Meine Ubuntu Server Firewall blockiert die IP, von der aus ich darauf zugreife

660
Riz-waan

Meine Ubuntu Server Firewall blockiert die IP, von der aus ich darauf zugreife. Hier istiptables -L

Chain INPUT (policy DROP) target prot opt source destination DROP all -- 192.168.1.1 anywhere ufw-before-logging-input all -- anywhere anywhere ufw-before-input all -- anywhere anywhere ufw-after-input all -- anywhere anywhere ufw-after-logging-input all -- anywhere anywhere ufw-reject-input all -- anywhere anywhere ufw-track-input all -- anywhere anywhere  Chain FORWARD (policy DROP) target prot opt source destination DROP all -- 192.168.1.1 anywhere ufw-before-logging-forward all -- anywhere anywhere ufw-before-forward all -- anywhere anywhere ufw-after-forward all -- anywhere anywhere ufw-after-logging-forward all -- anywhere anywhere ufw-reject-forward all -- anywhere anywhere ufw-track-forward all -- anywhere anywhere  Chain OUTPUT (policy ACCEPT) target prot opt source destination ufw-before-logging-output all -- anywhere anywhere ufw-before-output all -- anywhere anywhere ufw-after-output all -- anywhere anywhere ufw-after-logging-output all -- anywhere anywhere ufw-reject-output all -- anywhere anywhere ufw-track-output all -- anywhere anywhere  Chain ufw-after-forward (1 references) target prot opt source destination  Chain ufw-after-input (1 references) target prot opt source destination ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST  Chain ufw-after-logging-forward (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-after-logging-input (1 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-after-logging-output (1 references) target prot opt source destination  Chain ufw-after-output (1 references) target prot opt source destination  Chain ufw-before-forward (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ufw-user-forward all -- anywhere anywhere  Chain ufw-before-input (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-logging-deny all -- anywhere anywhere ctstate INVALID DROP all -- anywhere anywhere ctstate INVALID ACCEPT icmp -- anywhere anywhere icmp destination-unreachable ACCEPT icmp -- anywhere anywhere icmp source-quench ACCEPT icmp -- anywhere anywhere icmp time-exceeded ACCEPT icmp -- anywhere anywhere icmp parameter-problem ACCEPT icmp -- anywhere anywhere icmp echo-request ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc ufw-not-local all -- anywhere anywhere ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900 ufw-user-input all -- anywhere anywhere  Chain ufw-before-logging-forward (1 references) target prot opt source destination  Chain ufw-before-logging-input (1 references) target prot opt source destination  Chain ufw-before-logging-output (1 references) target prot opt source destination  Chain ufw-before-output (1 references) target prot opt source destination ACCEPT all -- anywhere anywhere ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED ufw-user-output all -- anywhere anywhere  Chain ufw-logging-allow (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "  Chain ufw-logging-deny (2 references) target prot opt source destination RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10 LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "  Chain ufw-not-local (1 references) target prot opt source destination RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10 DROP all -- anywhere anywhere  Chain ufw-reject-forward (1 references) target prot opt source destination  Chain ufw-reject-input (1 references) target prot opt source destination  Chain ufw-reject-output (1 references) target prot opt source destination  Chain ufw-skip-to-policy-forward (0 references) target prot opt source destination DROP all -- anywhere anywhere  Chain ufw-skip-to-policy-input (7 references) target prot opt source destination DROP all -- anywhere anywhere  Chain ufw-skip-to-policy-output (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere  Chain ufw-track-forward (1 references) target prot opt source destination  Chain ufw-track-input (1 references) target prot opt source destination  Chain ufw-track-output (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere ctstate NEW ACCEPT udp -- anywhere anywhere ctstate NEW  Chain ufw-user-forward (1 references) target prot opt source destination  Chain ufw-user-input (1 references) target prot opt source destination ACCEPT tcp -- anywhere anywhere tcp dpt:http ACCEPT udp -- anywhere anywhere udp dpt:http ACCEPT tcp -- anywhere anywhere tcp dpt:ssh ACCEPT udp -- anywhere anywhere udp dpt:ssh ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */ ACCEPT all -- 192.168.1.1 anywhere ACCEPT all -- 192.168.1.0/24 anywhere  Chain ufw-user-limit (0 references) target prot opt source destination LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] " REJECT all -- anywhere anywhere reject-with icmp-port-unreachable  Chain ufw-user-limit-accept (0 references) target prot opt source destination ACCEPT all -- anywhere anywhere  Chain ufw-user-logging-forward (0 references) target prot opt source destination  Chain ufw-user-logging-input (0 references) target prot opt source destination  Chain ufw-user-logging-output (0 references) target prot opt source destination  Chain ufw-user-output (1 references) target prot opt source destination 

