:guillotine tom:pelerine tom:semimarine tom:mutine tom:collidine tom:fast tom:celestine tom:superrefine tom:cuisine
...
pull from: tom:guillotine
Branches Tags
tom:altc01 tom:aigue-marine tom:feutrine tom:submarine tom:ravine tom:mimine tom:cosine tom:airline tom:crinoline tom:qnap-eac tom:alpine tom:guillotine tom:pelerine tom:semimarine tom:mutine tom:master tom:collidine tom:fast tom:celestine tom:superrefine tom:cuisine

3 Commits
master ... guillotine

Author SHA1 Message Date
guillotine
1d8eade4f1 mco 2024-12 2024-12-23 10:17:39 +01:00
guillotine
a90d60da6d 2024-06-03 mco 2024-06-03 11:49:06 +02:00
tom
55fc4c5fb0 mise au point modele 2024-03-12 21:57:07 +01:00
11 changed files with 51715 additions and 68 deletions
Expand all files Collapse all files

48
2024-03-12.md Normal file
View File

@@ -0,0 +1,48 @@
vim: set filetype=markdown:
## Légende
* [ ] non fait
* [!] fait en partie
* [x|✓] fait en totalité
## Général
* [ ] logs - journalctl --priority warning
* [ ] mise à jour - yum check-updates && yum update
* [ ] reboot ( 4/an )
* [ ] fail2ban - bon fonctionnement, ip bannies...
* [ ] services - systemctl --failed
* [ ] accès console depuis dedibox / ovh
* [ ] âge des certificats - certbot certificates | ag Expiry
## Sauvegardes
This server is not backed up
## Services
### Sauvegardes
* [ ] sauvegarde lvv sudo ls -l ~lvv/Backups/courant/
* [ ] vérifier si /etc/zabbix/filelist.csv est à jour
### burp
* [x] mise à jour
* [x] logs
* [x] mise à jour burp-ui
* [x] verif acces burp-ui
* [ ] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
sudo burp -c /srv/nas/cig/burp_recup.conf -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
Ne pas oublier de supprimer les fichiers ensuite.
### rôle socle
* [ ] role socle
### Opérations notables
déploiement burpui

59
2024-06-03.md Normal file
View File

@@ -0,0 +1,59 @@
vim: set filetype=markdown:
## Légende
* [ ] non fait
* [!] fait en partie
* [x|✓] fait en totalité
## Général
* [x] logs - journalctl --priority warning
* [x] mise à jour - dnf check-updates && yum update
* [x] reboot ( 4/an )
* [x] fail2ban - bon fonctionnement, ip bannies...
* [x] services - systemctl --failed
* [x] accès console depuis console scaleway
* [x] âge des certificats - certbot certificates | ag Expiry
## Stockage
* [x] cat /proc/mdstat
* [x] df -h
## Sauvegardes
This server is not backed up
## Services
### Sauvegardes
* [x] sauvegarde lvv sudo ls -l ~lvv/Backups/courant/
* [x] vérifier si /etc/zabbix/filelist.csv est à jour
### burp
* [x] mise à jour
* [x] logs
* [x] mise à jour burp-ui
* [x] verif acces burp-ui
* [x] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
sudo burp -c /srv/nas/cig/burp_recup.conf -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
Ne pas oublier de supprimer les fichiers ensuite.
### rôle socle
* [x] role socle
### Opérations notables
il a fallu raz manuellement les mdp de root, tom et guillotine ldap account ...
application roles:
* socle
* burp_server
* zabbix
* apache
* apache_vhost - ça pete la config du vhost

