Брандмауэр сервера Ubuntu блокирует IP-адрес, с которого я к нему обращаюсь

433
Riz-waan

Мой брандмауэр на сервере Ubuntu блокирует IP-адрес, с которого я к нему обращаюсь. Вотiptables -L

Chain INPUT (policy DROP) target prot opt source destination DROP all -- 192.168.1.1 anywhere ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere  Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 192.168.1.1 anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere  Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere  Chain ufw-after-forward (1 references) target prot opt source destination  Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST  Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-after-logging-output (1 references) target prot opt source destination  Chain ufw-after-output (1 references) target prot opt source destination  Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere  Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere  Chain ufw-before-logging-forward (1 references) target prot opt source destination  Chain ufw-before-logging-input (1 references) target prot opt source destination  Chain ufw-before-logging-output (1 references) target prot opt source destination  Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere  Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "  Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere  Chain ufw-reject-forward (1 references) target prot opt source destination  Chain ufw-reject-input (1 references) target prot opt source destination  Chain ufw-reject-output (1 references) target prot opt source destination  Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere  Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere  Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere  Chain ufw-track-forward (1 references) target prot opt source destination  Chain ufw-track-input (1 references) target prot opt source destination  Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW  Chain ufw-user-forward (1 references) target prot opt source destination  Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */ ACCEPT all -- 192.168.1.1 anywhere ACCEPT all -- 192.168.1.0/24 anywhere  Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable  Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere  Chain ufw-user-logging-forward (0 references) target prot opt source destination  Chain ufw-user-logging-input (0 references) target prot opt source destination  Chain ufw-user-logging-output (0 references) target prot opt source destination  Chain ufw-user-output (1 references) target prot opt source destination

iptables -S

-P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -N ufw-after-forward -N ufw-after-input -N ufw-after-logging-forward -N ufw-after-logging-input -N ufw-after-logging-output -N ufw-after-output -N ufw-before-forward -N ufw-before-input -N ufw-before-logging-forward -N ufw-before-logging-input -N ufw-before-logging-output -N ufw-before-output -N ufw-logging-allow -N ufw-logging-deny -N ufw-not-local -N ufw-reject-forward -N ufw-reject-input -N ufw-reject-output -N ufw-skip-to-policy-forward -N ufw-skip-to-policy-input -N ufw-skip-to-policy-output -N ufw-track-forward -N ufw-track-input -N ufw-track-output -N ufw-user-forward -N ufw-user-input -N ufw-user-limit -N ufw-user-limit-accept -N ufw-user-logging-forward -N ufw-user-logging-input -N ufw-user-logging-output -N ufw-user-output -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A FORWARD -j ufw-track-forward -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output -A OUTPUT -j ufw-after-output -A OUTPUT -j ufw-after-logging-output -A OUTPUT -j ufw-reject-output -A OUTPUT -j ufw-track-output -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-forward -j ufw-user-forward -A ufw-before-input -i lo -j ACCEPT -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A ufw-before-input -j ufw-not-local -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT -A ufw-before-input -j ufw-user-input -A ufw-before-output -o lo -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -j ufw-user-output -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP -A ufw-skip-to-policy-forward -j DROP -A ufw-skip-to-policy-input -j DROP -A ufw-skip-to-policy-output -j ACCEPT -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -m comment --comment "\'dapp_Apache\'" -j ACCEPT -A ufw-user-input -s 192.168.1.1/32 -j ACCEPT -A ufw-user-input -s 192.168.1.0/24 -j ACCEPT -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT

Я хотел бы знать, какое правило вызывает это.

DROP all -- 192.168.1.1 anywhere

Это правило автоматически добавляется и удаляется через установленное время.