iptables -S

-P INPUT DROP -P FORWARD DROP -P OUTPUT ACCEPT -N ufw-after-forward -N ufw-after-input -N ufw-after-logging-forward -N ufw-after-logging-input -N ufw-after-logging-output -N ufw-after-output -N ufw-before-forward -N ufw-before-input -N ufw-before-logging-forward -N ufw-before-logging-input -N ufw-before-logging-output -N ufw-before-output -N ufw-logging-allow -N ufw-logging-deny -N ufw-not-local -N ufw-reject-forward -N ufw-reject-input -N ufw-reject-output -N ufw-skip-to-policy-forward -N ufw-skip-to-policy-input -N ufw-skip-to-policy-output -N ufw-track-forward -N ufw-track-input -N ufw-track-output -N ufw-user-forward -N ufw-user-input -N ufw-user-limit -N ufw-user-limit-accept -N ufw-user-logging-forward -N ufw-user-logging-input -N ufw-user-logging-output -N ufw-user-output -A INPUT -j ufw-before-logging-input -A INPUT -j ufw-before-input -A INPUT -j ufw-after-input -A INPUT -j ufw-after-logging-input -A INPUT -j ufw-reject-input -A INPUT -j ufw-track-input -A FORWARD -j ufw-before-logging-forward -A FORWARD -j ufw-before-forward -A FORWARD -j ufw-after-forward -A FORWARD -j ufw-after-logging-forward -A FORWARD -j ufw-reject-forward -A FORWARD -j ufw-track-forward -A OUTPUT -j ufw-before-logging-output -A OUTPUT -j ufw-before-output -A OUTPUT -j ufw-after-output -A OUTPUT -j ufw-after-logging-output -A OUTPUT -j ufw-reject-output -A OUTPUT -j ufw-track-output -A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input -A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input -A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input -A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input -A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-forward -j ufw-user-forward -A ufw-before-input -i lo -j ACCEPT -A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny -A ufw-before-input -m conntrack --ctstate INVALID -j DROP -A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT -A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT -A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT -A ufw-before-input -j ufw-not-local -A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT -A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT -A ufw-before-input -j ufw-user-input -A ufw-before-output -o lo -j ACCEPT -A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT -A ufw-before-output -j ufw-user-output -A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] " -A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN -A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] " -A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN -A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN -A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN -A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny -A ufw-not-local -j DROP -A ufw-skip-to-policy-forward -j DROP -A ufw-skip-to-policy-input -j DROP -A ufw-skip-to-policy-output -j ACCEPT -A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT -A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT -A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT -A ufw-user-input -p tcp -m tcp --dport 80 -m comment --comment "\'dapp_Apache\'" -j ACCEPT -A ufw-user-input -s 192.168.1.1/32 -j ACCEPT -A ufw-user-input -s 192.168.1.0/24 -j ACCEPT -A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] " -A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable -A ufw-user-limit-accept -j ACCEPT 

Ich würde gerne wissen, welche Regel das verursacht.

DROP all -- 192.168.1.1 anywhere 

Diese Regel wird innerhalb einer bestimmten Zeit automatisch hinzugefügt und gelöscht.

