[Eisfair] bfb / journalctl: initfile[31363]: /usr/bin/in.grep: 16:04:19: No such file or directory
Rolf Bensch
azubi at bensch-net.de
Mo Mai 13 18:16:00 CEST 2024
Hallo Marcus,
es ist vermutlich hilfreicher den Trace zum gleichzeitig laufenden greplog zu haben. Es ist mir (warum auch immer) nicht gelungen das in eine Datei schreiben zu lassen. Daher hier 2 Blöcke eines einigen Laufs, einmal der Trace und weiter unten greplog und dazu abschließend noch die Ausgabe von journalctl aus dem gleichen Zeitraum mit 5 Einträgen. Es gibt auch 5x ein grep mit "-e not found". Zufall?
Grüße
Rolf
bfbtrace:
++ date '+%b %d %H:%M:%S'
+ echo May 13 18:02:18
May 13 18:02:18
+ '[' true ']'
+ cat /brute_force_blocking/atackingipsr2
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 13 17:30:02'
+ ANZAHLR=0
+ grep -a 13 17:30:02 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 13 17:45:02'
+ ANZAHLR=0
+ grep -a 13 17:45:02 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 13 17:45:52'
+ ANZAHLR=0
+ grep -a 13 17:45:52 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 13 18:00:02'
+ ANZAHLR=0
+ grep -a 13 18:00:02 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 13 18:01:06'
+ ANZAHLR=0
+ grep -a 13 18:01:06 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 192.168.0.101'
+ ANZAHLR=9
+ grep -a 192.168.0.101 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 192.168.0.211'
+ ANZAHLR=55
+ grep -a 192.168.0.211 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 38998:11'
+ ANZAHLR=0
+ grep -a 38998:11 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 39012:11'
+ ANZAHLR=0
+ grep -a 39012:11 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 39016:11'
+ ANZAHLR=0
+ grep -a 39016:11 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 39018:11'
+ ANZAHLR=0
+ grep -a 39018:11 /var/log/messages
+ grep -q Accepted
+ read IP
++ grep -a 'May 13 ' /var/log/messages
++ wc -l
++ grep 'Received disconnect from 56982:11'
+ ANZAHLR=0
+ grep -a 56982:11 /var/log/messages
+ grep -q Accepted
+ read IP
+ break
+ set +x
greplog:
May 13 18:02:18 14417 <version> /var/install/packages/apache2
May 13 18:02:18 14468 <version> /var/install/packages/apache2
May 13 18:02:18 14515 <version> /var/install/packages/apache2
May 13 18:02:18 14523 /brute_force_blocking
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 -Eq [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ /brute_force_blocking/atackingips
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 SSH-DENY
May 13 18:02:18 5719 -Eo SRC=[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 Connection closed by
May 13 18:02:18 5719 -Eo by ([a-f0-9\.]+\.+)+[a-f0-9]+|by ([a-f0-9:]+:+)+[a-f0-9]+
May 13 18:02:18 14629 -an Bad packet length /var/log/messages
May 13 18:02:18 14629 May.13.18:0
May 13 18:02:18 14640 -an Received disconnect from /var/log/messages
May 13 18:02:18 14640 May.13.18:0
May 13 18:02:18 14651 -an Unable to negotiate with /var/log/messages
May 13 18:02:18 14651 May.13.18:0
May 13 18:02:18 5719 Received disconnect from
May 13 18:02:18 5719 Received disconnect from
May 13 18:02:18 5719 -Eo [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}
May 13 18:02:18 14683 -a May 13 /var/log/messages
May 13 18:02:18 14683 Received disconnect from 13 17:30:02
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 13 17:30:02 /var/log/messages
May 13 18:02:18 14701 -a May 13 /var/log/messages
May 13 18:02:18 14701 Received disconnect from 13 17:45:02
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 13 17:45:02 /var/log/messages
May 13 18:02:18 14719 -a May 13 /var/log/messages
May 13 18:02:18 14719 Received disconnect from 13 17:45:52
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 13 17:45:52 /var/log/messages
May 13 18:02:18 14737 -a May 13 /var/log/messages
May 13 18:02:18 14737 Received disconnect from 13 18:00:02
