Setting timezone to Europe/Oslo...
Setting SSMTP configuration...
Initializing files and folders...
Setting Fail2ban configuration...
Checking for custom actions in /data/action.d...
Checking for custom filters in /data/filter.d...
Add custom filter sshd.local...
2020-10-29 18:53:44,378 fail2ban.configreader [1]: INFO Loading configs for fail2ban under /etc/fail2ban
2020-10-29 18:53:44,385 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-10-29 18:53:44,388 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/fail2ban.conf']
2020-10-29 18:53:44,395 fail2ban [1]: INFO Using socket file /var/run/fail2ban/fail2ban.sock
2020-10-29 18:53:44,396 fail2ban [1]: INFO Using pid file /var/run/fail2ban/fail2ban.pid, [DEBUG] logging to STDOUT
2020-10-29 18:53:44,407 fail2ban.configreader [1]: INFO Loading configs for jail under /etc/fail2ban
2020-10-29 18:53:44,409 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.conf']
2020-10-29 18:53:44,460 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-debian.conf']
2020-10-29 18:53:44,469 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf']
2020-10-29 18:53:44,473 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-overrides.local']
2020-10-29 18:53:44,490 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/jail.d/sshd.local']
2020-10-29 18:53:44,500 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/paths-common.conf', '/etc/fail2ban/paths-debian.conf', '/etc/fail2ban/jail.conf', '/etc/fail2ban/jail.d/jail.local', '/etc/fail2ban/jail.d/sshd.local']
2020-10-29 18:53:44,504 fail2ban.configreader [1]: INFO Loading configs for filter.d/sshd under /etc/fail2ban
2020-10-29 18:53:44,512 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.conf']
2020-10-29 18:53:44,518 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf']
2020-10-29 18:53:44,523 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.local']
2020-10-29 18:53:44,524 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/sshd.local']
2020-10-29 18:53:44,525 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/filter.d/common.conf', '/etc/fail2ban/filter.d/sshd.conf', '/etc/fail2ban/filter.d/sshd.local']
2020-10-29 18:53:44,558 fail2ban.configreader [1]: INFO Loading configs for action.d/iptables-allports under /etc/fail2ban
2020-10-29 18:53:44,560 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-allports.conf']
2020-10-29 18:53:44,565 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf']
2020-10-29 18:53:44,569 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-blocktype.local']
2020-10-29 18:53:44,570 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.local']
2020-10-29 18:53:44,571 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/iptables-common.conf', '/etc/fail2ban/action.d/iptables-allports.conf']
2020-10-29 18:53:44,576 fail2ban.configreader [1]: INFO Loading configs for action.d/sendmail-whois-lines under /etc/fail2ban
2020-10-29 18:53:44,578 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-whois-lines.conf']
2020-10-29 18:53:44,582 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.conf']
2020-10-29 18:53:44,585 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.local']
2020-10-29 18:53:44,587 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/mail-whois-common.conf']
2020-10-29 18:53:44,589 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/mail-whois-common.local']
2020-10-29 18:53:44,595 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/helpers-common.conf']
2020-10-29 18:53:44,597 fail2ban.configparserin [1]: INFO Loading files: ['/etc/fail2ban/action.d/sendmail-common.conf', '/etc/fail2ban/action.d/mail-whois-common.conf', '/etc/fail2ban/action.d/helpers-common.conf', '/etc/fail2ban/action.d/sendmail-whois-lines.conf']
2020-10-29 18:53:44,758 fail2ban.server [1]: INFO --------------------------------------------------
2020-10-29 18:53:44,759 fail2ban.server [1]: INFO Starting Fail2ban v0.11.1
2020-10-29 18:53:44,760 fail2ban.server [1]: DEBUG Creating PID file /var/run/fail2ban/fail2ban.pid
2020-10-29 18:53:44,763 fail2ban.observer [1]: INFO Observer start...