РЕДАКТИРОВАТЬ: PS AUX

root@buntubox-001:/var/www/html# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 185172 4908 ? Ss Aug24 0:31 /sbin/init root 2 0.0 0.0 0 0 ? S Aug24 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S Aug24 0:04 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S Aug24 0:51 [rcu_sched] root 8 0.0 0.0 0 0 ? S Aug24 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? S Aug24 0:00 [migration/0] root 10 0.0 0.0 0 0 ? S Aug24 0:03 [watchdog/0] root 11 0.0 0.0 0 0 ? S Aug24 0:02 [watchdog/1] root 12 0.0 0.0 0 0 ? S Aug24 0:00 [migration/1] root 13 0.0 0.0 0 0 ? S Aug24 0:02 [ksoftirqd/1] root 15 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/1:0H] root 16 0.0 0.0 0 0 ? S Aug24 0:00 [kdevtmpfs] root 17 0.0 0.0 0 0 ? S< Aug24 0:00 [netns] root 18 0.0 0.0 0 0 ? S< Aug24 0:00 [perf] root 19 0.0 0.0 0 0 ? S Aug24 0:00 [khungtaskd] root 20 0.0 0.0 0 0 ? S< Aug24 0:00 [writeback] root 21 0.0 0.0 0 0 ? SN Aug24 0:00 [ksmd] root 22 0.0 0.0 0 0 ? SN Aug24 0:04 [khugepaged] root 23 0.0 0.0 0 0 ? S< Aug24 0:00 [crypto] root 24 0.0 0.0 0 0 ? S< Aug24 0:00 [kintegrityd] root 25 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 26 0.0 0.0 0 0 ? S< Aug24 0:00 [kblockd] root 27 0.0 0.0 0 0 ? S< Aug24 0:00 [ata_sff] root 28 0.0 0.0 0 0 ? S< Aug24 0:00 [md] root 29 0.0 0.0 0 0 ? S< Aug24 0:00 [devfreq_wq] root 33 0.0 0.0 0 0 ? S Aug24 0:02 [kswapd0] root 34 0.0 0.0 0 0 ? S< Aug24 0:00 [vmstat] root 35 0.0 0.0 0 0 ? S Aug24 0:00 [fsnotify_mark] root 36 0.0 0.0 0 0 ? S Aug24 0:00 [ecryptfs-kthrea] root 52 0.0 0.0 0 0 ? S< Aug24 0:00 [kthrotld] root 53 0.0 0.0 0 0 ? S< Aug24 0:00 [acpi_thermal_pm] root 54 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 55 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 56 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 57 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 58 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 59 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 60 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 61 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 62 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_0] root 63 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_0] root 64 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_1] root 65 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_1] root 67 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_2] root 68 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_2] root 69 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_3] root 70 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_3] root 75 0.0 0.0 0 0 ? S< Aug24 0:00 [ipv6_addrconf] root 89 0.0 0.0 0 0 ? S< Aug24 0:00 [deferwq] root 90 0.0 0.0 0 0 ? S< Aug24 0:00 [charger_manager] root 92 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 132 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 133 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 134 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 135 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 136 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 137 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 138 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 139 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 141 0.0 0.0 0 0 ? S< Aug24 0:00 [kpsmoused] root 218 0.0 0.0 0 0 ? S< Aug24 0:00 [raid5wq] root 244 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush] root 245 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 254 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush] root 255 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 268 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 271 0.0 0.0 0 0 ? S< Aug24 0:02 [kworker/1:1H] root 290 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:1H] root 294 0.0 0.0 0 0 ? S Aug24 0:08 [jbd2/dm-0-8] root 295 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver] root 346 0.0 0.0 0 0 ? S Aug24 0:00 [kauditd] root 358 0.0 0.2 28992 3704 ? Ss Aug24 0:15 /lib/systemd/systemd-journald root 377 0.0 0.0 0 0 ? S< Aug24 0:00 [iscsi_eh] root 389 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_addr] root 390 0.0 0.0 102972 1276 ? Ss Aug24 0:00 /sbin/lvmetad -f root 395 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_mcast] root 396 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_nl_sa_wq] root 398 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_cm] root 399 0.0 0.0 0 0 ? S< Aug24 0:00 [iw_cm_wq] root 401 0.0 0.0 0 0 ? S< Aug24 0:00 [rdma_cm] root 426 0.0 0.2 44788 3876 ? Ss Aug24 0:03 /lib/systemd/systemd-udevd root 723 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver] systemd+ 828 0.0 0.1 100324 2140 ? Ssl Aug24 0:01 /lib/systemd/systemd-timesyncd root 919 0.0 0.2 531376 4068 ? Ssl Aug24 0:17 /usr/bin/lxcfs /var/lib/lxcfs/ root 931 0.0 0.0 4400 1172 ? Ss Aug24 0:00 /usr/sbin/acpid root 946 0.0 0.1 20104 2528 ? Ss Aug24 0:01 /lib/systemd/systemd-logind root 953 0.0 0.3 275772 5120 ? Ssl Aug24 0:15 /usr/lib/accountsservice/accounts-daemon message+ 960 0.0 0.2 42912 3380 ? Ss Aug24 0:02 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activati syslog 965 0.0 0.2 256396 3060 ? Ssl Aug24 0:05 /usr/sbin/rsyslogd -n root 967 0.0 0.1 29012 2588 ? Ss Aug24 0:02 /usr/sbin/cron -f daemon 969 0.0 0.1 26048 1972 ? Ss Aug24 0:00 /usr/sbin/atd -f root 971 0.0 0.8 303892 12544 ? S<sl Aug24 2:41 /usr/lib/snapd/snapd root 1050 0.0 0.3 65524 5516 ? Ss Aug24 0:02 /usr/sbin/sshd -D root 1066 0.0 0.0 13376 148 ? Ss Aug24 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog root 1075 0.0 0.0 5224 160 ? Ss Aug24 0:16 /sbin/iscsid root 1079 0.0 0.2 5724 3504 ? S<Ls Aug24 1:16 /sbin/iscsid mysql 1090 0.0 4.2 1312684 64324 ? Ssl Aug24 8:15 /usr/sbin/mysqld root 1173 0.0 0.0 15940 1468 tty1 Ss+ Aug24 0:00 /sbin/agetty --noclear tty1 linux root 1182 0.0 0.0 19476 244 ? Ss Aug24 0:52 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid root 1185 0.0 0.3 277184 4988 ? Ssl Aug24 0:00 /usr/lib/policykit-1/polkitd --no-debug ossecm 1214 0.0 0.1 19356 1832 ? S Aug24 0:06 /var/ossec/bin/ossec-maild root 1218 0.0 0.1 15040 1596 ? S Aug24 0:00 /var/ossec/bin/ossec-execd ossec 1232 0.0 0.2 20444 4004 ? S Aug24 0:12 /var/ossec/bin/ossec-analysisd root 1239 0.0 0.0 6648 1512 ? S Aug24 0:24 /var/ossec/bin/ossec-logcollector root 1261 0.0 0.1 8680 2816 ? S Aug24 8:18 /var/ossec/bin/ossec-syscheckd ossec 1265 0.0 0.1 15220 1752 ? S Aug24 0:01 /var/ossec/bin/ossec-monitord root 1419 0.0 0.2 65408 3496 ? Ss Aug24 0:05 /usr/lib/postfix/sbin/master postfix 1424 0.0 0.2 67644 3692 ? S Aug24 0:01 qmgr -l -t unix -u root 9954 0.0 0.0 0 0 ? S< Aug29 0:00 [xfsalloc] root 9955 0.0 0.0 0 0 ? S< Aug29 0:00 [xfs_mru_cache] root 9958 0.0 0.0 0 0 ? S Aug29 0:00 [jfsIO] root 9959 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit] root 9960 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit] root 9961 0.0 0.0 0 0 ? S Aug29 0:00 [jfsSync] www-data 10878 0.0 0.8 390800 13072 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10879 0.0 0.5 390020 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10880 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10881 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10882 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start root 14046 0.0 0.0 0 0 ? S 16:09 0:00 [kworker/0:1] root 14198 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/1:2] root 14199 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/u8:1] root 14351 0.0 0.0 0 0 ? S 17:09 0:00 [kworker/0:2] root 14464 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/1:1] root 14466 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/u8:2] postfix 14495 0.0 0.2 67476 4372 ? S 17:52 0:00 pickup -l -t unix -u -c root 14585 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/0:0] root 14586 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/u8:0] www-data 14597 0.0 0.5 390004 8392 ? S 18:11 0:00 /usr/sbin/apache2 -k start root 14598 0.1 0.3 68084 6060 ? Ss 18:11 0:00 sshd: root@pts/0 root 14600 1.0 0.2 19616 4564 pts/0 Ss 18:11 0:00 -bash root 14613 0.0 0.1 34428 2792 pts/0 R+ 18:11 0:00 ps aux root 25501 0.0 2.5 389980 38340 ? Ss Aug24 0:25 /usr/sbin/apache2 -k start

