21-06-08 [root@falcon bin] 12:52:44 # ./00_RHEL8_Initial_Install running this script assumes networking is already set up Press [Enter] key to continue... Clean out old subscription-manager settings? n Run subscription-manager register? y subscription-manager register --org=UBCITServices --activationkey=RHEL8 The system has been registered with ID: b68dd0b2-9baf-43b4-ba4f-d2b6a531060e The registered system name is: falcon Installed Product Current Status: Product Name: Red Hat Enterprise Linux for x86_64 Status: Subscribed subscription-manager repos --disable=satellite-tools-6.6-for-rhel-8-x86_64-rpms Error: 'satellite-tools-6.6-for-rhel-8-x86_64-rpms' does not match a valid repository ID. Use "subscription-manager repos --list" to see valid repositories. subscription-manager repos --enable rhel-8-server-optional-rpms Error: 'rhel-8-server-optional-rpms' does not match a valid repository ID. Use "subscription-manager repos --list" to see valid repositories. subscription-manager repos --list-enabled +----------------------------------------------------------+ Available Repositories in /etc/yum.repos.d/redhat.repo +----------------------------------------------------------+ Repo ID: rhel-8-for-x86_64-appstream-rpms Repo Name: Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) Repo URL: https://satellite6.it.ubc.ca/pulp/repos/UBCITServices/Library/RHEL-8/content/dist/rhel8/$releasever/x86_64/appstr eam/os Enabled: 1 Repo ID: rhel-8-for-x86_64-baseos-rpms Repo Name: Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) Repo URL: https://satellite6.it.ubc.ca/pulp/repos/UBCITServices/Library/RHEL-8/content/dist/rhel8/$releasever/x86_64/baseos /os Enabled: 1 Repo ID: satellite-tools-6.8-for-rhel-8-x86_64-rpms Repo Name: Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) Repo URL: https://satellite6.it.ubc.ca/pulp/repos/UBCITServices/Library/RHEL-8/content/dist/layered/rhel8/x86_64/sat-tools/ 6.8/os Enabled: 1 Will now update, Press any key to continue... which vim... /usr/bin/vim Install vim? n edit /root/.vimrc to not show line numbers by default diff /root/.vimrc /root/.vimrc.orig #1,2c1 #< " set number #< " set nonumber Press any key to resume ... diff /root/.vimrc /root/.vimrc.orig 1c1 < set nonumber --- > set number setup firewalld? y firewall-cmd --state running firewall-cmd --get-default-zone public firewall-cmd --get-active-zones public interfaces: ens192 firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: Warning: ALREADY_ENABLED: ssh success Find and list the actual LogDenied settings firewall-cmd --get-log-denied off Change the actual LogDenie settings firewall-cmd --set-log-denied=all success Verify it: firewall-cmd --get-log-denied all firewall-cmd reload.. success install rsync and rsync-daemon? y ======================================================================================= 21-06-28 # vim firewalld-dropped.conf # cat /etc/rsyslog.d/firewalld-dropped.conf :msg,contains,"_DROP" /var/log/firewalld.log :msg,contains,"_REJECT" /var/log/firewalld.log & stop # systemctl restart rsyslog.service # diff firewalld.conf firewalld.conf.old 41c41 < LogDenied=all --- > LogDenied=off 75c75 < AllowZoneDrifting=no --- > AllowZoneDrifting=yes 10:23:22 up 20 days, 17:44, 1 user, load average: 0.00, 0.00, 0.00 ======================================================================================= 21-07-16 # dnf install inxi Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 27 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 23 kB/s | 2.4 kB 00:00 Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) 19 kB/s | 2.1 kB 00:00 Error: Problem: conflicting requests - nothing provides perl(JSON::XS) needed by inxi-3.3.03-1.el8.noarch (try to add '--skip-broken' to skip uninstallable packages or '--nobest' to use not only best candidate packages) # dnf install perl Nothing to do. # which perl /usr/bin/perl # dnf search perl | grep -i jason Last metadata expiration check: 0:00:30 ago on Fri 16 Jul 2021 10:17:31 AM PDT. # dnf repolist Updating Subscription Management repositories. repo id repo name epel Extra Packages for Enterprise Linux 8 - x86_64 epel-modular Extra Packages for Enterprise Linux Modular 8 - x86_64 rhel-8-for-x86_64-appstream-rpms Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) rhel-8-for-x86_64-baseos-rpms Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) satellite-tools-6.8-for-rhel-8-x86_64-rpms Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) [root@falcon-EduCld-RH8 ~] 11:02:33 # dnf repoquery --whatprovides "perl(JSON::XS)" Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 26 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 23 kB/s | 2.4 kB 00:00 Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) 20 kB/s | 2.1 kB 00:00 # subscription-manager repos --enable codeready-builder-for-rhel-8-x86_64-rpms Repository 'codeready-builder-for-rhel-8-x86_64-rpms' is enabled for this system. # dnf repoquery --whatprovides "perl(JSON::XS)" Updating Subscription Management repositories. Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 26 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 22 kB/s | 2.4 kB 00:00 Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) 15 kB/s | 2.1 kB 00:00 Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs) 10 MB/s | 5.4 MB 00:00 perl-JSON-XS-1:3.04-3.el8.x86_64 # dnf install -y inxi Installed: freeipmi-1.6.6-1.el8.x86_64 hddtemp-0.3-0.43.beta15.el8.x86_64 inxi-3.3.03-1.el8.noarch ipmitool-1.8.18-17.el8.x86_64 libICE-1.0.9-15.el8.x86_64 libSM-1.2.3-1.el8.x86_64 libX11-1.6.8-4.el8.x86_64 libX11-common-1.6.8-4.el8.noarch libX11-xcb-1.6.8-4.el8.x86_64 libXau-1.0.9-3.el8.x86_64 libXcomposite-0.4.4-14.el8.x86_64 libXcursor-1.1.15-3.el8.x86_64 libXext-1.3.4-1.el8.x86_64 libXfixes-5.0.3-7.el8.x86_64 libXi-1.7.10-1.el8.x86_64 libXinerama-1.1.4-1.el8.x86_64 libXmu-1.1.3-1.el8.x86_64 libXrandr-1.5.2-1.el8.x86_64 libXrender-0.9.10-7.el8.x86_64 libXt-1.1.5-12.el8.x86_64 libXtst-1.2.3-7.el8.x86_64 libXv-1.0.11-7.el8.x86_64 libXxf86dga-1.1.5-1.el8.x86_64 