2020-10-29 18:53:44,767 fail2ban.server [1]: DEBUG Starting communication
2020-10-29 18:53:44,783 fail2ban.database [1]: INFO Connected to fail2ban persistent database '/data/db/fail2ban.sqlite3'
2020-10-29 18:53:44,786 fail2ban.jail [1]: INFO Creating new jail 'sshd'
2020-10-29 18:53:44,818 fail2ban.jail [1]: INFO Jail 'sshd' uses pyinotify {}
2020-10-29 18:53:44,819 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,819 fail2ban.filter [1]: DEBUG Created FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,822 fail2ban.filterpyinotif [1]: DEBUG Created FilterPyinotify
2020-10-29 18:53:44,822 fail2ban.jail [1]: INFO Initiated 'pyinotify' backend
2020-10-29 18:53:44,824 fail2ban.filter [1]: DEBUG Setting usedns = warn for FilterPyinotify(Jail('sshd'))
2020-10-29 18:53:44,824 fail2ban.server [1]: DEBUG prefregex: '^<F-MLFID>(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?</F-MLFID>(?:(?:error|fatal): (?:PAM: )?)?<F-CONTENT>.+</F-CONTENT>$'
2020-10-29 18:53:44,831 fail2ban.filter [1]: INFO maxLines: 1
2020-10-29 18:53:44,832 fail2ban.server [1]: DEBUG failregex: '^[aA]uthentication (?:failure|error|failed) for <F-USER>.*</F-USER> from <HOST>( via \\S+)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,838 fail2ban.server [1]: DEBUG failregex: '^User not known to the underlying authentication module for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,843 fail2ban.server [1]: DEBUG failregex: '^Failed publickey for invalid user <F-USER>(?P<cond_user>\\S+)|(?:(?! from ).)*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-10-29 18:53:44,849 fail2ban.server [1]: DEBUG failregex: '^Failed \\b(?!publickey)\\S+ for (?P<cond_inv>invalid user )?<F-USER>(?P<cond_user>\\S+)|(?(cond_inv)(?:(?! from ).)*?|[^:]+)</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?(cond_user): |(?:(?:(?! from ).)*)$)'
2020-10-29 18:53:44,857 fail2ban.server [1]: DEBUG failregex: '^<F-USER>ROOT</F-USER> LOGIN REFUSED FROM <HOST>'
2020-10-29 18:53:44,861 fail2ban.server [1]: DEBUG failregex: '^[iI](?:llegal|nvalid) user <F-USER>.*?</F-USER> from <HOST>(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,867 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not listed in AllowUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,872 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because listed in DenyUsers(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,878 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because not in any group(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,884 fail2ban.server [1]: DEBUG failregex: '^refused connect from \\S+ \\(<HOST>\\)'
2020-10-29 18:53:44,888 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*3: .*: Auth fail(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,894 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> from <HOST> not allowed because a group is listed in DenyGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,900 fail2ban.server [1]: DEBUG failregex: "^User <F-USER>.+</F-USER> from <HOST> not allowed because none of user's groups are listed in AllowGroups(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$"
2020-10-29 18:53:44,907 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>pam_[a-z]+\\(sshd:auth\\):\\s+authentication failure;</F-NOFAIL>(?:\\s+(?:(?:logname|e?uid|tty)=\\S*)){0,4}\\s+ruser=<F-ALT_USER>\\S*</F-ALT_USER>\\s+rhost=<HOST>(?:\\s+user=<F-USER>\\S*</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,915 fail2ban.server [1]: DEBUG failregex: '^(error: )?maximum authentication attempts exceeded for <F-USER>.*</F-USER> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}(?: ssh\\d*)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,923 fail2ban.server [1]: DEBUG failregex: '^User <F-USER>.+</F-USER> not allowed because account is locked(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*'