OSSEC LOG

2017/09/25 02:07:55 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 09:20:06 rootcheck: INFO: Starting rootcheck scan. 2017/09/25 09:26:35 rootcheck: INFO: Ending rootcheck scan. 2017/09/25 14:22:08 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 17:44:05 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 18:46:35 ossec-syscheckd: INFO: Starting syscheck scan. 2017/09/25 18:55:33 ossec-syscheckd: INFO: Ending syscheck scan.
0
Возникают вопросы: какой компонент (демон, ...) добавляет это правило (DROP ...) к правилам iptables? На самом деле кажется, что двоичный файл изменяет вашу конфигурацию iptables. Тогда мы не можем ответить, так как не знаем, какой двоичный файл выполняется на вашем компьютере. Пожалуйста, предоставьте вывод команды ths `ps aux`. vera 6 лет назад 0
@vera Я добавил вывод `ps aux` к своему вопросу. Смотрите отредактированный вопрос. Riz-waan 6 лет назад 0
Вы должны проверить свои журналы ossec, чтобы увидеть, есть ли у вас уведомление о добавлении правила iptables или что-то еще, связанное с вашим IP в черном списке. Если это так, проверьте также причину, по которой вы можете получить уведомление. vera 6 лет назад 0
@vera Я бы сделал это сразу после блокировки IP? Riz-waan 6 лет назад 0
Я так не думаю, журналы должны быть постоянными. Поэтому, даже если вы видите сейчас, вы, как правило, сможете видеть уведомления с их отметкой времени. vera 6 лет назад 0
@vera Есть ли конкретная команда для просмотра журнала? Riz-waan 6 лет назад 0
Вы можете использовать команду * less *. Предполагая, что ваши файлы журналов хранятся в каталоге `/ var / ossec / logs` ([cf ossec doc] (http://ossec-docs.readthedocs.io/en/latest/faq/ossec.html#where-are- ossec-s-logs-хранится)), вы можете выполнить `less / var / ossec / logs / ossec.log` vera 6 лет назад 0
@vera Извините за поздний ответ, но я отредактировал вопрос с новой информацией, которая, кажется, не регистрирует его Riz-waan 6 лет назад 0
@vera будет сторожем сделать что-нибудь подобное> Riz-waan 6 лет назад 0
Насколько я знаю, сторожевой таймер не охватывает такой аспект. Однако вы также можете проверить задания cron (`sudo crontab -l` и содержимое файлов в` / etc / cron`). vera 6 лет назад 0
@vera Я решил восстановить сервер Riz-waan 6 лет назад 0

0 ответов на вопрос

Похожие вопросы