libXxf86misc-1.0.4-1.el8.x86_64 libXxf86vm-1.1.4-9.el8.x86_64 libdmx-1.1.4-3.el8.x86_64 libmcpp-2.7.2-20.el8.x86_64 libxcb-1.13.1-1.el8.x86_64 lm_sensors-3.4.0-22.20180522git70f7e08.el8.x86_64 lm_sensors-libs-3.4.0-22.20180522git70f7e08.el8.x86_64 mcpp-2.7.2-20.el8.x86_64 perl-Cpanel-JSON-XS-4.14-1.el8.x86_64 perl-JSON-XS-1:3.04-3.el8.x86_64 perl-Types-Serialiser-1.0-12.el8.noarch perl-XML-Dumper-0.81-35.el8.noarch perl-XML-Parser-2.44-11.el8.x86_64 perl-common-sense-3.7.4-8.el8.x86_64 usbutils-010-3.el8.x86_64 wmctrl-1.07-27.el8.x86_64 xorg-x11-server-utils-7.7-27.el8.x86_64 xorg-x11-utils-7.5-28.el8.x86_64 add disk [root@falcon-EduCld-RH8 ~] 11:14:34 # inxi -d Drives: Local Storage: total: 33 GiB used: 3.87 GiB (11.7%) ID-1: /dev/sda model: Virtual disk size: 1024 MiB ID-2: /dev/sdb model: Virtual disk size: 32 GiB Optical-1: /dev/sr0 vendor: NECVMWar model: VMware IDE CDR00 dev-links: cdrom Features: speed: 1 multisession: yes audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram - add disk in vCoudDirector # inxi -d Drives: Local Storage: total: 97 GiB used: 3.87 GiB (4.0%) ID-1: /dev/sda model: Virtual disk size: 1024 MiB ID-2: /dev/sdb model: Virtual disk size: 32 GiB ID-3: /dev/sdc model: Virtual disk size: 64 GiB Optical-1: /dev/sr0 vendor: NECVMWar model: VMware IDE CDR00 dev-links: cdrom Features: speed: 1 multisession: yes audio: yes dvd: yes rw: cd-r,cd-rw,dvd-r,dvd-ram # fdisk -l | grep sd Disk /dev/sda: 1 GiB, 1073741824 bytes, 2097152 sectors /dev/sda1 * 2048 2097151 2095104 1023M 83 Linux Disk /dev/sdb: 32 GiB, 34359738368 bytes, 67108864 sectors Disk /dev/sdc: 64 GiB, 68719476736 bytes, 134217728 sectors [root@falcon-EduCld-RH8 ~] 11:55:16 # pvs PV VG Fmt Attr PSize PFree /dev/sdb VGroot lvm2 a-- <32.00g 0 [root@falcon-EduCld-RH8 ~] 11:55:31 # fdisk /dev/sdc Welcome to fdisk (util-linux 2.32.1). Changes will remain in memory only, until you decide to write them. Be careful before using the write command. Device does not contain a recognized partition table. Created a new DOS disklabel with disk identifier 0xa25d543d. Command (m for help): p Disk /dev/sdc: 64 GiB, 68719476736 bytes, 134217728 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xa25d543d Command (m for help): n Partition type p primary (0 primary, 0 extended, 4 free) e extended (container for logical partitions) Select (default p): p Partition number (1-4, default 1): First sector (2048-134217727, default 2048): Last sector, +sectors or +size{K,M,G,T,P} (2048-134217727, default 134217727): Created a new partition 1 of type 'Linux' and of size 64 GiB. Command (m for help): p Disk /dev/sdc: 64 GiB, 68719476736 bytes, 134217728 sectors Units: sectors of 1 * 512 = 512 bytes Sector size (logical/physical): 512 bytes / 512 bytes I/O size (minimum/optimal): 512 bytes / 512 bytes Disklabel type: dos Disk identifier: 0xa25d543d Device Boot Start End Sectors Size Id Type /dev/sdc1 2048 134217727 134215680 64G 83 Linux Command (m for help): t Selected partition 1 Hex code (type L to list all codes): 8e Changed type of partition 'Linux' to 'Linux LVM'. Command (m for help): w The partition table has been altered. Calling ioctl() to re-read partition table. Syncing disks. # mkdir /ahome # mount /ahome mount: /ahome: bad option; for several filesystems (e.g. nfs, cifs) you might need a /sbin/mount. helper program. # dnf install nfs-utils Installed: gssproxy-0.8.0-19.el8.x86_64 keyutils-1.5.10-6.el8.x86_64 libverto-libevent-0.3.0-5.el8.x86_64 nfs-utils-1:2.3.3-41.el8.x86_64 python3-pyyaml-3.12-12.el8.x86_64 quota-1:4.04-12.el8.x86_64 quota-nls-1:4.04-12.el8.noarch rpcbind-1.2.5-8.el8.x86_64 ======================================================================================= 21-08-04 # dnf install iptables-services Installed: iptables-services-1.8.4-17.el8.x86_64 # systemctl enable iptables Created symlink /etc/systemd/system/multi-user.target.wants/iptables.service → /usr/lib/systemd/system/iptables.service. # firewall-cmd --list-all public (active) target: default icmp-block-inversion: no interfaces: ens192 sources: services: ssh ports: protocols: masquerade: no forward-ports: source-ports: icmp-blocks: rich rules: rule family="ipv4" source address="142.103.51.4" port port="873" protocol="tcp" accept rule family="ipv4" source address="142.103.236.6" port port="873" protocol="tcp" accept rule family="ipv4" source address="142.103.236.30" port port="873" protocol="tcp" accept # systemctl stop firewalld # systemctl mask firewalld Created symlink /etc/systemd/system/firewalld.service → /dev/null. # vim /etc/sysconfig/iptables # vim /etc/rsyslog.conf # touch /var/log/iptables.log # vim /etc/rsyslog.d/iptables.conf # systemctl status rsyslog ● rsyslog.service - System Logging Service Loaded: loaded (/usr/lib/systemd/system/rsyslog.service; enabled; vendor preset: enabled) Active: active (running) since Thu 2021-07-15 15:52:10 PDT; 2 weeks 5 days ago Docs: man:rsyslogd(8) https://www.rsyslog.com/doc/ Main PID: 276617 (rsyslogd) Tasks: 3 (limit: 4800) Memory: 3.2M CGroup: /system.slice/rsyslog.service └─276617 /usr/sbin/rsyslogd -n Jul 22 11:23:57 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Jul 24 08:59:01 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Jul 25 03:12:20 falcon.phas.ubc.ca rsyslogd[276617]: [origin software="rsyslogd" swVersion="8.1911.0-7.el8_4.2" x-pid="276617" x-in> Jul 26 08:45:53 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Jul 28 05:47:22 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Jul 30 02:26:01 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Jul 31 15:32:34 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Aug 01 03:24:31 falcon.phas.ubc.ca rsyslogd[276617]: [origin software="rsyslogd" swVersion="8.1911.0-7.el8_4.2" x-pid="276617" x-in> Aug 02 13:34:59 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> Aug 04 11:52:45 falcon.phas.ubc.ca rsyslogd[276617]: imjournal: journal files changed, reloading... [v8.1911.0-7.el8_4.2 try https> # systemctl restart rsyslog # systemctl start iptables # systemctl status iptables ● iptables.service - IPv4 firewall with iptables Loaded: loaded (/usr/lib/systemd/system/iptables.service; enabled; vendor preset: disabled) Active: active (exited) since Wed 2021-08-04 13:48:25 PDT; 6s ago Process: 2914412 ExecStart=/usr/libexec/iptables/iptables.init start (code=exited, status=0/SUCCESS) Main PID: 2914412 (code=exited, status=0/SUCCESS) Aug 04 13:48:24 falcon.phas.ubc.ca systemd[1]: Starting IPv4 firewall with iptables... Aug 04 13:48:25 falcon.phas.ubc.ca iptables.init[2914412]: iptables: Applying firewall rules: [ OK ] Aug 04 13:48:25 falcon.phas.ubc.ca systemd[1]: Started IPv4 firewall with iptables. # tail /var/log/iptables.log Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:50:56:01:5a:03:08:00 SRC=142.103.51.69 DST=142.103.51. 