550
2024-06-05_guillotine.report Normal file
View File

@@ -0,0 +1,550 @@
########## guillotine ##########
########## RH UPDATES ##########
Last metadata expiration check: 2:17:32 ago on Tue 04 Jun 2024 11:23:35 PM CEST.
########## Debian UPDATES ##########
########## CERTIFICATES ##########
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Found the following certs:
Certificate Name: backup.opendoor.fr
Serial Number: 43d1bbaadb9d3bd99af6fb4c1fd65269db8
Key Type: ECDSA
Domains: backup.opendoor.fr guillotine.opendoor.fr sauvegarde.opendoor.fr
Expiry Date: 2024-07-23 00:48:59+00:00 (VALID: 48 days)
Certificate Path: /etc/letsencrypt/live/backup.opendoor.fr/fullchain.pem
Private Key Path: /etc/letsencrypt/live/backup.opendoor.fr/privkey.pem
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
########## UPTIME ##########
01:41:10 up 1 day, 14:59, 0 users, load average: 0.15, 0.03, 0.01
########## SERVICE STATUS ##########
UNIT LOAD ACTIVE SUB DESCRIPTION
0 loaded units listed.
########## BACKUP LIST ##########
2024-06-05 01:41:10 +0200: burp[181394] Connecting to localhost:4971
2024-06-05 01:41:10 +0200: burp[181394] auth ok
2024-06-05 01:41:10 +0200: burp[181394] Server version: 2.4.0
2024-06-05 01:41:10 +0200: burp[181394] nocsr ok
2024-06-05 01:41:10 +0200: burp[181394] SSL is using cipher: TLS_AES_256_GCM_SHA384 TLSv1.3 Kx=any Au=any Enc=AESGCM(256) Mac=AEAD
2024-06-05 01:41:10 +0200: burp[181394] extra_comms_begin ok:autoupgrade:incexc:orig_client:uname:failover:vss_restore:regex_icase:counters_json:msg:csetproto:rshash=blake2:seed:
2024-06-05 01:41:10 +0200: burp[181394] Server has protocol=0 (auto)
2024-06-05 01:41:10 +0200: burp[181394] Using protocol=1
no backups
2024-06-05 01:41:10 +0200: burp[181394] List finished ok
########## LAST USER ##########
tom pts/0 81.250.227.252 Tue Jun 4 16:00 - 18:21 (02:20)
tom pts/0 2a01:e34:ec1b:6e Mon Jun 3 11:49 - 11:49 (00:00)
tom pts/4 2a01:e34:ec1b:6e Mon Jun 3 11:29 - 11:49 (00:19)
tom pts/3 2a01:e34:ec1b:6e Mon Jun 3 11:25 - 23:52 (12:26)
tom pts/0 2a01:e34:ec1b:6e Mon Jun 3 10:43 - 11:49 (01:06)
reboot system boot 5.14.0-427.18.1. Mon Jun 3 10:42 still running
root tty2 Mon Jun 3 10:35 - down (00:03)
tom pts/3 2a01:e34:ec1b:6e Mon Jun 3 10:19 - 10:37 (00:17)
tom pts/0 2a01:e34:ec1b:6e Mon Jun 3 10:15 - 10:20 (00:04)
tom pts/0 2a01:e34:ec1b:6e Sun Jun 2 22:17 - 22:18 (00:01)
\########## LOG Warnings ##########
Jun 03 10:42:05 guillotine kernel: ACPI: SPCR: Unexpected SPCR Access Width. Defaulting to byte size
Jun 03 10:42:05 guillotine kernel: MDS CPU bug present and SMT on, data leak possible. See https://www.kernel.org/doc/html/latest/admin-guide/hw-vuln/mds.html for more details.
Jun 03 10:42:05 guillotine kernel: #5 #6 #7
Jun 03 10:42:05 guillotine kernel: ERST: NVRAM ERST Log Address Range not implemented yet.
Jun 03 10:42:08 guillotine systemd[1]: sys-devices-virtual-block-md1.device: Failed to enqueue SYSTEMD_WANTS= job, ignoring: Unit mdmonitor.service not found.
Jun 03 10:42:13 guillotine kernel: ACPI Error: No handler for Region [SYSI] (00000000dcc52840) [IPMI] (20221020/evregion-130)
Jun 03 10:42:13 guillotine kernel: ACPI Error: Region IPMI (ID=7) has no handler (20221020/exfldio-261)
Jun 03 10:42:13 guillotine kernel: ACPI Error: Aborting method \_SB.PMI0._GHL due to previous error (AE_NOT_EXIST) (20221020/psparse-529)
Jun 03 10:42:13 guillotine kernel: ACPI Error: Aborting method \_SB.PMI0._PMC due to previous error (AE_NOT_EXIST) (20221020/psparse-529)
Jun 03 10:42:13 guillotine kernel: ACPI: \_SB_.PMI0: _PMC evaluation failed: AE_NOT_EXIST
Jun 03 10:42:13 guillotine kernel: ipmi_si dmi-ipmi-si.0: The BMC does not support setting the recv irq bit, compensating, but the BMC needs to be fixed.
Jun 03 10:42:13 guillotine kernel: dell_smbios: No SMBIOS backends available (wmi: -19, smm: -19)
Jun 03 10:42:16 guillotine kernel: msr: Write to unrecognized MSR 0x17f by mcelog (pid: 906).
Jun 03 10:42:16 guillotine kernel: msr: See https://git.kernel.org/pub/scm/linux/kernel/git/tip/tip.git/about for details.
Jun 03 10:42:20 guillotine kernel: Warning: Unmaintained driver is detected: ip_set
Jun 03 10:42:27 guillotine /usr/sbin/irqbalance[904]: Cannot change IRQ 0 affinity: Input/output error
Jun 03 10:42:27 guillotine /usr/sbin/irqbalance[904]: IRQ 0 affinity is now unmanaged
Jun 03 10:42:37 guillotine kernel: block md1: the capability attribute has been deprecated.
Jun 03 10:46:02 guillotine sshd[6658]: fatal: Timeout before authentication for 218.76.104.12 port 16418
Jun 03 10:53:01 guillotine kernel: Warning: Unmaintained driver is detected: nft_compat
Jun 03 11:31:13 guillotine fail2ban[110933]: [sshd] Restore Ban 103.25.47.94
Jun 03 11:31:16 guillotine fail2ban[110933]: [sshd] Restore Ban 43.128.81.137
Jun 03 11:31:17 guillotine fail2ban[110933]: [sshd] Restore Ban 43.131.249.200
Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 43.153.46.251
Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 43.156.80.15
Jun 03 11:31:18 guillotine fail2ban[110933]: [sshd] Restore Ban 72.240.125.133
Jun 03 11:31:19 guillotine fail2ban[110933]: [sshd] Restore Ban 77.91.78.115
Jun 03 11:49:14 guillotine sudo[158903]: tom : a password is required ; TTY=pts/1 ; PWD=/home/tom/MCO ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 03 11:49:15 guillotine sudo[158952]: tom : a password is required ; TTY=pts/2 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 03 11:49:17 guillotine sudo[158982]: tom : a password is required ; TTY=pts/0 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 03 11:49:22 guillotine sudo[159412]: tom : a password is required ; TTY=pts/0 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 03 11:49:24 guillotine sudo[159453]: tom : a password is required ; TTY=pts/4 ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 03 11:49:38 guillotine fail2ban[110933]: [sshd] Ban 51.255.167.42
Jun 03 11:52:39 guillotine fail2ban[110933]: [sshd] Ban 183.56.226.5
Jun 03 11:52:59 guillotine fail2ban[110933]: [sshd] Unban 43.153.46.251
Jun 03 11:53:36 guillotine fail2ban[110933]: [sshd] Unban 103.25.47.94
Jun 03 11:53:39 guillotine fail2ban[110933]: [sshd] Unban 43.128.81.137
Jun 03 11:53:40 guillotine fail2ban[110933]: [sshd] Unban 72.240.125.133
Jun 03 11:53:48 guillotine fail2ban[110933]: [sshd] Unban 43.131.249.200
Jun 03 11:53:55 guillotine fail2ban[110933]: [sshd] Unban 43.156.80.15
Jun 03 11:54:03 guillotine fail2ban[110933]: [sshd] Unban 77.91.78.115
Jun 03 12:49:38 guillotine fail2ban[110933]: [sshd] Unban 51.255.167.42
Jun 03 12:52:39 guillotine fail2ban[110933]: [sshd] Unban 183.56.226.5