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 13 18:00:02 /var/log/messages
May 13 18:02:18 14755 -a May 13 /var/log/messages
May 13 18:02:18 14755 Received disconnect from 13 18:01:06
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 13 18:01:06 /var/log/messages
May 13 18:02:18 14773 -a May 13 /var/log/messages
May 13 18:02:18 14773 Received disconnect from 192.168.0.101
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 192.168.0.101 /var/log/messages
May 13 18:02:18 14791 -a May 13 /var/log/messages
May 13 18:02:18 14791 Received disconnect from 192.168.0.211
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14682 -a 192.168.0.211 /var/log/messages
May 13 18:02:18 14809 -a May 13 /var/log/messages
May 13 18:02:18 14809 Received disconnect from 38998:11
May 13 18:02:18 14682 -a 38998:11 /var/log/messages
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14827 -a May 13 /var/log/messages
May 13 18:02:18 14827 Received disconnect from 39012:11
May 13 18:02:18 14682 -a 39012:11 /var/log/messages
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14845 -a May 13 /var/log/messages
May 13 18:02:18 14845 Received disconnect from 39016:11
May 13 18:02:18 14682 -a 39016:11 /var/log/messages
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14863 -a May 13 /var/log/messages
May 13 18:02:18 14863 Received disconnect from 39018:11
May 13 18:02:18 14682 -a 39018:11 /var/log/messages
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 14881 -a May 13 /var/log/messages
May 13 18:02:18 14881 Received disconnect from 56982:11
May 13 18:02:18 14682 -a 56982:11 /var/log/messages
May 13 18:02:18 14682 -q Accepted
May 13 18:02:18 5719 -Eq [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ /brute_force_blocking/atackingips
May 13 18:02:18 14950 <version> /var/install/packages/apache2
May 13 18:02:18 14962 -w 49.235.180.71
May 13 18:02:18 15008 <version> /var/install/packages/apache2
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 May.13.18:0
May 13 18:02:18 5719 Failed keyboard-interactive|Invalid user|illegal user|Failed publickey|ad password attempt|Authentication failure|ailed password|nonexistent user|kex_exchange_identification|banner exchange: Connection
May 13 18:02:18 5719 13/May/2024:18:0
May 13 18:02:18 5719 -w HTTP/...".401
May 13 18:02:18 5719 13/May/2024:18:0
May 13 18:02:18 5719 -w HTTP/...".403
May 13 18:02:18 5719 13/May/2024:18:0
May 13 18:02:18 5719 -w HTTP/...".401
May 13 18:02:18 5719 13/May/2024:18:0
May 13 18:02:19 5719 -w HTTP/...".403
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 File does not exist
May 13 18:02:19 5719 -v favicon
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 File does not exist
May 13 18:02:19 5719 -v favicon
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 -w HTTP/...".404
May 13 18:02:19 5719 -Ev app-icon-apple-touch.png|apple-touch-icon-precomposed.png|apple-touch-icon.png|apple-touch-icon_114x114.png|apple-touch-icon_120x120.png|apple-touch-icon_144x144.png|apple-touch-icon_152x152.png|apple-touch-icon_57x57.png|apple-touch-icon_72x72.png|apple-touch-icon_76x76.png|app-icon-large.png|app-icon-medium.png|app-icon-small.png|apps/theming/image/logo|half-moon-scatterplot.png|browserconfig.xml|clearpixel.gif|favicon.ico|favicon.png|ocs/v2.php/apps/text|robots.txt|site.webmanifest|sitemap.xml|site.css|style.css|fusion.css|z-app-generated--contactsinteraction--recent
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 -w .%2e/.%2e/.%2e/.%2e
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 -w HTTP/...".404
May 13 18:02:19 5719 -Ev app-icon-apple-touch.png|apple-touch-icon-precomposed.png|apple-touch-icon.png|apple-touch-icon_114x114.png|apple-touch-icon_120x120.png|apple-touch-icon_144x144.png|apple-touch-icon_152x152.png|apple-touch-icon_57x57.png|apple-touch-icon_72x72.png|apple-touch-icon_76x76.png|app-icon-large.png|app-icon-medium.png|app-icon-small.png|apps/theming/image/logo|half-moon-scatterplot.png|browserconfig.xml|clearpixel.gif|favicon.ico|favicon.png|ocs/v2.php/apps/text|robots.txt|site.webmanifest|sitemap.xml|site.css|style.css|fusion.css|z-app-generated--contactsinteraction--recent