6 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28202 DF PROTO=TCP SPT=2049 DPT=806 WINDOW=1432 RES=0x00 ACK URGP=0 Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.29 DST=142.103.51 .6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=24982 DF PROTO=TCP SPT=2049 DPT=730 WINDOW=5063 RES=0x00 ACK URGP=0 Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.13 DST=142.103.51 .6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=59839 DF PROTO=TCP SPT=2049 DPT=811 WINDOW=1432 RES=0x00 ACK URGP=0 [root@falcon-EduCld-RH8 ~] 13:48:39 # host 142.103.51.69 69.51.103.142.in-addr.arpa domain name pointer romulan.phas.ubc.ca. # host falcon falcon.phas.ubc.ca has address 142.103.51.6 # cd /etc/logrotate.d # vim syslog # vim /etc/rsyslog.conf # vim /etc/logrotate.conf # tail /var/log/iptables.log Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:50:56:01:5a:03:08:00 SRC=142.103.51.69 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28202 DF PROTO=TCP SPT=2049 DPT=806 WINDOW=1432 RES=0x00 ACK URGP=0 Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.29 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=24982 DF PROTO=TCP SPT=2049 DPT=730 WINDOW=5063 RES=0x00 ACK URGP=0 Aug 4 13:48:31 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.13 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=59839 DF PROTO=TCP SPT=2049 DPT=811 WINDOW=1432 RES=0x00 ACK URGP=0 Aug 4 13:49:02 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:50:56:01:5a:03:08:00 SRC=142.103.51.69 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=64 ID=28203 DF PROTO=TCP SPT=2049 DPT=806 WINDOW=1432 RES=0x00 ACK URGP=0 Aug 4 13:49:02 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.29 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=24983 DF PROTO=TCP SPT=2049 DPT=730 WINDOW=5063 RES=0x00 ACK URGP=0 Aug 4 13:49:02 falcon kernel: FWALL: IN=ens192 OUT= MAC=00:50:56:01:66:ec:00:16:9c:d4:84:00:08:00 SRC=142.103.236.13 DST=142.103.51.6 LEN=52 TOS=0x00 PREC=0x00 TTL=62 ID=59840 DF PROTO=TCP SPT=2049 DPT=811 WINDOW=1432 RES=0x00 ACK URGP=0 Aug 4 13:49:09 falcon kernel: FWALL: IN=ens192 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:41:4c:08:00 SRC=142.103.51.67 DST=142.103.51.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=14146 PROTO=UDP SPT=138 DPT=138 LEN=209 Aug 4 13:50:14 falcon kernel: FWALL: IN=ens192 OUT= MAC=ff:ff:ff:ff:ff:ff:00:50:56:01:40:88:08:00 SRC=142.103.51.68 DST=142.103.51.255 LEN=229 TOS=0x00 PREC=0x00 TTL=128 ID=6257 PROTO=UDP SPT=138 DPT=138 LEN=209 # host romulan romulan.phas.ubc.ca has address 142.103.51.69 # umount /www/astro/html # mount /www/astro/html # vim /etc/sysconfig/iptables # systemctl restart iptables # which lm_sensors /usr/bin/which: no lm_sensors in (/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/root/bin) # systemctl status lm_sensors ● lm_sensors.service - Hardware Monitoring Sensors Loaded: loaded (/usr/lib/systemd/system/lm_sensors.service; enabled; vendor preset: enabled) Active: inactive (dead) # sensors-detect # sensors-detect version 3.4.0+git # System: VMware, Inc. VMware Virtual Platform [None] # Board: Intel Corporation 440BX Desktop Reference Platform # Kernel: 4.18.0-240.22.1.el8_3.x86_64 x86_64 # Processor: Intel(R) Xeon(R) CPU E5-2650 v4 @ 2.20GHz (6/45/2) This program will help you determine which kernel modules you need to load to use lm_sensors most effectively. It is generally safe and recommended to accept the default answers to all questions, unless you know what you're doing. Some south bridges, CPUs or memory controllers contain embedded sensors. Do you want to scan for them? This is totally safe. (YES/no): Silicon Integrated Systems SIS5595... No VIA VT82C686 Integrated Sensors... No VIA VT8231 Integrated Sensors... No AMD K8 thermal sensors... No AMD Family 10h thermal sensors... No AMD Family 11h thermal sensors... No AMD Family 12h and 14h thermal sensors... No AMD Family 15h thermal sensors... No AMD Family 16h thermal sensors... No AMD Family 17h thermal sensors... No AMD Family 15h power sensors... No AMD Family 16h power sensors... No AMD Family 19h thermal sensors... No Intel digital thermal sensor... No Intel AMB FB-DIMM thermal sensor... No Intel 5500/5520/X58 thermal sensor... No VIA C7 thermal sensor... No VIA Nano thermal sensor... No Some Super I/O chips contain embedded sensors. We have to write to standard I/O ports to probe them. This is usually safe. Do you want to scan for Super I/O sensors? (YES/no): Probing for Super-I/O at 0x2e/0x2f Trying family `National Semiconductor/ITE'... Yes Found unknown chip with ID 0x0800 Probing for Super-I/O at 0x4e/0x4f Trying family `National Semiconductor/ITE'... No Trying family `SMSC'... No Trying family `VIA/Winbond/Nuvoton/Fintek'... No Trying family `ITE'... No Some systems (mainly servers) implement IPMI, a set of common interfaces through which system health data may be retrieved, amongst other things. We first try to get the information from SMBIOS. If we don't find it there, we have to read from arbitrary I/O ports to probe for such interfaces. This is normally safe. Do you want to scan for IPMI interfaces? (YES/no): Probing for `IPMI BMC KCS' at 0xca0... No Probing