Jun 03 13:17:23 guillotine sshd[160201]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 13:17:33 guillotine sshd[160202]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 13:53:55 guillotine sshd[160460]: error: kex_exchange_identification: Connection closed by remote host
Jun 03 14:00:39 guillotine sshd[160499]: error: kex_exchange_identification: Connection closed by remote host
Jun 03 14:04:43 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 03 14:36:24 guillotine sshd[160817]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 14:36:38 guillotine sshd[160818]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 15:04:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 03 15:05:52 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 03 15:11:55 guillotine fail2ban[110933]: [sshd] Ban 34.172.117.17
Jun 03 15:12:00 guillotine fail2ban[110933]: [sshd] Ban 42.96.46.204
Jun 03 15:12:06 guillotine fail2ban[110933]: [sshd] Ban 43.134.102.169
Jun 03 15:12:15 guillotine fail2ban[110933]: [sshd] Ban 161.35.86.122
Jun 03 15:12:17 guillotine fail2ban[110933]: [sshd] Ban 43.163.194.242
Jun 03 15:12:31 guillotine fail2ban[110933]: [sshd] Ban 186.227.193.156
Jun 03 15:12:32 guillotine fail2ban[110933]: [sshd] Ban 43.163.230.39
Jun 03 15:12:33 guillotine fail2ban[110933]: [sshd] Ban 43.135.134.197
Jun 03 15:12:36 guillotine fail2ban[110933]: [sshd] Ban 129.226.219.243
Jun 03 15:12:40 guillotine fail2ban[110933]: [sshd] Ban 42.112.16.10
Jun 03 15:12:41 guillotine fail2ban[110933]: [sshd] Ban 101.32.141.81
Jun 03 15:12:53 guillotine fail2ban[110933]: [sshd] Ban 180.242.130.169
Jun 03 15:14:29 guillotine fail2ban[110933]: [sshd] Ban 167.172.82.103
Jun 03 16:05:51 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 03 16:07:26 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 03 16:11:55 guillotine fail2ban[110933]: [sshd] Unban 34.172.117.17
Jun 03 16:12:00 guillotine fail2ban[110933]: [sshd] Unban 42.96.46.204
Jun 03 16:12:06 guillotine fail2ban[110933]: [sshd] Unban 43.134.102.169
Jun 03 16:12:15 guillotine fail2ban[110933]: [sshd] Unban 161.35.86.122
Jun 03 16:12:16 guillotine fail2ban[110933]: [sshd] Unban 43.163.194.242
Jun 03 16:12:30 guillotine fail2ban[110933]: [sshd] Unban 186.227.193.156
Jun 03 16:12:32 guillotine fail2ban[110933]: [sshd] Unban 43.163.230.39
Jun 03 16:12:33 guillotine fail2ban[110933]: [sshd] Unban 43.135.134.197
Jun 03 16:12:35 guillotine fail2ban[110933]: [sshd] Unban 129.226.219.243
Jun 03 16:12:39 guillotine fail2ban[110933]: [sshd] Unban 42.112.16.10
Jun 03 16:12:40 guillotine fail2ban[110933]: [sshd] Unban 101.32.141.81
Jun 03 16:12:53 guillotine fail2ban[110933]: [sshd] Unban 180.242.130.169
Jun 03 16:14:28 guillotine fail2ban[110933]: [sshd] Unban 167.172.82.103
Jun 03 16:29:46 guillotine sshd[161856]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 16:32:48 guillotine sshd[161901]: error: kex_exchange_identification: client sent invalid protocol identifier "GET / HTTP/1.1"
Jun 03 16:47:00 guillotine fail2ban[110933]: [sshd] Ban 43.156.169.236
Jun 03 16:56:03 guillotine fail2ban[110933]: [sshd] Ban 159.65.181.182
Jun 03 16:56:32 guillotine fail2ban[110933]: [sshd] Ban 43.153.172.6
Jun 03 16:56:35 guillotine fail2ban[110933]: [sshd] Ban 94.254.0.234
Jun 03 16:56:42 guillotine fail2ban[110933]: [sshd] Ban 138.68.169.219
Jun 03 16:56:46 guillotine fail2ban[110933]: [sshd] Ban 64.226.75.247
Jun 03 16:56:50 guillotine fail2ban[110933]: [sshd] Ban 79.137.198.143
Jun 03 16:56:55 guillotine fail2ban[110933]: [sshd] Ban 35.209.160.244
Jun 03 16:57:02 guillotine fail2ban[110933]: [sshd] Ban 43.159.59.67
Jun 03 16:57:03 guillotine fail2ban[110933]: [sshd] Ban 43.134.175.129
Jun 03 17:07:26 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 03 17:47:00 guillotine fail2ban[110933]: [sshd] Unban 43.156.169.236
Jun 03 17:56:02 guillotine fail2ban[110933]: [sshd] Unban 159.65.181.182
Jun 03 17:56:31 guillotine fail2ban[110933]: [sshd] Unban 43.153.172.6
Jun 03 17:56:35 guillotine fail2ban[110933]: [sshd] Unban 94.254.0.234
Jun 03 17:56:41 guillotine fail2ban[110933]: [sshd] Unban 138.68.169.219
Jun 03 17:56:45 guillotine fail2ban[110933]: [sshd] Unban 64.226.75.247
Jun 03 17:56:50 guillotine fail2ban[110933]: [sshd] Unban 79.137.198.143
Jun 03 17:56:55 guillotine fail2ban[110933]: [sshd] Unban 35.209.160.244
Jun 03 17:57:01 guillotine fail2ban[110933]: [sshd] Unban 43.159.59.67
Jun 03 17:57:02 guillotine fail2ban[110933]: [sshd] Unban 43.134.175.129
Jun 03 18:15:04 guillotine sshd[162854]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 18:15:14 guillotine sshd[162856]: error: kex_exchange_identification: read: Connection reset by peer
Jun 03 18:15:22 guillotine sshd[162857]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 18:15:22 guillotine fail2ban[110933]: [sshd] Ban 8.210.93.44
Jun 03 18:15:47 guillotine sshd[162875]: error: kex_exchange_identification: client sent invalid protocol identifier "MGLNDD_51.159.104.131_2222"
Jun 03 18:28:51 guillotine sshd[162951]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 18:29:00 guillotine sshd[162952]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 19:15:22 guillotine fail2ban[110933]: [sshd] Unban 8.210.93.44
Jun 03 19:16:34 guillotine sshd[163373]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 19:16:42 guillotine sshd[163374]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 19:20:14 guillotine sshd[163387]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 19:20:26 guillotine sshd[163390]: error: kex_exchange_identification: Connection closed by remote host
Jun 03 19:20:39 guillotine sshd[163391]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 19:20:39 guillotine fail2ban[110933]: [sshd] Ban 8.217.2.214
Jun 03 19:25:56 guillotine fail2ban[110933]: [sshd] Ban 43.163.244.40
Jun 03 19:26:05 guillotine fail2ban[110933]: [sshd] Ban 159.203.170.197
Jun 03 19:26:11 guillotine fail2ban[110933]: [sshd] Ban 43.156.33.129
Jun 03 19:26:16 guillotine fail2ban[110933]: [sshd] Ban 43.159.143.206
Jun 03 19:26:18 guillotine fail2ban[110933]: [sshd] Ban 43.134.44.86
Jun 03 19:26:23 guillotine fail2ban[110933]: [sshd] Ban 43.134.232.254
Jun 03 19:26:25 guillotine fail2ban[110933]: [sshd] Ban 34.139.17.74
Jun 03 19:26:30 guillotine fail2ban[110933]: [sshd] Ban 43.163.219.110
Jun 03 19:26:30 guillotine fail2ban[110933]: [sshd] Ban 106.60.69.136
Jun 03 19:26:41 guillotine fail2ban[110933]: [sshd] Ban 137.220.191.189
Jun 03 19:26:45 guillotine fail2ban[110933]: [sshd] Ban 165.22.59.198
Jun 03 19:26:48 guillotine fail2ban[110933]: [sshd] Ban 43.128.106.66
Jun 03 19:32:36 guillotine fail2ban[110933]: [sshd] Ban 186.67.248.8