BEARBEITEN: ps aux

root@buntubox-001:/var/www/html# ps aux USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND root 1 0.0 0.3 185172 4908 ? Ss Aug24 0:31 /sbin/init root 2 0.0 0.0 0 0 ? S Aug24 0:00 [kthreadd] root 3 0.0 0.0 0 0 ? S Aug24 0:04 [ksoftirqd/0] root 5 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:0H] root 7 0.0 0.0 0 0 ? S Aug24 0:51 [rcu_sched] root 8 0.0 0.0 0 0 ? S Aug24 0:00 [rcu_bh] root 9 0.0 0.0 0 0 ? S Aug24 0:00 [migration/0] root 10 0.0 0.0 0 0 ? S Aug24 0:03 [watchdog/0] root 11 0.0 0.0 0 0 ? S Aug24 0:02 [watchdog/1] root 12 0.0 0.0 0 0 ? S Aug24 0:00 [migration/1] root 13 0.0 0.0 0 0 ? S Aug24 0:02 [ksoftirqd/1] root 15 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/1:0H] root 16 0.0 0.0 0 0 ? S Aug24 0:00 [kdevtmpfs] root 17 0.0 0.0 0 0 ? S< Aug24 0:00 [netns] root 18 0.0 0.0 0 0 ? S< Aug24 0:00 [perf] root 19 0.0 0.0 0 0 ? S Aug24 0:00 [khungtaskd] root 20 0.0 0.0 0 0 ? S< Aug24 0:00 [writeback] root 21 0.0 0.0 0 0 ? SN Aug24 0:00 [ksmd] root 22 0.0 0.0 0 0 ? SN Aug24 0:04 [khugepaged] root 23 0.0 0.0 0 0 ? S< Aug24 0:00 [crypto] root 24 0.0 0.0 0 0 ? S< Aug24 0:00 [kintegrityd] root 25 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 26 0.0 0.0 0 0 ? S< Aug24 0:00 [kblockd] root 27 0.0 0.0 0 0 ? S< Aug24 0:00 [ata_sff] root 28 0.0 0.0 0 0 ? S< Aug24 0:00 [md] root 29 0.0 0.0 0 0 ? S< Aug24 0:00 [devfreq_wq] root 33 0.0 0.0 0 0 ? S Aug24 0:02 [kswapd0] root 34 0.0 0.0 0 0 ? S< Aug24 0:00 [vmstat] root 35 0.0 0.0 0 0 ? S Aug24 0:00 [fsnotify_mark] root 36 0.0 0.0 0 0 ? S Aug24 0:00 [ecryptfs-kthrea] root 52 0.0 0.0 0 0 ? S< Aug24 0:00 [kthrotld] root 53 0.0 0.0 0 0 ? S< Aug24 0:00 [acpi_thermal_pm] root 54 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 55 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 56 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 57 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 58 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 59 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 60 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 61 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 62 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_0] root 63 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_0] root 64 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_1] root 65 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_1] root 67 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_2] root 68 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_2] root 69 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_3] root 70 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_3] root 75 0.0 0.0 0 0 ? S< Aug24 0:00 [ipv6_addrconf] root 89 0.0 0.0 0 0 ? S< Aug24 0:00 [deferwq] root 90 0.0 0.0 0 0 ? S< Aug24 0:00 [charger_manager] root 92 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 132 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 133 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 134 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 135 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 136 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 137 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 138 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 139 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 141 0.0 0.0 0 0 ? S< Aug24 0:00 [kpsmoused] root 218 0.0 0.0 0 0 ? S< Aug24 0:00 [raid5wq] root 244 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush] root 245 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 254 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush] root 255 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 268 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset] root 271 0.0 0.0 0 0 ? S< Aug24 0:02 [kworker/1:1H] root 290 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:1H] root 294 0.0 0.0 0 0 ? S Aug24 0:08 [jbd2/dm-0-8] root 295 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver] root 346 0.0 0.0 0 0 ? S Aug24 0:00 [kauditd] root 358 0.0 0.2 28992 3704 ? Ss Aug24 0:15 /lib/systemd/systemd-journald root 377 0.0 0.0 0 0 ? S< Aug24 0:00 [iscsi_eh] root 389 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_addr] root 390 0.0 0.0 102972 1276 ? Ss Aug24 0:00 /sbin/lvmetad -f root 395 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_mcast] root 396 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_nl_sa_wq] root 398 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_cm] root 399 0.0 0.0 0 0 ? S< Aug24 0:00 [iw_cm_wq] root 401 0.0 0.0 0 0 ? S< Aug24 0:00 [rdma_cm] root 426 0.0 0.2 44788 3876 ? Ss Aug24 0:03 /lib/systemd/systemd-udevd root 723 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver] systemd+ 828 0.0 0.1 100324 2140 ? Ssl Aug24 0:01 /lib/systemd/systemd-timesyncd root 919 0.0 0.2 531376 4068 ? Ssl Aug24 0:17 /usr/bin/lxcfs /var/lib/lxcfs/ root 931 0.0 0.0 4400 1172 ? Ss Aug24 0:00 /usr/sbin/acpid root 946 0.0 0.1 20104 2528 ? Ss Aug24 0:01 /lib/systemd/systemd-logind root 953 0.0 0.3 275772 5120 ? Ssl Aug24 0:15 /usr/lib/accountsservice/accounts-daemon message+ 960 0.0 0.2 42912 3380 ? Ss Aug24 0:02 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activati syslog 965 0.0 0.2 256396 3060 ? Ssl Aug24 0:05 /usr/sbin/rsyslogd -n root 967 0.0 0.1 29012 2588 ? Ss Aug24 0:02 /usr/sbin/cron -f daemon 969 0.0 0.1 26048 1972 ? Ss Aug24 0:00 /usr/sbin/atd -f root 971 0.0 0.8 303892 12544 ? S<sl Aug24 2:41 /usr/lib/snapd/snapd root 1050 0.0 0.3 65524 5516 ? Ss Aug24 0:02 /usr/sbin/sshd -D root 1066 0.0 0.0 13376 148 ? Ss Aug24 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog root 1075 0.0 0.0 5224 160 ? Ss Aug24 0:16 /sbin/iscsid root 1079 0.0 0.2 5724 3504 ? S<Ls Aug24 1:16 /sbin/iscsid mysql 1090 0.0 4.2 1312684 64324 ? Ssl Aug24 8:15 /usr/sbin/mysqld root 1173 0.0 0.0 15940 1468 tty1 Ss+ Aug24 0:00 /sbin/agetty --noclear tty1 linux root 1182 0.0 0.0 19476 244 ? Ss Aug24 0:52 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid root 1185 0.0 0.3 277184 4988 ? Ssl Aug24 0:00 /usr/lib/policykit-1/polkitd --no-debug ossecm 1214 0.0 0.1 19356 1832 ? S Aug24 0:06 /var/ossec/bin/ossec-maild root 1218 0.0 0.1 15040 1596 ? S Aug24 0:00 /var/ossec/bin/ossec-execd ossec 1232 0.0 0.2 20444 4004 ? S Aug24 0:12 /var/ossec/bin/ossec-analysisd root 1239 0.0 0.0 6648 1512 ? S Aug24 0:24 /var/ossec/bin/ossec-logcollector root 1261 0.0 0.1 8680 2816 ? S Aug24 8:18 /var/ossec/bin/ossec-syscheckd ossec 1265 0.0 0.1 15220 1752 ? S Aug24 0:01 /var/ossec/bin/ossec-monitord root 1419 0.0 0.2 65408 3496 ? Ss Aug24 0:05 /usr/lib/postfix/sbin/master postfix 1424 0.0 0.2 67644 3692 ? S Aug24 0:01 qmgr -l -t unix -u root 9954 0.0 0.0 0 0 ? S< Aug29 0:00 [xfsalloc] root 9955 0.0 0.0 0 0 ? S< Aug29 0:00 [xfs_mru_cache] root 9958 0.0 0.0 0 0 ? S Aug29 0:00 [jfsIO] root 9959 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit] root 9960 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit] root 9961 0.0 0.0 0 0 ? S Aug29 0:00 [jfsSync] www-data 10878 0.0 0.8 390800 13072 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10879 0.0 0.5 390020 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10880 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10881 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start www-data 10882 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start root 14046 0.0 0.0 0 0 ? S 16:09 0:00 [kworker/0:1] root 14198 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/1:2] root 14199 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/u8:1] root 14351 0.0 0.0 0 0 ? S 17:09 0:00 [kworker/0:2] root 14464 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/1:1] root 14466 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/u8:2] postfix 14495 0.0 0.2 67476 4372 ? S 17:52 0:00 pickup -l -t unix -u -c root 14585 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/0:0] root 14586 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/u8:0] www-data 14597 0.0 0.5 390004 8392 ? S 18:11 0:00 /usr/sbin/apache2 -k start root 14598 0.1 0.3 68084 6060 ? Ss 18:11 0:00 sshd: root@pts/0 root 14600 1.0 0.2 19616 4564 pts/0 Ss 18:11 0:00 -bash root 14613 0.0 0.1 34428 2792 pts/0 R+ 18:11 0:00 ps aux root 25501 0.0 2.5 389980 38340 ? Ss Aug24 0:25 /usr/sbin/apache2 -k start 