for `IPMI BMC SMIC' at 0xca8... No Some hardware monitoring chips are accessible through the ISA I/O ports. We have to write to arbitrary I/O ports to probe them. This is usually safe though. Yes, you do have ISA I/O ports even if you do not have any ISA slots! Do you want to scan the ISA I/O ports? (YES/no): Probing for `National Semiconductor LM78' at 0x290... No Probing for `National Semiconductor LM79' at 0x290... No Probing for `Winbond W83781D' at 0x290... No Probing for `Winbond W83782D' at 0x290... No Lastly, we can probe the I2C/SMBus adapters for connected hardware monitoring devices. This is the most risky part, and while it works reasonably well on most systems, it has been reported to cause trouble on some systems. Do you want to probe the I2C/SMBus adapters now? (YES/no): Using driver `i2c-piix4' for device 0000:00:07.3: Intel 82371AB PIIX4 ACPI Module i2c-dev loaded successfully. Sorry, no sensors were detected. Either your system has no sensors, or they are not supported, or they are connected to an I2C or SMBus adapter that is not supported. If you find out what chips are on your board, check https://hwmon.wiki.kernel.org/device_support_status for driver status. # systemctl disable lm_sensors Removed /etc/systemd/system/multi-user.target.wants/lm_sensors.service. ======================================================================================= 21-08-11 Install crowdsec (fail2ban, denyhosts alternative) [root@falcon-EduCld-RH8 ~] 10:32:53 # curl -s https://packagecloud.io/install/repositories/crowdsec/crowdsec/script.rpm.sh | sudo bash Detected operating system as rhel/8. Downloading repository file: https://packagecloud.io/install/repositories/crowdsec/crowdsec/config_file.repo?os=rhel&dist=8&source=script done. Installing yum-utils... Updating Subscription Management repositories. crowdsec_crowdsec-source 743 B/s | 833 B 00:01 crowdsec_crowdsec-source 12 kB/s | 3.9 kB 00:00 Importing GPG key 0x6E93CD0C: Userid : "https://packagecloud.io/crowdsec/crowdsec (https://packagecloud.io/docs#gpg_signing) " Fingerprint: 6A89 E3C2 303A 901A 8899 71D3 376E D532 6E93 CD0C From : https://packagecloud.io/crowdsec/crowdsec/gpgkey crowdsec_crowdsec-source 11 kB/s | 2.4 kB 00:00 Importing GPG key 0xD059946B: Userid : "Crowdsec Team (Debian Package Signing Key) " Fingerprint: CABA 475A DF1A 7001 B538 B73E 47C2 85C1 D059 946B From : https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg crowdsec_crowdsec-source 11 kB/s | 2.4 kB 00:00 Importing GPG key 0x3CDF0DB4: Userid : "Crowdsec Rpm Archive " Fingerprint: 9082 D8CA CBBE B0DA B218 BAB0 4C3D 386C 3CDF 0DB4 From : https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg crowdsec_crowdsec-source 1.3 kB/s | 1.5 kB 00:01 Red Hat Enterprise Linux 8 for x86_64 - AppStream (RPMs) 26 kB/s | 2.8 kB 00:00 Red Hat Enterprise Linux 8 for x86_64 - BaseOS (RPMs) 22 kB/s | 2.4 kB 00:00 Red Hat Satellite Tools 6.8 for RHEL 8 x86_64 (RPMs) 19 kB/s | 2.1 kB 00:00 Red Hat CodeReady Linux Builder for RHEL 8 x86_64 (RPMs) 26 kB/s | 2.8 kB 00:00 Dependencies resolved. Installed: yum-utils-4.0.18-4.el8.noarch Generating yum cache for crowdsec_crowdsec... Generating yum cache for crowdsec_crowdsec-source... The repository is setup! You can now install packages. # dnf install crowdsec Downloading Packages: crowdsec-1.1.1-1.el8.x86_64.rpm 19 MB/s | 14 MB 00:00 ------------------------------------------------------------------------------------------------------------------------------------ Total 18 MB/s | 14 MB 00:00 warning: /var/cache/dnf/crowdsec_crowdsec-9b410f4e5fd0469a/packages/crowdsec-1.1.1-1.el8.x86_64.rpm: Header V4 RSA/SHA256 Signature, key ID 3cdf0db4: NOKEY crowdsec_crowdsec 17 kB/s | 3.9 kB 00:00 Importing GPG key 0x6E93CD0C: Userid : "https://packagecloud.io/crowdsec/crowdsec (https://packagecloud.io/docs#gpg_signing) " Fingerprint: 6A89 E3C2 303A 901A 8899 71D3 376E D532 6E93 CD0C From : https://packagecloud.io/crowdsec/crowdsec/gpgkey Is this ok [y/N]: y Key imported successfully crowdsec_crowdsec 11 kB/s | 2.4 kB 00:00 Importing GPG key 0xD059946B: Userid : "Crowdsec Team (Debian Package Signing Key) " Fingerprint: CABA 475A DF1A 7001 B538 B73E 47C2 85C1 D059 946B From : https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-B78D1222C9AD2D5D.pub.gpg Is this ok [y/N]: y Key imported successfully crowdsec_crowdsec 11 kB/s | 2.4 kB 00:00 Importing GPG key 0x3CDF0DB4: Userid : "Crowdsec Rpm Archive " Fingerprint: 9082 D8CA CBBE B0DA B218 BAB0 4C3D 386C 3CDF 0DB4 From : https://packagecloud.io/crowdsec/crowdsec/gpgkey/crowdsec-crowdsec-FED78314A2468CCF.pub.gpg Is this ok [y/N]: y Key imported successfully Running transaction check Transaction check succeeded. Running transaction test Transaction test succeeded. Running transaction Preparing : 1/1 Running scriptlet: crowdsec-1.1.1-1.el8.x86_64 1/1 Installing : crowdsec-1.1.1-1.el8.x86_64 1/1 Running scriptlet: crowdsec-1.1.1-1.el8.x86_64 1/1 /bin/bash Creating acquisition configuration INFO[08/11/2021:10:36:52 AM] crowdsec_wizard: service 'sshd': /var/log/secure INFO[08/11/2021:10:36:52 AM] crowdsec_wizard: service 'linux': /var/log/messages time="11-08-2021 10:36:52 AM" level=warning msg="can't load CAPI credentials from '/etc/crowdsec/online_api_credentials.yaml' (missing field)" time="11-08-2021 10:36:52 AM" level=info msg="push and pull to crowdsec API disabled" time="11-08-2021 10:36:54 AM" level=info msg="Successfully registered to Central API (CAPI)" time="11-08-2021 10:36:54 AM" level=info msg="Central API credentials dumped to '/etc/crowdsec/online_api_credentials.yaml'" time="11-08-2021 10:36:54 AM" level=warning msg="Run 'sudo systemctl reload crowdsec' for the new configuration to be effective." time="11-08-2021 10:36:54 AM" level=info msg="Machine '27c12be4b2664587a59a8268b9dfc4d75AOL66O9R1ROQuvT' successfully added to the local API" time="11-08-2021 10:36:54 AM" level=info msg="API credentials dumped to '/etc/crowdsec/local_api_credentials.yaml'" time="11-08-2021 10:36:55 AM" level=info msg="Wrote new 126215 bytes index to /etc/crowdsec/hub/.index.json" INFO[08/11/2021:10:36:55 AM] crowdsec_wizard: Installing collection 'crowdsecurity/sshd' INFO[08/11/2021:10:36:56 AM] crowdsec_wizard: Installing collection 'crowdsecurity/linux' Verifying : crowdsec-1.1.1-1.el8.x86_64 1/1 Installed products updated. Installed: crowdsec-1.1.1-1.el8.x86_64 # systemctl reload crowdsec # systemctl status crowdsec ● crowdsec.service - Crowdsec agent Loaded: loaded (/usr/lib/systemd/system/crowdsec.