Jun 03 19:54:53 guillotine sshd[163733]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 20:20:39 guillotine fail2ban[110933]: [sshd] Unban 8.217.2.214
Jun 03 20:25:56 guillotine fail2ban[110933]: [sshd] Unban 43.163.244.40
Jun 03 20:26:05 guillotine fail2ban[110933]: [sshd] Unban 159.203.170.197
Jun 03 20:26:11 guillotine fail2ban[110933]: [sshd] Unban 43.156.33.129
Jun 03 20:26:15 guillotine fail2ban[110933]: [sshd] Unban 43.159.143.206
Jun 03 20:26:18 guillotine fail2ban[110933]: [sshd] Unban 43.134.44.86
Jun 03 20:26:23 guillotine fail2ban[110933]: [sshd] Unban 43.134.232.254
Jun 03 20:26:25 guillotine fail2ban[110933]: [sshd] Unban 34.139.17.74
Jun 03 20:26:29 guillotine fail2ban[110933]: [sshd] Unban 43.163.219.110
Jun 03 20:26:30 guillotine fail2ban[110933]: [sshd] Unban 106.60.69.136
Jun 03 20:26:41 guillotine fail2ban[110933]: [sshd] Unban 137.220.191.189
Jun 03 20:26:45 guillotine fail2ban[110933]: [sshd] Unban 165.22.59.198
Jun 03 20:26:48 guillotine fail2ban[110933]: [sshd] Unban 43.128.106.66
Jun 03 20:29:18 guillotine sshd[164038]: error: kex_exchange_identification: Connection closed by remote host
Jun 03 20:29:19 guillotine sshd[164039]: error: kex_exchange_identification: Connection closed by remote host
Jun 03 20:32:36 guillotine fail2ban[110933]: [sshd] Unban 186.67.248.8
Jun 03 20:35:47 guillotine fail2ban[110933]: [sshd] Ban 51.159.103.10
Jun 03 20:39:16 guillotine fail2ban[110933]: [sshd] Ban 178.128.101.31
Jun 03 20:39:28 guillotine fail2ban[110933]: [sshd] Ban 43.134.166.245
Jun 03 20:39:32 guillotine fail2ban[110933]: [sshd] Ban 187.49.152.10
Jun 03 20:39:55 guillotine fail2ban[110933]: [sshd] Ban 43.133.72.103
Jun 03 20:46:54 guillotine chronyd[913]: Detected falseticker 51.158.147.185 (2.rocky.pool.ntp.org)
Jun 03 21:17:57 guillotine fail2ban[110933]: [sshd] Ban 125.16.191.57
Jun 03 21:35:47 guillotine fail2ban[110933]: [sshd] Unban 51.159.103.10
Jun 03 21:39:16 guillotine fail2ban[110933]: [sshd] Unban 178.128.101.31
Jun 03 21:39:27 guillotine fail2ban[110933]: [sshd] Unban 43.134.166.245
Jun 03 21:39:32 guillotine fail2ban[110933]: [sshd] Unban 187.49.152.10
Jun 03 21:39:54 guillotine fail2ban[110933]: [sshd] Unban 43.133.72.103
Jun 03 21:46:29 guillotine sshd[164706]: error: kex_exchange_identification: banner line contains invalid characters
Jun 03 21:46:36 guillotine sshd[164707]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 03 22:17:56 guillotine fail2ban[110933]: [sshd] Unban 125.16.191.57
Jun 03 23:22:19 guillotine sshd[165451]: fatal: Timeout before authentication for 61.153.208.38 port 37308
Jun 03 23:50:25 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 2 [preauth]
Jun 03 23:50:25 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 3 [preauth]
Jun 03 23:50:26 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 4 [preauth]
Jun 03 23:50:26 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 5 [preauth]
Jun 03 23:50:28 guillotine sshd[165679]: error: kex_protocol_error: type 20 seq 6 [preauth]
Jun 03 23:50:28 guillotine sshd[165679]: error: kex_protocol_error: type 30 seq 7 [preauth]
Jun 03 23:52:04 guillotine sudo[165720]: tom : a password is required ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 04 00:04:16 guillotine sshd[166223]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 00:59:10 guillotine fail2ban[110933]: [sshd] Ban 102.53.9.67
Jun 04 00:59:39 guillotine fail2ban[110933]: [sshd] Ban 51.178.183.237
Jun 04 01:00:25 guillotine sshd[166673]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 01:00:35 guillotine sshd[166674]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 01:00:48 guillotine sshd[166681]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 01:00:49 guillotine fail2ban[110933]: [sshd] Ban 128.199.219.184
Jun 04 01:23:30 guillotine sshd[166903]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 01:24:02 guillotine sshd[166902]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 01:48:39 guillotine fail2ban[110933]: [sshd] Ban 203.228.30.198
Jun 04 01:48:45 guillotine fail2ban[110933]: [sshd] Ban 82.102.12.130
Jun 04 01:48:48 guillotine fail2ban[110933]: [sshd] Ban 156.232.11.32
Jun 04 01:48:58 guillotine fail2ban[110933]: [sshd] Ban 211.253.9.49
Jun 04 01:49:00 guillotine fail2ban[110933]: [sshd] Ban 129.226.152.106
Jun 04 01:49:19 guillotine fail2ban[110933]: [sshd] Ban 206.189.175.87
Jun 04 01:59:09 guillotine fail2ban[110933]: [sshd] Unban 102.53.9.67
Jun 04 01:59:39 guillotine fail2ban[110933]: [sshd] Unban 51.178.183.237
Jun 04 02:00:48 guillotine fail2ban[110933]: [sshd] Unban 128.199.219.184
Jun 04 02:28:43 guillotine fail2ban[110933]: [sshd] Ban 47.180.114.229
Jun 04 02:48:39 guillotine fail2ban[110933]: [sshd] Unban 203.228.30.198
Jun 04 02:48:45 guillotine fail2ban[110933]: [sshd] Unban 82.102.12.130
Jun 04 02:48:47 guillotine fail2ban[110933]: [sshd] Unban 156.232.11.32
Jun 04 02:48:58 guillotine fail2ban[110933]: [sshd] Unban 211.253.9.49
Jun 04 02:49:00 guillotine fail2ban[110933]: [sshd] Unban 129.226.152.106
Jun 04 02:49:19 guillotine fail2ban[110933]: [sshd] Unban 206.189.175.87
Jun 04 02:53:41 guillotine fail2ban[110933]: [sshd] Ban 8.219.234.76
Jun 04 02:55:05 guillotine fail2ban[110933]: [sshd] Ban 206.217.133.9
Jun 04 02:55:10 guillotine fail2ban[110933]: [sshd] Ban 81.192.46.45
Jun 04 02:55:10 guillotine fail2ban[110933]: [sshd] Ban 1.238.106.229
Jun 04 02:55:14 guillotine fail2ban[110933]: [sshd] Ban 47.247.116.211
Jun 04 02:55:20 guillotine fail2ban[110933]: [sshd] Ban 47.236.180.33
Jun 04 02:55:46 guillotine fail2ban[110933]: [sshd] Ban 20.204.165.90
Jun 04 03:01:01 guillotine fail2ban[110933]: [sshd] Ban 186.67.248.5
Jun 04 03:09:30 guillotine fail2ban[110933]: [sshd] Ban 157.148.123.243
Jun 04 03:24:22 guillotine sshd[168116]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 03:27:32 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 03:28:43 guillotine fail2ban[110933]: [sshd] Unban 47.180.114.229
Jun 04 03:53:41 guillotine fail2ban[110933]: [sshd] Unban 8.219.234.76
Jun 04 03:55:05 guillotine fail2ban[110933]: [sshd] Unban 206.217.133.9
Jun 04 03:55:09 guillotine fail2ban[110933]: [sshd] Unban 81.192.46.45
Jun 04 03:55:10 guillotine fail2ban[110933]: [sshd] Unban 1.238.106.229
Jun 04 03:55:14 guillotine fail2ban[110933]: [sshd] Unban 47.247.116.211
Jun 04 03:55:20 guillotine fail2ban[110933]: [sshd] Unban 47.236.180.33
Jun 04 03:55:45 guillotine fail2ban[110933]: [sshd] Unban 20.204.165.90
Jun 04 03:55:47 guillotine fail2ban[110933]: [sshd] Ban 200.234.228.23
Jun 04 03:56:03 guillotine fail2ban[110933]: [sshd] Ban 43.134.165.54
Jun 04 03:56:16 guillotine fail2ban[110933]: [sshd] Ban 43.133.231.57