2020-10-29 18:53:44,926 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>(?: from)?(?: (?:invalid|authenticating)) user <F-USER>\\S+</F-USER> <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*Change of username or service not allowed:\\s*.*\\[preauth\\]\\s*$'
2020-10-29 18:53:44,933 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>Disconnecting</F-MLFFORGET>: Too many authentication failures(?: for <F-USER>.+?</F-USER>)?(?: (?:port \\d+|on \\S+|\\[preauth\\])){0,3}\\s*$'
2020-10-29 18:53:44,937 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Received <F-MLFFORGET>disconnect</F-MLFFORGET></F-NOFAIL> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*11:'
2020-10-29 18:53:44,942 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET>(Connection closed|Disconnected)</F-MLFFORGET> (?:by|from)(?: (?:invalid|authenticating) user <F-USER>\\S+|.+?</F-USER>)? <HOST>(?: (?:port \\d+|on \\S+)){0,2}\\s+\\[preauth\\]\\s*$'
2020-10-29 18:53:44,949 fail2ban.server [1]: DEBUG failregex: '^<F-MLFFORGET><F-MLFGAINED>Accepted \\w+</F-MLFGAINED></F-MLFFORGET> for <F-USER>\\S+</F-USER> from <HOST>(?:\\s|$)'
2020-10-29 18:53:44,955 fail2ban.server [1]: DEBUG failregex: '^Did not receive identification string from <HOST>'
2020-10-29 18:53:44,971 fail2ban.server [1]: DEBUG failregex: "^Bad protocol version identification '.*' from <HOST>"
2020-10-29 18:53:44,976 fail2ban.server [1]: DEBUG failregex: '^Connection <F-MLFFORGET>reset</F-MLFFORGET> by <HOST>'
2020-10-29 18:53:44,980 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>SSH: Server;Ltype:</F-NOFAIL> (?:Authname|Version|Kex);Remote: <HOST>-\\d+;[A-Z]\\w+:'
2020-10-29 18:53:44,991 fail2ban.server [1]: DEBUG failregex: '^Read from socket failed: Connection <F-MLFFORGET>reset</F-MLFFORGET> by peer'
2020-10-29 18:53:44,992 fail2ban.server [1]: DEBUG failregex: '^Received <F-MLFFORGET>disconnect</F-MLFFORGET> from <HOST>(?: (?:port \\d+|on \\S+)){0,2}:\\s*14: No supported authentication methods available'
2020-10-29 18:53:45,003 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate with <HOST>(?: (?:port \\d+|on \\S+)){0,2}: no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found.'
2020-10-29 18:53:45,008 fail2ban.server [1]: DEBUG failregex: '^Unable to negotiate a (?:(?:\\w+ (?!found\\b)){0,2}\\w+)'
2020-10-29 18:53:45,010 fail2ban.server [1]: DEBUG failregex: '^no matching (?:(?:\\w+ (?!found\\b)){0,2}\\w+) found:'
2020-10-29 18:53:45,012 fail2ban.server [1]: DEBUG failregex: '^<F-NOFAIL>Connection from</F-NOFAIL> <HOST>'
2020-10-29 18:53:45,016 fail2ban.server [1]: DEBUG failregex: '^(?:\\[\\])?\\s*(?:<[^.]+\\.[^.]+>\\s+)?(?:\\S+\\s+)?(?:kernel:\\s?\\[ *\\d+\\.\\d+\\]:?\\s+)?(?:@vserver_\\S+\\s+)?(?:(?:(?:\\[\\d+\\])?:\\s+[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?|[\\[\\(]?sshd(?:\\(\\S+\\))?[\\]\\)]?:?(?:\\[\\d+\\])?:?)\\s+)?(?:\\[ID \\d+ \\S+\\]\\s+)?Connection closed by authenticating user <F-USER>.+</F-USER> <HOST> port \\d+ [preauth]$'
2020-10-29 18:53:45,049 fail2ban.filter [1]: INFO maxRetry: 3
2020-10-29 18:53:45,050 fail2ban.filter [1]: INFO findtime: 3600
2020-10-29 18:53:45,051 fail2ban.actions [1]: INFO banTime: 3600
2020-10-29 18:53:45,051 fail2ban.jail [1]: INFO Set banTime.increment = True