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2021-08-11 10:37:22 PDT; 2min 26s ago Process: 3997600 ExecReload=/bin/kill -HUP $MAINPID (code=exited, status=0/SUCCESS) Main PID: 3997433 (crowdsec) Tasks: 10 (limit: 4800) Memory: 94.7M CGroup: /system.slice/crowdsec.service └─3997433 /usr/bin/crowdsec -c /etc/crowdsec/config.yaml Aug 11 10:37:19 falcon.phas.ubc.ca systemd[1]: Starting Crowdsec agent... Aug 11 10:37:22 falcon.phas.ubc.ca systemd[1]: Started Crowdsec agent. Aug 11 10:38:22 falcon.phas.ubc.ca crowdsec[3997433]: 2021/08/11 10:38:22 Signal push response : http 200 OK Aug 11 10:39:39 falcon.phas.ubc.ca systemd[1]: Reloading Crowdsec agent. Aug 11 10:39:39 falcon.phas.ubc.ca systemd[1]: crowdsec.service: Can't open PID file /run/crowdsec.pid (yet?) after reload: No such> Aug 11 10:39:39 falcon.phas.ubc.ca systemd[1]: Reloaded Crowdsec agent. # cscli hub list INFO[11-08-2021 10:45:14 AM] Loaded 20 collecs, 25 parsers, 28 scenarios, 3 post-overflow parsers INFO[11-08-2021 10:45:14 AM] PARSERS: ------------------------------------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH ------------------------------------------------------------------------------------------------------------- crowdsecurity/syslog-logs ✔️ enabled 0.1 /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml crowdsecurity/geoip-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml crowdsecurity/whitelists ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/whitelists.yaml crowdsecurity/sshd-logs ✔️ enabled 0.7 /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml crowdsecurity/dateparse-enrich ✔️ enabled 0.1 /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml ------------------------------------------------------------------------------------------------------------- INFO[11-08-2021 10:45:14 AM] SCENARIOS: -------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH -------------------------------------------------------------------------------- crowdsecurity/ssh-bf ✔️ enabled 0.1 /etc/crowdsec/scenarios/ssh-bf.yaml -------------------------------------------------------------------------------- INFO[11-08-2021 10:45:14 AM] COLLECTIONS: -------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH -------------------------------------------------------------------------------- crowdsecurity/linux ✔️ enabled 0.2 /etc/crowdsec/collections/linux.yaml crowdsecurity/sshd ✔️ enabled 0.1 /etc/crowdsec/collections/sshd.yaml -------------------------------------------------------------------------------- INFO[11-08-2021 10:45:14 AM] POSTOVERFLOWS: -------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH -------------------------------------- -------------------------------------- # cscli decisions list +-----+----------+------------------+----------------------+--------+---------+------------+--------+-------------------+----------+ | ID | SOURCE | SCOPE:VALUE | REASON | ACTION | COUNTRY | AS | EVENTS | EXPIRATION | ALERT ID | +-----+----------+------------------+----------------------+--------+---------+------------+--------+-------------------+----------+ | 101 | crowdsec | Ip:85.221.132.54 | crowdsecurity/ssh-bf | ban | PL | INEA S.A. | 11 | 3h51m5.498870296s | 2 | +-----+----------+------------------+----------------------+--------+---------+------------+--------+-------------------+----------+ # cscli alerts list +----+---------------------+----------------------+---------+------------+-----------+--------------------------------+ | ID | VALUE | REASON | COUNTRY | AS | DECISIONS | CREATED AT | +----+---------------------+----------------------+---------+------------+-----------+--------------------------------+ | 3 | Community blocklist | update : +100/-0 IPs | | | ban:100 | 2021-08-11 10:39:43.27438874 | | | | | | | | -0700 -0700 | | 2 | Ip:85.221.132.54 | crowdsecurity/ssh-bf | PL | INEA S.A. | ban:1 | 2021-08-11 10:37:23.083685261 | | | | | | | | -0700 -0700 | | 1 | Community blocklist | update : +100/-0 IPs | | | ban:100 | 2021-08-11 10:37:24.899288833 | | | | | | | | -0700 -0700 | +----+---------------------+----------------------+---------+------------+-----------+--------------------------------+ # cscli metrics INFO[11-08-2021 10:49:00 AM] Buckets Metrics: +--------------------------------+---------------+-----------+--------------+--------+---------+ | BUCKET | CURRENT COUNT | OVERFLOWS | INSTANCIATED | POURED | EXPIRED | +--------------------------------+---------------+-----------+--------------+--------+---------+ | crowdsecurity/ssh-bf | 9 | 2 | 102 | 186 | 81 | | crowdsecurity/ssh-bf_user-enum | 9 | - | 102 | 108 | 83 | +--------------------------------+---------------+-----------+--------------+--------+---------+ INFO[11-08-2021 10:49:00 AM] Acquisition Metrics: +------------------------+------------+--------------+----------------+------------------------+ | SOURCE | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET | +------------------------+------------+--------------+----------------+------------------------+ | file:/var/log/messages | 10 | - | 10 | - | | file:/var/log/secure | 542 | 186 | 356 | 294 | +------------------------+------------+--------------+----------------+------------------------+ INFO[11-08-2021 10:49:00 AM] Parser Metrics: +--------------------------------+------+--------+----------+ | PARSERS | HITS | PARSED | UNPARSED | +--------------------------------+------+--------+----------+ | child-crowdsecurity/sshd-logs | 2933 | 186 | 2747 | | crowdsecurity/dateparse-enrich | 