Jun 04 03:56:20 guillotine fail2ban[110933]: [sshd] Ban 128.199.73.168
Jun 04 04:01:00 guillotine fail2ban[110933]: [sshd] Unban 186.67.248.5
Jun 04 04:04:40 guillotine fail2ban[110933]: [sshd] Ban 58.33.58.37
Jun 04 04:09:29 guillotine fail2ban[110933]: [sshd] Unban 157.148.123.243
Jun 04 04:27:31 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 04:28:41 guillotine fail2ban[110933]: [sshd] Ban 43.131.254.59
Jun 04 04:28:42 guillotine fail2ban[110933]: [sshd] Ban 135.0.208.122
Jun 04 04:28:59 guillotine fail2ban[110933]: [sshd] Ban 174.138.61.67
Jun 04 04:29:00 guillotine fail2ban[110933]: [sshd] Ban 146.190.60.168
Jun 04 04:29:10 guillotine fail2ban[110933]: [sshd] Ban 50.206.19.62
Jun 04 04:29:12 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 04:29:12 guillotine fail2ban[110933]: [sshd] Ban 34.175.118.185
Jun 04 04:29:20 guillotine fail2ban[110933]: [sshd] Ban 171.104.143.176
Jun 04 04:29:35 guillotine fail2ban[110933]: [sshd] Ban 148.72.246.251
Jun 04 04:30:04 guillotine fail2ban[110933]: [sshd] Ban 185.227.136.16
Jun 04 04:35:18 guillotine fail2ban[110933]: [sshd] Ban 93.120.240.202
Jun 04 04:55:46 guillotine fail2ban[110933]: [sshd] Unban 200.234.228.23
Jun 04 04:56:02 guillotine fail2ban[110933]: [sshd] Unban 43.134.165.54
Jun 04 04:56:15 guillotine fail2ban[110933]: [sshd] Unban 43.133.231.57
Jun 04 04:56:19 guillotine fail2ban[110933]: [sshd] Unban 128.199.73.168
Jun 04 04:58:52 guillotine sshd[168977]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 04:59:16 guillotine sshd[168978]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 05:04:40 guillotine fail2ban[110933]: [sshd] Unban 58.33.58.37
Jun 04 05:14:37 guillotine sshd[169146]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 05:14:55 guillotine sshd[169147]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 05:28:41 guillotine fail2ban[110933]: [sshd] Unban 43.131.254.59
Jun 04 05:28:42 guillotine fail2ban[110933]: [sshd] Unban 135.0.208.122
Jun 04 05:28:58 guillotine fail2ban[110933]: [sshd] Unban 174.138.61.67
Jun 04 05:28:59 guillotine fail2ban[110933]: [sshd] Unban 146.190.60.168
Jun 04 05:29:10 guillotine fail2ban[110933]: [sshd] Unban 50.206.19.62
Jun 04 05:29:12 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 05:29:12 guillotine fail2ban[110933]: [sshd] Unban 34.175.118.185
Jun 04 05:29:20 guillotine fail2ban[110933]: [sshd] Unban 171.104.143.176
Jun 04 05:29:35 guillotine fail2ban[110933]: [sshd] Unban 148.72.246.251
Jun 04 05:30:04 guillotine fail2ban[110933]: [sshd] Unban 185.227.136.16
Jun 04 05:30:39 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 05:35:18 guillotine fail2ban[110933]: [sshd] Unban 93.120.240.202
Jun 04 06:30:38 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 06:34:08 guillotine sshd[169808]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 07:13:04 guillotine sshd[170138]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 07:38:32 guillotine sshd[170298]: error: kex_protocol_error: type 20 seq 2 [preauth]
Jun 04 07:38:32 guillotine sshd[170298]: error: kex_protocol_error: type 30 seq 3 [preauth]
Jun 04 08:22:14 guillotine fail2ban[110933]: [sshd] Ban 160.153.234.75
Jun 04 08:25:16 guillotine sshd[170675]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 08:28:07 guillotine sshd[170706]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 09:22:14 guillotine fail2ban[110933]: [sshd] Unban 160.153.234.75
Jun 04 09:35:40 guillotine fail2ban[110933]: [sshd] Ban 8.222.233.248
Jun 04 09:35:42 guillotine fail2ban[110933]: [sshd] Ban 8.222.244.69
Jun 04 09:36:16 guillotine fail2ban[110933]: [sshd] Ban 73.135.38.134
Jun 04 09:36:48 guillotine fail2ban[110933]: [sshd] Ban 139.59.86.114
Jun 04 09:36:49 guillotine fail2ban[110933]: [sshd] Ban 43.153.220.11
Jun 04 09:36:57 guillotine fail2ban[110933]: [sshd] Ban 45.5.159.36
Jun 04 09:37:22 guillotine fail2ban[110933]: [sshd] Ban 124.156.203.181
Jun 04 09:39:35 guillotine fail2ban[110933]: [sshd] Ban 119.82.65.203
Jun 04 10:15:46 guillotine sshd[171636]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 10:19:43 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 10:28:00 guillotine fail2ban[110933]: [sshd] Ban 113.125.89.142
Jun 04 10:31:52 guillotine sshd[171784]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 10:31:59 guillotine sshd[171785]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 10:34:20 guillotine fail2ban[110933]: [sshd] Ban 101.126.70.135
Jun 04 10:35:40 guillotine fail2ban[110933]: [sshd] Unban 8.222.233.248
Jun 04 10:35:41 guillotine fail2ban[110933]: [sshd] Unban 8.222.244.69
Jun 04 10:36:15 guillotine fail2ban[110933]: [sshd] Unban 73.135.38.134
Jun 04 10:36:48 guillotine fail2ban[110933]: [sshd] Unban 139.59.86.114
Jun 04 10:36:49 guillotine fail2ban[110933]: [sshd] Unban 43.153.220.11
Jun 04 10:36:57 guillotine fail2ban[110933]: [sshd] Unban 45.5.159.36
Jun 04 10:37:22 guillotine fail2ban[110933]: [sshd] Unban 124.156.203.181
Jun 04 10:39:34 guillotine fail2ban[110933]: [sshd] Unban 119.82.65.203
Jun 04 11:09:37 guillotine fail2ban[110933]: [sshd] Ban 8.222.254.198
Jun 04 11:10:10 guillotine fail2ban[110933]: [sshd] Ban 43.133.69.180
Jun 04 11:10:37 guillotine fail2ban[110933]: [sshd] Ban 14.18.92.211
Jun 04 11:10:50 guillotine fail2ban[110933]: [sshd] Ban 102.217.123.243
Jun 04 11:19:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 11:20:44 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 11:27:59 guillotine fail2ban[110933]: [sshd] Unban 113.125.89.142
Jun 04 11:28:59 guillotine fail2ban[110933]: [sshd] Ban 91.107.155.186
Jun 04 11:29:20 guillotine fail2ban[110933]: [sshd] Ban 146.59.127.25
Jun 04 11:29:24 guillotine fail2ban[110933]: [sshd] Ban 98.70.39.209
Jun 04 11:29:32 guillotine fail2ban[110933]: [sshd] Ban 182.76.168.226
Jun 04 11:29:36 guillotine fail2ban[110933]: [sshd] Ban 185.174.136.146
Jun 04 11:29:52 guillotine fail2ban[110933]: [sshd] Ban 139.59.56.53
Jun 04 11:30:01 guillotine fail2ban[110933]: [sshd] Ban 185.255.90.193
Jun 04 11:30:23 guillotine fail2ban[110933]: [sshd] Ban 179.51.153.37
Jun 04 11:30:27 guillotine fail2ban[110933]: [sshd] Ban 97.74.95.243
Jun 04 11:34:20 guillotine fail2ban[110933]: [sshd] Unban 101.126.70.135
Jun 04 11:36:22 guillotine sshd[172409]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 11:36:32 guillotine sshd[172410]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 12:09:37 guillotine fail2ban[110933]: [sshd] Unban 8.222.254.198
Jun 04 12:10:10 guillotine fail2ban[110933]: [sshd] Unban 43.133.69.180
Jun 04 12:10:37 guillotine fail2ban[110933]: [sshd] Unban 14.18.92.211
Jun 04 12:10:49 guillotine fail2ban[110933]: [sshd] Unban 102.217.123.243