2020-10-29 18:53:45,052 fail2ban.jail [1]: INFO Set banTime.factor = 1
2020-10-29 18:53:45,052 fail2ban.jail [1]: INFO Set banTime.maxtime = 4w
2020-10-29 18:53:45,053 fail2ban.jail [1]: INFO Set banTime.rndtime = 38
2020-10-29 18:53:45,055 fail2ban.filter [1]: DEBUG Add '127.0.0.0/8' to ignore list ('127.0.0.1/8')
2020-10-29 18:53:45,055 fail2ban.filter [1]: DEBUG Add '::1' to ignore list ('::1')
2020-10-29 18:53:45,056 fail2ban.filter [1]: DEBUG Add '10.2.0.0/24' to ignore list ('10.2.0.1/24')
2020-10-29 18:53:45,056 fail2ban.filter [1]: DEBUG Add '10.0.0.0/24' to ignore list ('10.0.0.1/24')
2020-10-29 18:53:45,057 fail2ban.filter [1]: INFO encoding: UTF-8
2020-10-29 18:53:45,058 fail2ban.filter [1]: INFO Added logfile: '/var/log/auth.log' (pos = 303192, hash = ccd6530adb8309f16718f1b271d3c1c104b3da5e)
2020-10-29 18:53:45,059 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=1 path=/var/log mask=1073745280 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0xb60265c8> dir=True >
2020-10-29 18:53:45,060 fail2ban.filterpyinotif [1]: DEBUG Added monitor for the parent directory /var/log
2020-10-29 18:53:45,061 fail2ban.filterpyinotif [1]: DEBUG New <Watch wd=2 path=/var/log/auth.log mask=2 proc_fun=None auto_add=False exclude_filter=<function WatchManager.<lambda> at 0xb60265c8> dir=False >
2020-10-29 18:53:45,062 fail2ban.filterpyinotif [1]: DEBUG Added file watcher for /var/log/auth.log
2020-10-29 18:53:45,062 fail2ban.filter [1]: DEBUG Seek to find time 1603990425.062525 (2020-10-29 17:53:45), file size 303516
2020-10-29 18:53:45,076 fail2ban.filter [1]: DEBUG Position 303192 from 303516, found time 1603994017.0 (2020-10-29 18:53:37) within 1 seeks
2020-10-29 18:53:45,077 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2020-10-29 18:53:45,077 fail2ban.CommandAction [1]: DEBUG Set actionstart = '<iptables> -N f2b-sshd\n<iptables> -A f2b-sshd -j RETURN\n<iptables> -I INPUT -p tcp -j f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionstop = '<iptables> -D INPUT -p tcp -j f2b-sshd\n<iptables> -F f2b-sshd\n<iptables> -X f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionflush = '<iptables> -F f2b-sshd'
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actioncheck = "<iptables> -n -L INPUT | grep -q 'f2b-sshd[ \\t]'"
2020-10-29 18:53:45,078 fail2ban.CommandAction [1]: DEBUG Set actionban = '<iptables> -I f2b-sshd 1 -s <ip> -j <blocktype>'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set actionunban = '<iptables> -D f2b-sshd -s <ip> -j <blocktype>'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set port = '55821'
2020-10-29 18:53:45,079 fail2ban.CommandAction [1]: DEBUG Set protocol = 'tcp'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set actname = 'iptables-allports'
2020-10-29 18:53:45,080 fail2ban.CommandAction [1]: DEBUG Set blocktype = 'REJECT --reject-with icmp-port-unreachable'
2020-10-29 18:53:45,081 fail2ban.CommandAction [1]: DEBUG Set returntype = 'RETURN'
2020-10-29 18:53:45,081 fail2ban.CommandAction [1]: DEBUG Set lockingopt = '-w'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set iptables = 'iptables <lockingopt>'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set blocktype?family=inet6 = 'REJECT --reject-with icmp6-port-unreachable'
2020-10-29 18:53:45,082 fail2ban.CommandAction [1]: DEBUG Set iptables?family=inet6 = 'ip6tables <lockingopt>'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Created <class 'fail2ban.server.action.CommandAction'>