186 | 186 | - | | crowdsecurity/geoip-enrich | 186 | 186 | - | | crowdsecurity/sshd-logs | 537 | 186 | 351 | | crowdsecurity/syslog-logs | 552 | 552 | - | | crowdsecurity/whitelists | 186 | 186 | - | +--------------------------------+------+--------+----------+ INFO[11-08-2021 10:49:00 AM] Local Api Metrics: +--------------------+--------+------+ | ROUTE | METHOD | HITS | +--------------------+--------+------+ | /v1/alerts | GET | 2 | | /v1/alerts | POST | 1 | | /v1/watchers/login | POST | 6 | +--------------------+--------+------+ INFO[11-08-2021 10:49:00 AM] Local Api Machines Metrics: +--------------------------------------------------+------------+--------+------+ | MACHINE | ROUTE | METHOD | HITS | +--------------------------------------------------+------------+--------+------+ | 27c12be4b2664587a59a8268b9dfc4d75AOL66O9R1ROQuvT | /v1/alerts | GET | 2 | | 27c12be4b2664587a59a8268b9dfc4d75AOL66O9R1ROQuvT | /v1/alerts | POST | 1 | +--------------------------------------------------+------------+--------+------+ +===============================================================================================+ # HOW TO UNBLOCK AN IP Address # see: https://docs.crowdsec.net/Crowdsec/v1/user_guide/decision_management/ # cscli decisions list +-----+----------+--------------------+--------------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | ID | SOURCE | SCOPE:VALUE | REASON | ACTION | COUNTRY | AS | EVENTS | EXPIRATION | ALERT ID | +-----+----------+--------------------+--------------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | 218 | crowdsec | Ip:222.187.238.136 | crowdsecurity/ssh-bf | ban | CN | No.31,Jin-rong Street | 9 | 3h55m28.893551796s | 20 | | 216 | crowdsec | Ip:209.141.54.21 | crowdsecurity/ssh-bf_user-enum | ban | US | FranTech Solutions | 11 | 3h46m52.308168477s | 18 | | 214 | crowdsec | Ip:209.141.54.219 | crowdsecurity/ssh-bf_user-enum | ban | US | FranTech Solutions | 8 | 3h46m19.246099131s | 16 | | 212 | crowdsec | Ip:222.186.42.213 | crowdsecurity/ssh-bf | ban | CN | AS Number for CHINANET | 7 | 3h40m47.676058825s | 14 | | | | | | | | jiangsu province backbone | | | | | 209 | crowdsec | Ip:222.186.30.76 | crowdsecurity/ssh-bf | ban | CN | AS Number for CHINANET | 8 | 3h18m11.961607186s | 11 | | | | | | | | corporation | | | | | 206 | crowdsec | Ip:221.181.185.153 | crowdsecurity/ssh-bf | ban | CN | China Mobile communications | 7 | 3h10m49.363317626s | 8 | | | | | | | | corporation | | | | ... | 202 | crowdsec | Ip:222.186.42.7 | crowdsecurity/ssh-bf | ban | CN | AS Number for CHINANET | 7 | 2h48m41.027766567s | 4 | | | | | | | | jiangsu province backbone | | | | | 101 | crowdsec | Ip:85.221.132.54 | crowdsecurity/ssh-bf | ban | PL | INEA S.A. | 11 | 2h31m14.785019723s | 2 | +-----+----------+--------------------+--------------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ # delete the decision on IP 1.2.3.4 sudo cscli decisions delete --ip 1.2.3.4 # delete the decision on range 1.2.3.0/24 sudo cscli decisions delete --range 1.2.3.0/24 # Warning # Please note that cscli decisions list will show you only the latest alert per given ip/scope. # However, several decisions targeting the same IP can exist. If you want to be sure to clear # all decisions for a given ip/scope, use cscli decisions delete -i x.x.x.x # Delete all existing bans # Flush all the existing bans sudo cscli decisions delete --all +===============================================================================================+ # yum install crowdsec-firewall-bouncer-iptables Running transaction Preparing : 1/1 Installing : crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 Running scriptlet: crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 cscli/crowdsec is present, generating API key API Key : 6f501205f2555a230be4fb59e1cc2642 Verifying : crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 Installed products updated. Installed: crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- azul.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- zbox.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- borg.phas.ubc.ca anywhere state NEW tcp dpt:rsync DROP udp -- delta.phas.ubc.ca anywhere udp dpt:ipp DROP udp -- phas-adminfs.phas.ubc.ca anywhere udp dpt:netbios-dgm DROP udp -- phas-addc.phas.ubc.ca anywhere udp dpt:netbios-dgm LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix "FWALL: " REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # yum install crowdsec-firewall-bouncer-iptables Running transaction Preparing : 1/1 Installing : crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 Running scriptlet: crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 cscli/crowdsec is present, generating API key API Key : 6f501205f2555a230be4fb59e1cc2642 Verifying : crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 1/1 Installed products updated. Installed: crowdsec-firewall-bouncer-iptables-0.0.13-1.el8.x86_64 # systemctl list-unit-files | grep -i crow crowdsec-firewall-bouncer.service disabled crowdsec.service enabled # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere match-set crowdsec-blacklists src ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- azul.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- zbox.