Jun 04 12:20:43 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 12:22:26 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 12:28:59 guillotine fail2ban[110933]: [sshd] Unban 91.107.155.186
Jun 04 12:29:19 guillotine fail2ban[110933]: [sshd] Unban 146.59.127.25
Jun 04 12:29:23 guillotine fail2ban[110933]: [sshd] Unban 98.70.39.209
Jun 04 12:29:31 guillotine fail2ban[110933]: [sshd] Unban 182.76.168.226
Jun 04 12:29:37 guillotine fail2ban[110933]: [sshd] Unban 185.174.136.146
Jun 04 12:29:53 guillotine fail2ban[110933]: [sshd] Unban 139.59.56.53
Jun 04 12:30:01 guillotine fail2ban[110933]: [sshd] Unban 185.255.90.193
Jun 04 12:30:23 guillotine fail2ban[110933]: [sshd] Unban 179.51.153.37
Jun 04 12:30:26 guillotine fail2ban[110933]: [sshd] Unban 97.74.95.243
Jun 04 13:22:26 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 14:18:38 guillotine sshd[173741]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 14:24:54 guillotine fail2ban[110933]: [sshd] Ban 51.159.103.10
Jun 04 14:57:42 guillotine sshd[174042]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 14:57:49 guillotine sshd[174043]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 15:23:00 guillotine sshd[174265]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 15:23:14 guillotine sshd[174266]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 15:23:27 guillotine sshd[174267]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 15:23:27 guillotine fail2ban[110933]: [sshd] Ban 8.210.0.180
Jun 04 15:24:54 guillotine fail2ban[110933]: [sshd] Unban 51.159.103.10
Jun 04 16:02:12 guillotine sshd[174994]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 16:09:14 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
Jun 04 16:23:27 guillotine fail2ban[110933]: [sshd] Unban 8.210.0.180
Jun 04 16:50:21 guillotine fail2ban[110933]: [sshd] Ban 190.181.15.3
Jun 04 16:51:15 guillotine fail2ban[110933]: [sshd] Ban 14.29.255.83
Jun 04 17:08:43 guillotine fail2ban[110933]: [sshd] Ban 47.236.202.247
Jun 04 17:08:54 guillotine fail2ban[110933]: [sshd] Ban 8.219.234.169
Jun 04 17:09:14 guillotine fail2ban[110933]: [sshd] Ban 102.223.92.101
Jun 04 17:09:15 guillotine fail2ban[110933]: [sshd] Ban 43.133.58.7
Jun 04 17:09:16 guillotine fail2ban[110933]: [sshd] Ban 47.236.159.218
Jun 04 17:09:16 guillotine fail2ban[110933]: [sshd] Ban 192.210.203.178
Jun 04 17:09:17 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
Jun 04 17:09:26 guillotine fail2ban[110933]: [sshd] Ban 118.45.205.44
Jun 04 17:09:27 guillotine fail2ban[110933]: [sshd] Ban 43.163.230.39
Jun 04 17:09:32 guillotine fail2ban[110933]: [sshd] Ban 43.163.197.66
Jun 04 17:09:35 guillotine fail2ban[110933]: [sshd] Ban 43.156.14.158
Jun 04 17:09:36 guillotine fail2ban[110933]: [sshd] Ban 43.133.235.144
Jun 04 17:09:41 guillotine fail2ban[110933]: [sshd] Ban 103.113.177.231
Jun 04 17:09:44 guillotine fail2ban[110933]: [sshd] Ban 193.151.151.9
Jun 04 17:10:04 guillotine fail2ban[110933]: [sshd] Ban 112.196.70.142
Jun 04 17:10:05 guillotine fail2ban[110933]: [sshd] Ban 190.146.39.82
Jun 04 17:10:57 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
Jun 04 17:17:20 guillotine sshd[176450]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 17:17:40 guillotine sshd[176451]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 17:18:20 guillotine fail2ban[110933]: [sshd] Ban 159.75.115.211
Jun 04 17:33:52 guillotine fail2ban[110933]: [sshd] Ban 119.188.90.230
Jun 04 17:50:21 guillotine fail2ban[110933]: [sshd] Unban 190.181.15.3
Jun 04 17:51:15 guillotine fail2ban[110933]: [sshd] Unban 14.29.255.83
Jun 04 18:08:43 guillotine fail2ban[110933]: [sshd] Unban 47.236.202.247
Jun 04 18:08:54 guillotine fail2ban[110933]: [sshd] Unban 8.219.234.169
Jun 04 18:09:14 guillotine fail2ban[110933]: [sshd] Unban 102.223.92.101
Jun 04 18:09:14 guillotine fail2ban[110933]: [sshd] Unban 43.133.58.7
Jun 04 18:09:15 guillotine fail2ban[110933]: [sshd] Unban 47.236.159.218
Jun 04 18:09:16 guillotine fail2ban[110933]: [sshd] Unban 192.210.203.178
Jun 04 18:09:26 guillotine fail2ban[110933]: [sshd] Unban 118.45.205.44
Jun 04 18:09:27 guillotine fail2ban[110933]: [sshd] Unban 43.163.230.39
Jun 04 18:09:32 guillotine fail2ban[110933]: [sshd] Unban 43.163.197.66
Jun 04 18:09:35 guillotine fail2ban[110933]: [sshd] Unban 43.156.14.158
Jun 04 18:09:36 guillotine fail2ban[110933]: [sshd] Unban 43.133.235.144
Jun 04 18:09:41 guillotine fail2ban[110933]: [sshd] Unban 103.113.177.231
Jun 04 18:09:44 guillotine fail2ban[110933]: [sshd] Unban 193.151.151.9
Jun 04 18:10:04 guillotine fail2ban[110933]: [sshd] Unban 112.196.70.142
Jun 04 18:10:05 guillotine fail2ban[110933]: [sshd] Unban 190.146.39.82
Jun 04 18:10:57 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
Jun 04 18:12:42 guillotine fail2ban[110933]: [sshd] Ban 159.65.163.160
Jun 04 18:18:19 guillotine fail2ban[110933]: [sshd] Unban 159.75.115.211
Jun 04 18:21:48 guillotine sudo[177022]: tom : a password is required ; PWD=/home/tom ; USER=root ; COMMAND=/bin/etckeeper unclean
Jun 04 18:33:52 guillotine fail2ban[110933]: [sshd] Unban 119.188.90.230
Jun 04 19:07:23 guillotine fail2ban[110933]: [sshd] Ban 142.93.174.224
Jun 04 19:07:51 guillotine fail2ban[110933]: [sshd] Ban 185.201.49.245
Jun 04 19:08:29 guillotine sshd[177423]: error: kex_exchange_identification: Connection closed by remote host
Jun 04 19:11:05 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 19:11:20 guillotine fail2ban[110933]: [sshd] Ban 124.225.41.217
Jun 04 19:12:42 guillotine fail2ban[110933]: [sshd] Unban 159.65.163.160
Jun 04 19:28:37 guillotine sshd[177583]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 19:45:45 guillotine fail2ban[110933]: [sshd] Ban 125.74.194.50
Jun 04 19:47:22 guillotine fail2ban[110933]: [sshd] Ban 43.163.242.195
Jun 04 19:47:43 guillotine fail2ban[110933]: [sshd] Ban 43.163.244.112
Jun 04 19:47:45 guillotine fail2ban[110933]: [sshd] Ban 92.222.180.245
Jun 04 19:47:48 guillotine fail2ban[110933]: [sshd] Ban 81.88.196.117
Jun 04 19:48:04 guillotine fail2ban[110933]: [sshd] Ban 43.134.49.143
Jun 04 19:48:17 guillotine fail2ban[110933]: [sshd] Ban 169.255.134.248
Jun 04 19:48:22 guillotine fail2ban[110933]: [sshd] Ban 43.155.176.172
Jun 04 19:48:41 guillotine fail2ban[110933]: [sshd] Ban 139.59.120.195
Jun 04 20:07:22 guillotine fail2ban[110933]: [sshd] Unban 142.93.174.224
Jun 04 20:07:50 guillotine fail2ban[110933]: [sshd] Unban 185.201.49.245
Jun 04 20:11:05 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 20:11:19 guillotine fail2ban[110933]: [sshd] Unban 124.225.41.217