OSSEC LOG

2017/09/25 02:07:55 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 09:20:06 rootcheck: INFO: Starting rootcheck scan. 2017/09/25 09:26:35 rootcheck: INFO: Ending rootcheck scan. 2017/09/25 14:22:08 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 17:44:05 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server) 2017/09/25 18:46:35 ossec-syscheckd: INFO: Starting syscheck scan. 2017/09/25 18:55:33 ossec-syscheckd: INFO: Ending syscheck scan. 
0
Die Frage wäre: Welche Komponente (Daemon, ...) fügt diese Regel (DROP ...) zu iptables-Regeln hinzu? In der Tat scheint es, als würde eine Binärdatei Ihre iptables-Konfiguration ändern. Dann können wir nicht antworten, da wir nicht wissen, welche Binärdatei auf Ihrem Rechner ausgeführt wird. Geben Sie die Ausgabe des Befehls "ps aux" an. vera vor 7 Jahren 0
@vera Ich habe meiner Frage die Ausgabe von 'ps aux' hinzugefügt. Siehe bearbeitete Frage. Riz-waan vor 7 Jahren 0
Sie sollten Ihre ossec-Protokolle überprüfen, um zu sehen, ob es eine Benachrichtigung über das Hinzufügen von iptables-Regeln gibt oder etwas anderes in Bezug auf Ihre IP-Adresse auf der schwarzen Liste. Wenn ja, überprüfen Sie auch den Grund, warum Sie benachrichtigt werden können. vera vor 7 Jahren 0
@vera Hätte ich es direkt nach dem Blockieren einer IP? Riz-waan vor 7 Jahren 0
Ich glaube nicht, Protokolle sollten beständig sein. Selbst wenn Sie jetzt sehen, können Sie normalerweise Benachrichtigungen mit ihrem Zeitstempel sehen. vera vor 7 Jahren 0
@vera Gibt es einen bestimmten Befehl, um das Protokoll anzuzeigen? Riz-waan vor 7 Jahren 0
Sie können den Befehl * less * verwenden. Angenommen, Ihre Protokolldateien werden im Verzeichnis `/ var / ossec / logs 'gespeichert ([cf ossec doc] (http://ossec-docs.readthedocs.io/de/latest/faq/ossec.html#where-are-are- ossec-s-logs-gespeichert)), können Sie "less / var / ossec / logs / ossec.log" ausführen vera vor 7 Jahren 0
@vera Entschuldigung für die späte Antwort, aber ich habe die Frage mit neuen Informationen bearbeitet, das scheint sie nicht zu protokollieren Riz-waan vor 7 Jahren 0
@vera Würde Watchdog so etwas tun> Riz-waan vor 6 Jahren 0
Soweit ich weiß, behandelt Watchdog diesen Aspekt nicht. Sie können jedoch auch Cron-Jobs prüfen (`sudo crontab -l` und den Inhalt der Dateien in` / etc / cron.`). vera vor 6 Jahren 0
@vera Ich habe mich entschlossen, den Server neu aufzubauen Riz-waan vor 6 Jahren 0

0 Antworten auf die Frage