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- borg.phas.ubc.ca anywhere state NEW tcp dpt:rsync DROP udp -- delta.phas.ubc.ca anywhere udp dpt:ipp DROP udp -- phas-adminfs.phas.ubc.ca anywhere udp dpt:netbios-dgm DROP udp -- phas-addc.phas.ubc.ca anywhere udp dpt:netbios-dgm LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix "FWALL: " REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # systemctl start crowdsec-firewall-bouncer.service # systemctl status crowdsec-firewall-bouncer.service ● crowdsec-firewall-bouncer.service - The firewall bouncer for CrowdSec Loaded: loaded (/usr/lib/systemd/system/crowdsec-firewall-bouncer.service; disabled; vendor preset: disabled) Active: active (running) since Wed 2021-08-11 12:18:04 PDT; 2min 31s ago Main PID: 4001076 (crowdsec-firewa) Tasks: 6 (limit: 4800) Memory: 13.3M CGroup: /system.slice/crowdsec-firewall-bouncer.service └─4001076 /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml Aug 11 12:18:01 falcon.phas.ubc.ca systemd[1]: Starting The firewall bouncer for CrowdSec... Aug 11 12:18:01 falcon.phas.ubc.ca crowdsec-firewall-bouncer[4001076]: time="2021-08-11T12:18:01-07:00" level=info msg="crowdsec-firewall-bouncer v0.0.13-el8-rpm-cc236a78ee262cf4a34bb953c62> Aug 11 12:18:04 falcon.phas.ubc.ca systemd[1]: Started The firewall bouncer for CrowdSec. # iptables -L Chain INPUT (policy ACCEPT) target prot opt source destination DROP all -- anywhere anywhere match-set crowdsec-blacklists src ACCEPT all -- anywhere anywhere state RELATED,ESTABLISHED ACCEPT icmp -- anywhere anywhere ACCEPT all -- anywhere anywhere ACCEPT tcp -- anywhere anywhere state NEW tcp dpt:ssh ACCEPT tcp -- azul.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- zbox.phas.ubc.ca anywhere state NEW tcp dpt:rsync ACCEPT tcp -- borg.phas.ubc.ca anywhere state NEW tcp dpt:rsync DROP udp -- delta.phas.ubc.ca anywhere udp dpt:ipp DROP udp -- phas-adminfs.phas.ubc.ca anywhere udp dpt:netbios-dgm DROP udp -- phas-addc.phas.ubc.ca anywhere udp dpt:netbios-dgm LOG all -- anywhere anywhere limit: avg 5/min burst 5 LOG level warning prefix "FWALL: " REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain FORWARD (policy ACCEPT) target prot opt source destination REJECT all -- anywhere anywhere reject-with icmp-host-prohibited Chain OUTPUT (policy ACCEPT) target prot opt source destination # systemctl enable crowdsec-firewall-bouncer.service Created symlink /etc/systemd/system/multi-user.target.wants/crowdsec-firewall-bouncer.service → /usr/lib/systemd/system/crowdsec-firewall-bouncer.service. # systemctl status crowdsec-firewall-bouncer.service ● crowdsec-firewall-bouncer.service - The firewall bouncer for CrowdSec Loaded: loaded (/usr/lib/systemd/system/crowdsec-firewall-bouncer.service; enabled; vendor preset: disabled) Active: active (running) since Wed 2021-08-11 12:18:04 PDT; 3min 37s ago Main PID: 4001076 (crowdsec-firewa) Tasks: 6 (limit: 4800) Memory: 10.9M CGroup: /system.slice/crowdsec-firewall-bouncer.service └─4001076 /usr/bin/crowdsec-firewall-bouncer -c /etc/crowdsec/bouncers/crowdsec-firewall-bouncer.yaml Aug 11 12:18:01 falcon.phas.ubc.ca systemd[1]: Starting The firewall bouncer for CrowdSec... Aug 11 12:18:01 falcon.phas.ubc.ca crowdsec-firewall-bouncer[4001076]: time="2021-08-11T12:18:01-07:00" level=info msg="crowdsec-firewall-bouncer v0.0.13-el8-rpm-cc236a78ee262cf4a34bb953c62> Aug 11 12:18:04 falcon.phas.ubc.ca systemd[1]: Started The firewall bouncer for CrowdSec. # ipset list Name: crowdsec-blacklists Type: hash:net Revision: 6 Header: family inet hashsize 1024 maxelem 65536 timeout 300 Size in memory: 10648 References: 1 Number of entries: 111 Members: 85.221.132.54 timeout 7713 ... 222.186.52.39 timeout 79797 209.141.54.219 timeout 12220 Name: crowdsec6-blacklists Type: hash:net Revision: 6 Header: family inet6 hashsize 1024 maxelem 65536 timeout 300 Size in memory: 1160 References: 1 Number of entries: 0 Members: ===================================================================================================== 21-09-13 # dnf install cups Installed: adobe-mappings-cmap-20171205-3.el8.noarch adobe-mappings-cmap-deprecated-20171205-3.el8.noarch adobe-mappings-pdf-20180407-1.el8.noarch avahi-0.7-20.el8.x86_64 avahi-glib-0.7-20.el8.x86_64 cairo-1.15.12-3.el8.x86_64 cups-1:2.2.6-38.el8.x86_64 cups-filesystem-1:2.2.6-38.el8.noarch cups-filters-1.20.0-24.el8.x86_64 cups-filters-libs-1.20.0-24.el8.x86_64 cups-ipptool-1:2.2.6-38.el8.x86_64 emacs-filesystem-1:26.1-5.el8.noarch fontconfig-2.13.1-3.el8.x86_64 fontpackages-filesystem-1.44-22.el8.noarch ghostscript-9.27-1.el8.x86_64 google-droid-sans-fonts-20120715-13.el8.noarch jbig2dec-libs-0.16-1.el8.x86_64 jbigkit-libs-2.1-14.el8.x86_64 lcms2-2.9-2.el8.x86_64 liberation-fonts-common-1:2.00.3-7.el8.noarch liberation-mono-fonts-1:2.00.3-7.el8.noarch libfontenc-1.1.3-8.el8.x86_64 libgs-9.27-1.el8.x86_64 libidn-1.34-5.el8.x86_64 libijs-0.35-5.el8.x86_64 libjpeg-turbo-1.5.3-10.el8.x86_64 libpaper-1.1.24-22.el8.x86_64 libtiff-4.0.9-18.el8.x86_64 openjpeg2-2.3.1-6.el8.x86_64 pixman-0.38.4-1.el8.x86_64 poppler-20.11.0-2.el8.x86_64 poppler-data-0.4.9-1.el8.noarch poppler-utils-20.11.0-2.el8.x86_64 qpdf-libs-7.1.1-10.el8.x86_64 urw-base35-bookman-fonts-20170801-10.el8.noarch urw-base35-c059-fonts-20170801-10.el8.noarch urw-base35-d050000l-fonts-20170801-10.el8.noarch urw-base35-fonts-20170801-10.el8.noarch urw-base35-fonts-common-20170801-10.el8.noarch urw-base35-gothic-fonts-20170801-10.el8.noarch urw-base35-nimbus-mono-ps-fonts-20170801-10.el8.noarch urw-base35-nimbus-roman-fonts-20170801-10.el8.noarch urw-base35-nimbus-sans-fonts-20170801-10.el8.noarch urw-base35-p052-fonts-20170801-10.el8.noarch urw-base35-standard-symbols-ps-fonts-20170801-10.el8.noarch urw-base35-z003-fonts-20170801-10.el8.noarch xorg-x11-font-utils-1:7.5-40.el8.x86_64 # cat /etc/cups/client.conf ServerName print.phas.ubc.ca # dnf install emacs Installed: ModemManager-glib-1.10.8-2.el8.x86_64 abattis-cantarell-fonts-0.0.25-6.el8.noarch adwaita-cursor-theme-3.28.0-2.el8.noarch adwaita-icon-theme-3.28.0-2.el8.noarch alsa-lib-1.2.4-5.el8.x86_64 aspell-12:0.60.6.1-21.el8.x86_64 at-spi2-atk-2.26.2-1.el8.x86_64 at-spi2-core-2.28.0-1.el8.x86_64 atk-2.28.1-1.el8.x86_64 cairo-gobject-1.15.12-3.el8.x86_64 colord-libs-1.4.2-1.el8.x86_64 dconf-0.28.0-4.el8.x86_64 dejavu-fonts-common-2.35-7.el8.noarch dejavu-sans-mono-fonts-2.35-7.el8.noarch desktop-file-utils-0.23-8.el8.x86_64 emacs-1:26.1-5.el8.x86_64 emacs-common-1:26.1-5.el8.x86_64 enchant2-2.2.3-3.el8.x86_64 fribidi-1.0.4-8.el8.x86_64 gdk-pixbuf2-2.36.12-5.el8.x86_64 gdk-pixbuf2-modules-2.36.12-5.el8.x86_64 geoclue2-2.5.5-2.el8.x86_64 giflib-5.1.4-3.el8.x86_64 glib-networking-2.56.1-1.1.el8.x86_64 graphite2-1.3.10-10.el8.x86_64 gsettings-desktop-schemas-3.32.0-5.el8.x86_64 