Jun 04 20:12:40 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 20:19:22 guillotine sshd[178062]: fatal: Timeout before authentication for 220.135.162.68 port 52084
Jun 04 20:33:31 guillotine fail2ban[110933]: [sshd] Ban 43.159.35.254
Jun 04 20:33:32 guillotine fail2ban[110933]: [sshd] Ban 186.208.146.137
Jun 04 20:33:44 guillotine fail2ban[110933]: [sshd] Ban 82.156.55.164
Jun 04 20:33:49 guillotine fail2ban[110933]: [sshd] Ban 103.154.63.71
Jun 04 20:33:52 guillotine fail2ban[110933]: [sshd] Ban 43.134.118.9
Jun 04 20:34:04 guillotine fail2ban[110933]: [sshd] Ban 43.163.226.92
Jun 04 20:42:54 guillotine fail2ban[110933]: [sshd] Ban 140.246.137.102
Jun 04 20:45:44 guillotine fail2ban[110933]: [sshd] Unban 125.74.194.50
Jun 04 20:47:21 guillotine fail2ban[110933]: [sshd] Unban 43.163.242.195
Jun 04 20:47:43 guillotine fail2ban[110933]: [sshd] Unban 43.163.244.112
Jun 04 20:47:44 guillotine fail2ban[110933]: [sshd] Unban 92.222.180.245
Jun 04 20:47:48 guillotine fail2ban[110933]: [sshd] Unban 81.88.196.117
Jun 04 20:48:04 guillotine fail2ban[110933]: [sshd] Unban 43.134.49.143
Jun 04 20:48:17 guillotine fail2ban[110933]: [sshd] Unban 169.255.134.248
Jun 04 20:48:21 guillotine fail2ban[110933]: [sshd] Unban 43.155.176.172
Jun 04 20:48:40 guillotine fail2ban[110933]: [sshd] Unban 139.59.120.195
Jun 04 20:52:12 guillotine sshd[178400]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 20:54:19 guillotine sshd[178401]: fatal: Timeout before authentication for 8.138.83.224 port 38470
Jun 04 20:54:52 guillotine sshd[178403]: fatal: Timeout before authentication for 8.138.83.224 port 50732
Jun 04 20:55:20 guillotine sshd[178405]: fatal: Timeout before authentication for 8.138.83.224 port 45986
Jun 04 20:56:22 guillotine sshd[178407]: fatal: Timeout before authentication for 8.138.83.224 port 38058
Jun 04 21:12:39 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 21:13:48 guillotine fail2ban[110933]: [sshd] Ban 170.64.185.217
Jun 04 21:33:30 guillotine fail2ban[110933]: [sshd] Unban 43.159.35.254
Jun 04 21:33:31 guillotine fail2ban[110933]: [sshd] Unban 186.208.146.137
Jun 04 21:33:44 guillotine fail2ban[110933]: [sshd] Unban 82.156.55.164
Jun 04 21:33:49 guillotine fail2ban[110933]: [sshd] Unban 103.154.63.71
Jun 04 21:33:52 guillotine fail2ban[110933]: [sshd] Unban 43.134.118.9
Jun 04 21:34:04 guillotine fail2ban[110933]: [sshd] Unban 43.163.226.92
Jun 04 21:42:53 guillotine fail2ban[110933]: [sshd] Unban 140.246.137.102
Jun 04 22:13:47 guillotine fail2ban[110933]: [sshd] Unban 170.64.185.217
Jun 04 22:38:22 guillotine sshd[179242]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 23:01:37 guillotine fail2ban[110933]: [sshd] Ban 200.129.69.7
Jun 04 23:01:51 guillotine fail2ban[110933]: [sshd] Ban 165.227.9.20
Jun 04 23:02:03 guillotine fail2ban[110933]: [sshd] Ban 43.153.23.214
Jun 04 23:02:10 guillotine fail2ban[110933]: [sshd] Ban 187.237.252.211
Jun 04 23:02:11 guillotine fail2ban[110933]: [sshd] Ban 43.163.222.63
Jun 04 23:09:16 guillotine fail2ban[110933]: [sshd] Ban 59.120.213.62
Jun 04 23:17:11 guillotine sshd[179621]: error: kex_exchange_identification: banner line contains invalid characters
Jun 04 23:17:34 guillotine sshd[179624]: error: kex_exchange_identification: read: Connection reset by peer
Jun 04 23:17:45 guillotine sshd[179626]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 04 23:17:46 guillotine fail2ban[110933]: [sshd] Ban 8.210.81.89
Jun 04 23:19:01 guillotine sshd[179622]: fatal: Timeout before authentication for 191.36.153.200 port 39548
Jun 04 23:50:23 guillotine fail2ban[110933]: [sshd] Ban 180.167.207.234
Jun 04 23:57:17 guillotine fail2ban[110933]: [sshd] Ban 119.84.70.221
Jun 05 00:01:36 guillotine fail2ban[110933]: [sshd] Unban 200.129.69.7
Jun 05 00:01:51 guillotine fail2ban[110933]: [sshd] Unban 165.227.9.20
Jun 05 00:02:04 guillotine fail2ban[110933]: [sshd] Unban 43.153.23.214
Jun 05 00:02:10 guillotine fail2ban[110933]: [sshd] Unban 187.237.252.211
Jun 05 00:02:11 guillotine fail2ban[110933]: [sshd] Unban 43.163.222.63
Jun 05 00:09:15 guillotine fail2ban[110933]: [sshd] Unban 59.120.213.62
Jun 05 00:09:18 guillotine fail2ban[110933]: [sshd] Ban 116.196.109.53
Jun 05 00:17:45 guillotine fail2ban[110933]: [sshd] Unban 8.210.81.89
Jun 05 00:50:23 guillotine fail2ban[110933]: [sshd] Unban 180.167.207.234
Jun 05 00:56:28 guillotine fail2ban[110933]: [sshd] Ban 69.49.245.160
Jun 05 00:56:31 guillotine fail2ban[110933]: [sshd] Ban 103.142.87.177
Jun 05 00:56:35 guillotine fail2ban[110933]: [sshd] Ban 198.46.210.89
Jun 05 00:56:39 guillotine fail2ban[110933]: [sshd] Ban 159.75.119.3
Jun 05 00:56:47 guillotine fail2ban[110933]: [sshd] Ban 45.152.112.157
Jun 05 00:56:48 guillotine fail2ban[110933]: [sshd] Ban 220.74.58.37
Jun 05 00:56:50 guillotine fail2ban[110933]: [sshd] Ban 185.17.229.65
Jun 05 00:56:51 guillotine fail2ban[110933]: [sshd] Ban 43.153.192.241
Jun 05 00:57:02 guillotine fail2ban[110933]: [sshd] Ban 43.156.26.222
Jun 05 00:57:17 guillotine fail2ban[110933]: [sshd] Unban 119.84.70.221
Jun 05 00:57:41 guillotine fail2ban[110933]: [sshd] Ban 190.129.122.86
Jun 05 00:57:44 guillotine fail2ban[110933]: [sshd] Ban 124.156.198.8
Jun 05 00:58:14 guillotine fail2ban[110933]: [sshd] Ban 36.137.196.34
Jun 05 00:59:47 guillotine fail2ban[110933]: [sshd] Ban 82.157.101.163
Jun 05 01:09:18 guillotine fail2ban[110933]: [sshd] Unban 116.196.109.53
Jun 05 01:28:24 guillotine fail2ban[110933]: [sshd] Ban 34.126.125.175
Jun 05 01:28:33 guillotine fail2ban[110933]: [sshd] Ban 43.134.29.37
Jun 05 01:29:02 guillotine fail2ban[110933]: [sshd] Ban 150.109.5.130
Jun 05 01:36:19 guillotine fail2ban[110933]: [sshd] Ban 111.235.212.247
Jun 05 01:39:11 guillotine sshd[181337]: error: kex_exchange_identification: banner line contains invalid characters
Jun 05 01:39:13 guillotine sshd[181338]: error: kex_exchange_identification: read: Connection reset by peer
Jun 05 01:39:46 guillotine sshd[181342]: error: kex_exchange_identification: Connection closed by remote host
Jun 05 01:40:32 guillotine sshd[181358]: fatal: userauth_pubkey: parse packet: incomplete message [preauth]
Jun 05 01:40:32 guillotine fail2ban[110933]: [sshd] Ban 103.29.249.218
\########## fail2ban ##########
Status for the jail: sshd
|- Filter
| |- Currently failed: 4
| |- Total failed: 1010
| `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd
`- Actions
|- Currently banned: 18
|- Total banned: 194
`- Banned IP list: 69.49.245.160 103.142.87.177 198.46.210.89 159.75.119.3 45.152.112.157 220.74.58.37 185.17.229.65 43.153.192.241 43.156.26.222 190.129.122.86 124.156.198.8 36.137.196.34 82.157.101.163 34.126.125.175 43.134.29.37 150.109.5.130 111.235.212.247 103.29.249.218

