Sorgen um fail2ban

To: debian-user-german@lists.debian.org
Subject: Sorgen um fail2ban
From: Peter Jordan <usernetwork@gmx.info>
Date: Sat, 29 Mar 2008 21:22:55 +0100
Message-id: <fsm8f1$j2b$1@ger.gmane.org>

Hallo,

ich habe heute festgestellt, dass auf einem meiner Server spätestens
seit dem 08.03.2008 22:59:01 fail2ban nicht mehr läuft.

Der letzte syslog-Eintrag von fail2ban ist folgender:

Mar  8 18:10:27 server01 2008-03-08 18:10:27,088 fail2ban.actions:
WARNING [ssh] Ban 75.144.68.112
Mar  8 18:10:28 server01 2008-03-08 18:10:28,144 fail2ban.actions:
WARNING [ssh] Unban 75.144.68.112

Die entsprechenden syslog-einträge lauten wie folgt:

Mar  8 18:09:47 server01 sshd[3414]: Did not receive identification
string from 75.144.68.112
Mar  8 18:10:24 server01 sshd[3417]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!
Mar  8 18:10:24 server01 sshd[3417]: User root from 75.144.68.112 not
allowed because not listed in AllowUsers
Mar  8 18:10:25 server01 sshd[3419]: Invalid user fluffy from 75.144.68.112
Mar  8 18:10:25 server01 sshd[3419]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!
Mar  8 18:10:26 server01 sshd[3421]: Invalid user admin from 75.144.68.112
Mar  8 18:10:26 server01 sshd[3421]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!
Mar  8 18:10:29 server01 sshd[3423]: Invalid user test from 75.144.68.112
Mar  8 18:10:30 server01 sshd[3439]: Invalid user guest from 75.144.68.112
Mar  8 18:10:30 server01 sshd[3439]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!
Mar  8 18:10:31 server01 sshd[3441]: Invalid user webmaster from
75.144.68.112
Mar  8 18:10:31 server01 sshd[3441]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!
Mar  8 18:10:32 server01 sshd[3443]: Invalid user mysql from 75.144.68.112
Mar  8 18:10:32 server01 sshd[3443]: reverse mapping checking
getaddrinfo for 75-144-68-112-michigan.hfc.comcastbusiness.net failed -
POSSIBLE BREAK-IN ATTEMPT!

usw.


Nun plagt mich folgende Sorge:
Ist fail2ban da wohl nur abgestürzt und mein System weiterhin sicher
(SSH ist auf einen user ausschließlich per pub key konfiguriert) oder
besteht die Möglichkeit, dass wirklich in den Server eingebrochen wurde?

Vielen Dank im Voraus,

PJ

Reply to:

Follow-Ups:
- Re: Sorgen um fail2ban
  - From: Heinz Diehl <htd@fancy-poultry.org>
- Sorgen um fail2ban
  - From: Christoph Schulze <chr.schu@gmx.de>
- Re: Sorgen um fail2ban
  - From: Marc Haber <mh+debian-user-german@zugschlus.de>

Prev by Date: Re: [OT] Wieso bin ich Spam?
Next by Date: Re: dist-upgrade Fehler
Previous by thread: Re: dist-upgrade Fehler
Next by thread: Re: Sorgen um fail2ban
Index(es):
- Date
- Thread