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actionstart = 'printf %b "Subject: [Fail2Ban] sshd: started on Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe jail sshd has been started successfully.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actionstop = 'printf %b "Subject: [Fail2Ban] sshd: stopped on Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe jail sshd has been stopped.\\n\nRegards,\\n\nFail2Ban" | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,085 fail2ban.CommandAction [1]: DEBUG Set actioncheck = ''
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set actionban = '( printf %b "Subject: [Fail2Ban] sshd: banned <ip> from Schklom\nDate: `LC_ALL=C date +"%a, %d %h %Y %T %z"`\nFrom: Fail2Ban Schklom <root@Schklom>\nTo: [email protected]\\n\nHi,\\n\nThe IP <ip> has just been banned by Fail2Ban after\n<failures> attempts against sshd.\\n\\n\nHere is more information about <ip> :\\n"\nwhois <ip> || echo "missing whois program";\nprintf %b "\\nLines containing failures of <ip> (max 1000)\\n";\nlogpath="/var/log/auth.log"; grep -m 1000 -wF "<ip>" $logpath | tail -n 1000;\nprintf %b "\\n\nRegards,\\n\nFail2Ban" ) | /usr/sbin/sendmail -f "root@Schklom" "[email protected]"'
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set actionunban = ''
2020-10-29 18:53:45,086 fail2ban.CommandAction [1]: DEBUG Set norestored = True
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set name = 'sshd'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set sender = 'root@<fq-hostname>'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set sendername = 'Fail2Ban Schklom'
2020-10-29 18:53:45,087 fail2ban.CommandAction [1]: DEBUG Set fq-hostname = 'Schklom'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set dest = '[email protected]'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set logpath = '/var/log/auth.log'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set chain = 'INPUT'
2020-10-29 18:53:45,088 fail2ban.CommandAction [1]: DEBUG Set actname = 'sendmail-whois-lines'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set mailcmd = '/usr/sbin/sendmail -f "<sender>" "<dest>"'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set greplimit = 'tail -n <grepmax>'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set grepmax = '1000'
2020-10-29 18:53:45,089 fail2ban.CommandAction [1]: DEBUG Set grepopts = '-m <grepmax>'
2020-10-29 18:53:45,090 fail2ban.jail [1]: DEBUG Starting jail 'sshd'
2020-10-29 18:53:45,099 fail2ban.filterpyinotif [1]: DEBUG [sshd] filter started (pyinotifier)
2020-10-29 18:53:45,135 fail2ban.jail [1]: INFO Jail 'sshd' started
2020-10-29 18:53:45,148 fail2ban.transmitter [1]: DEBUG Status: ready
Server ready
2020-10-29 18:53:46,655 fail2ban.utils [1]: DEBUG b6034160 -- returned successfully 0
2020-10-29 18:53:52,278 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,279 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 18:53:52,284 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,285 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 18:53:52,418 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 18:53:52,418 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 19:01:01,319 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 19:01:01,320 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >
2020-10-29 19:01:01,366 fail2ban.ipdns [1]: WARNING Unable to find a corresponding IP address for authenticating: [Errno -2] Name does not resolve
2020-10-29 19:01:02,405 fail2ban.filterpyinotif [1]: DEBUG Event queue size: 16
2020-10-29 19:01:02,405 fail2ban.filterpyinotif [1]: DEBUG <_RawEvent cookie=0 mask=0x2 name='' wd=2 >