5772
2024-07-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

5948
2024-08-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

6519
2024-09-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

6441
2024-10-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

13894
2024-11-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

12408
2024-12-05_guillotine.report Normal file
View File

File diff suppressed because it is too large Load Diff

50
2024-12-23.md Normal file
View File

@@ -0,0 +1,50 @@
vim: set filetype=markdown:
## Légende
* [ ] non fait
* [!] fait en partie
* [x|✓] fait en totalité
## Général
* [x] logs - journalctl --priority warning
* [x] mise à jour - dnf check-updates && yum update
* [x] reboot ( 4/an )
* [x] fail2ban - bon fonctionnement, ip bannies...
* [x] services - systemctl --failed
* [x] accès console depuis console scaleway
* [x] âge des certificats - certbot certificates | ag Expiry
## Stockage
* [x] cat /proc/mdstat
* [x] df -h
## Sauvegardes
This server is not backed up
## Services
### Sauvegardes
* [x] vérifier si /etc/zabbix/filelist.csv est à jour
### burp
* [x] mise à jour
* [x] logs
* [x] mise à jour burp-ui
* [x] verif acces burp-ui
* [x] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
sudo burp -c /etc/burp/recupe.conf -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
Ne pas oublier de supprimer les fichiers ensuite.
### rôle socle
* [ ] role socle
### Opérations notables

94
mco.md
View File

@@ -1,4 +1,3 @@
# <+hostname+>
vim: set filetype=markdown:
## Légende
@@ -8,85 +7,44 @@ vim: set filetype=markdown:
## Général
* [ ] logs - journalctl --priority warning
* [ ] mise à jour - yum check-updates && yum update
* [ ] mise à jour - dnf check-updates && yum update
* [ ] reboot ( 4/an )
* [ ] fail2ban - bon fonctionnement, ip bannies...
* [ ] services - systemctl --failed
* [ ] accès console depuis dedibox / ovh
* [ ] accès console depuis console scaleway
* [ ] âge des certificats - certbot certificates | ag Expiry
* [ ] zabbix: vérifier les graph / alertes du mois, les items invalides ...
## Stockage
* [ ] cat /proc/mdstat
* [ ] df -h
## Sauvegardes
* [ ] date de la dernière sauvegarde
* [ ] test de restauration
## Envoi de mail
* [ ] test send mail to root
## Zabbix
* [ ] vérifier dernières alertes
* [ ] vérifier items non supportés
* [ ] vérifier logs
This server is not backed up
## Services
### Apache et PHP-FPM
* [ ] apachecheck
* [ ] score ssl
* [ ] logs - ne pas oublier les logs des différents vhosts !
* taille
* fréquence dévenements
* rotation
### Sauvegardes
* [ ] vérifier si /etc/zabbix/filelist.csv est à jour
### MySQL
* [ ] mysqltuner
* [ ] mysql performance counters
* [ ] logs
* [ ] vérification âge sauvegarde
* [ ] vérification externalisation sauvegarde
* [ ] test restauration
### Docker
* [ ] logs
* [ ] vieilles images
* [ ] test arrêt et redémarrage
* [ ] mise à jour containers
### PostgreSQL
* [ ] logs
* [ ] espace disque
* [ ] vérification backup
* [ ] pgtuner
### Postfix / dovecot
* [ ] logs
* [ ] postqueue -p
* [ ] pflogsum
* [ ] blacklist check
### Rainloop
* [ ] mise à jour
* [ ] vérification taille répertoire de données
* [ ] suppression anciennes versions
### Ldap
* [ ] vérification âge sauvegarde
* [ ] vérification externalisation sauvegarde
* [ ] test restauration
### Application web
### burp
* [ ] mise à jour
* [ ] logs / fichiers temp ou cache
* [ ] logs
* [ ] mise à jour burp-ui
* [ ] verif acces burp-ui
* [ ] test restauration de fichier (indiquer le nom du client pour ne pas toujours prendre le même)
(ne pas oublier l'option -x si on veut récupérer une sauvegarde d'un poste windows)
### Nextcloud
* [ ] - logs (y compris logs nextcloud depuis config)
* [ ] - mise à jour core
* [ ] - mise à jour plugins
* [ ] - nettoyer vieux comptes utilisateurs ( php occ:show-remnants )
* [ ] - vérifier espace disque des principaux utilisateurs
* [ ] - vue d'ensemble
sudo burp -c /srv/nas/cig/burp_recup.conf -C bernard -a r -b 544 -r 'Réponse à contrôle.doc' -d /srv/recupe/ -s 5
on peut s'assurer de la validité des ficheirs via https://guillotine.opendoor.fr/
Ne pas oublier de supprimer les fichiers ensuite.
### rôle socle
* [ ] role socle
### Opérations notables