May 13 18:02:19 5719 13/May/2024:18:0
May 13 18:02:19 5719 -w .%2e/.%2e/.%2e/.%2e
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 uthentication fail -e used wrong authentication -e not found
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 No such file or directory -e uthentication fail -e used wrong authentication -e not found
May 13 18:02:19 5719 user
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 -w HTTP/...".404
May 13 18:02:19 5719 -Ev app-icon-apple-touch.png|apple-touch-icon-precomposed.png|apple-touch-icon.png|apple-touch-icon_114x114.png|apple-touch-icon_120x120.png|apple-touch-icon_144x144.png|apple-touch-icon_152x152.png|apple-touch-icon_57x57.png|apple-touch-icon_72x72.png|apple-touch-icon_76x76.png|app-icon-large.png|app-icon-medium.png|app-icon-small.png|apps/theming/image/logo|half-moon-scatterplot.png|browserconfig.xml|clearpixel.gif|favicon.ico|favicon.png|ocs/v2.php/apps/text|robots.txt|site.webmanifest|sitemap.xml|site.css|style.css|fusion.css|z-app-generated--contactsinteraction--recent
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 -w kinsing
May 13 18:02:19 5719 -Eo ([0-9\.]+\.+)+[0-9]+|([a-f0-9:]+:+)+[a-f0-9]+
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 No such file or directory -e uthentication fail -e used wrong authentication -e not found
May 13 18:02:19 5719 user
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 -w HTTP/...".404
May 13 18:02:19 5719 -Ev app-icon-apple-touch.png|apple-touch-icon-precomposed.png|apple-touch-icon.png|apple-touch-icon_114x114.png|apple-touch-icon_120x120.png|apple-touch-icon_144x144.png|apple-touch-icon_152x152.png|apple-touch-icon_57x57.png|apple-touch-icon_72x72.png|apple-touch-icon_76x76.png|app-icon-large.png|app-icon-medium.png|app-icon-small.png|apps/theming/image/logo|half-moon-scatterplot.png|browserconfig.xml|clearpixel.gif|favicon.ico|favicon.png|ocs/v2.php/apps/text|robots.txt|site.webmanifest|sitemap.xml|site.css|style.css|fusion.css|z-app-generated--contactsinteraction--recent
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 -w kinsing
May 13 18:02:19 5719 -Eo ([0-9\.]+\.+)+[0-9]+|([a-f0-9:]+:+)+[a-f0-9]+
May 13 18:02:19 15294 May.13.18:0
May 13 18:02:19 15294 No such file or directory -e uthentication fail -e used wrong authentication -e not found
May 13 18:02:19 15294 user
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 forbidden by Options directive
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 forbidden by Options directive
May 13 18:02:19 5719 May.13.18:0
May 13 18:02:19 5719 PSCAN
May 13 18:02:19 5719 -Eq [0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}.[0-9]{1,3}$ /brute_force_blocking/atackingips
journalctl
May 13 18:02:18 eis64-2 initfile[14695]: /usr/bin/in.grep: 17:30:02: No such file or directory
May 13 18:02:18 eis64-2 initfile[14695]: /usr/bin/in.grep: write error: Broken pipe
May 13 18:02:18 eis64-2 initfile[14713]: /usr/bin/in.grep: 17:45:02: No such file or directory
May 13 18:02:18 eis64-2 initfile[14713]: /usr/bin/in.grep: write error: Broken pipe
May 13 18:02:18 eis64-2 initfile[14731]: /usr/bin/in.grep: 17:45:52: No such file or directory
May 13 18:02:18 eis64-2 initfile[14731]: /usr/bin/in.grep: write error: Broken pipe
May 13 18:02:18 eis64-2 initfile[14749]: /usr/bin/in.grep: 18:00:02: No such file or directory
May 13 18:02:18 eis64-2 initfile[14749]: /usr/bin/in.grep: write error: Broken pipe
May 13 18:02:18 eis64-2 initfile[14767]: /usr/bin/in.grep: 18:01:06: No such file or directory
May 13 18:02:18 eis64-2 initfile[14767]: /usr/bin/in.grep: write error: Broken pipe
Mehr Informationen über die Mailingliste Eisfair