gstreamer1-1.16.1-2.el8.x86_64 gstreamer1-plugins-base-1.16.1-2.el8.x86_64 gtk-update-icon-cache-3.22.30-6.el8.x86_64 gtk3-3.22.30-6.el8.x86_64 harfbuzz-1.7.5-3.el8.x86_64 harfbuzz-icu-1.7.5-3.el8.x86_64 hicolor-icon-theme-0.17-2.el8.noarch hyphen-2.8.8-9.el8.x86_64 iso-codes-3.79-2.el8.noarch jasper-libs-2.0.14-4.el8.x86_64 libXaw-1.0.13-10.el8.x86_64 libXdamage-1.1.4-14.el8.x86_64 libXft-2.3.3-1.el8.x86_64 libXpm-3.5.12-8.el8.x86_64 libdatrie-0.2.9-7.el8.x86_64 libepoxy-1.5.3-1.el8.x86_64 libglvnd-1:1.3.2-1.el8.x86_64 libglvnd-egl-1:1.3.2-1.el8.x86_64 libglvnd-gles-1:1.3.2-1.el8.x86_64 libglvnd-glx-1:1.3.2-1.el8.x86_64 libgusb-0.3.0-1.el8.x86_64 libmodman-2.0.1-17.el8.x86_64 libnotify-0.7.7-5.el8.x86_64 libogg-2:1.3.2-10.el8.x86_64 libotf-0.9.13-11.el8.x86_64 libproxy-0.4.15-5.2.el8.x86_64 librsvg2-2.42.7-4.el8.x86_64 libsoup-2.62.3-2.el8.x86_64 libthai-0.1.27-2.el8.x86_64 libtheora-1:1.1.1-21.el8.x86_64 libvisual-1:0.4.0-25.el8.x86_64 libvorbis-1:1.3.6-2.el8.x86_64 libwayland-client-1.17.0-1.el8.x86_64 libwayland-cursor-1.17.0-1.el8.x86_64 libwayland-egl-1.17.0-1.el8.x86_64 libwayland-server-1.17.0-1.el8.x86_64 libwebp-1.0.0-3.el8_4.x86_64 libxshmfence-1.3-2.el8.x86_64 m17n-db-1.8.0-3.el8.noarch m17n-lib-1.8.0-2.el8.x86_64 mesa-libEGL-20.3.3-2.el8.x86_64 mesa-libGL-20.3.3-2.el8.x86_64 mesa-libgbm-20.3.3-2.el8.x86_64 mesa-libglapi-20.3.3-2.el8.x86_64 opus-1.3-0.4.beta.el8.x86_64 orc-0.4.28-3.el8.x86_64 pango-1.42.4-6.el8.x86_64 rest-0.8.1-2.el8.x86_64 webkit2gtk3-2.30.4-1.el8.x86_64 webkit2gtk3-jsc-2.30.4-1.el8.x86_64 woff2-1.0.2-5.el8.x86_64 xml-common-0.6.3-50.el8.noarch ===================================================================================================== 21-09-20 # yum -y install cifs-utils Installed: cifs-utils-6.8-3.el8.x86_64 libwbclient-4.13.3-4.el8_4.x86_64 samba-client-libs-4.13.3-4.el8_4.x86_64 samba-common-4.13.3-4.el8_4.noarch samba-common-libs-4.13.3-4.el8_4.x86_64 # mount -t cifs //files.ubc.ca/team /tmp/team -o username=rapzilla.adm -o domain=EAD Password for rapzilla.adm@//files.ubc.ca/team: *************************** # ls /tmp/team PHAS QMIN SLMS UBCIT # xterm xterm: Xt error: Can't open display: %s xterm: DISPLAY is not set # dnf search xauth xorg-x11-xauth.x86_64 : X.Org X11 X authority utilities # dnf install xorg-x11-xauth Installed: xorg-x11-xauth-1:1.0.9-12.el8.x86_64 edit /etc/ssh/sshd_config #X11Forwarding no X11Forwarding yes restart sshd # pwd /tmp/team/SLMS/DesktopApps # cd Mathworks/ # cd Matlab\ 2021a/ # cd R2021a_Linux # ./install Error occurred during initialization of VM Unable to load native library: libjava.so: cannot open shared object file: No such file or directory # from https://docs.aws.amazon.com/corretto/latest/corretto-11-ug/generic-linux-install.html # cd /tmp # rpm --import https://yum.corretto.aws/corretto.key # curl -L -o /etc/yum.repos.d/corretto.repo https://yum.corretto.aws/corretto.repo % Total % Received % Xferd Average Speed Time Time Time Current Dload Upload Total Spent Left Speed 100 147 100 147 0 0 2940 0 --:--:-- --:--:-- --:--:-- 2940 # yum install -y java-11-amazon-corretto-devel Installed: java-11-amazon-corretto-devel-1:11.0.12.7-1.x86_64 # ./install Error occurred during initialization of VM Unable to load native library: libjava.so: cannot open shared object file: No such file or directory # strace ./install -bash: strace: command not found # dnf install strace Installed: strace-5.7-2.el8.x86_64 ===================================================================================================== 21-10-06 # yum install perl-Getopt-ArgvFile # yum install perl-Getopt-Long Package perl-Getopt-Long-1:2.50-4.el8.noarch is already installed. ===================================================================================================== 21-10-07 # dnf install expect Installed: expect-5.45.4-5.el8.x86_64 tcl-1:8.6.8-2.el8.x86_64 # systemctl list-unit-files | grep -i rsyn rsyncd.service disabled rsyncd@.service static rsyncd.socket disabled # systemctl enable rsyncd Created symlink /etc/systemd/system/multi-user.target.wants/rsyncd.service → /usr/lib/systemd/system/rsyncd.service. # systemctl start rsyncd now rsync from krypton works. ===================================================================================================== 21-10-28 # dnf install perl-LDAP Installed: perl-Authen-SASL-2.16-13.el8.noarch perl-Convert-ASN1-0.27-17.el8.noarch perl-Data-Dump-1.23-7.module+el8.3.0+6498+9eecfe51.noarch perl-Digest-HMAC-1.03-17.module+el8.3.0+6498+9eecfe51.noarch perl-File-Listing-6.04-17.module+el8.3.0+6498+9eecfe51.noarch perl-GSSAPI-0.28-23.el8.x86_64 perl-HTML-Parser-3.72-15.module+el8.3.0+6498+9eecfe51.x86_64 perl-HTML-Tagset-3.20-34.module+el8.3.0+6498+9eecfe51.noarch perl-HTTP-Cookies-6.04-2.module+el8.3.0+6498+9eecfe51.noarch perl-HTTP-Date-6.02-19.module+el8.3.0+6498+9eecfe51.noarch perl-HTTP-Message-6.18-1.module+el8.3.0+6498+9eecfe51.noarch perl-HTTP-Negotiate-6.01-19.module+el8.3.0+6498+9eecfe51.noarch perl-IO-HTML-1.001-11.module+el8.3.0+6498+9eecfe51.noarch perl-JSON-2.97.001-2.el8.noarch perl-LDAP-1:0.66-7.el8.noarch perl-LWP-MediaTypes-6.02-15.module+el8.3.0+6498+9eecfe51.noarch perl-NTLM-1.09-17.module+el8.3.0+6498+9eecfe51.noarch perl-Net-HTTP-6.17-2.module+el8.3.0+6498+9eecfe51.noarch perl-Text-Soundex-3.05-8.el8.x86_64 perl-Text-Unidecode-1.30-5.el8.noarch perl-TimeDate-1:2.30-15.module+el8.3.0+6498+9eecfe51.noarch perl-Try-Tiny-0.30-7.module+el8.3.0+6498+9eecfe51.noarch perl-WWW-RobotRules-6.02-18.module+el8.3.0+6498+9eecfe51.noarch perl-libwww-perl-6.34-1.module+el8.3.0+6498+9eecfe51.noarch ===================================================================================================== 21-10-29 installed ldap-client pwd is in /etc/ldap01.secret working sample queries... # ldapsearch -ZZ -x -LLL -h ldap01.phas.ubc.ca -W -D cn=Manager,dc=phas,dc=ubc,dc=ca -b "dc=phas,dc=ubc,dc=ca" # ldapsearch -ZZ -x -LLL -h ldap01.phas.ubc.ca -W -D cn=Manager,dc=phas,dc=ubc,dc=ca -b "ou=users,dc=phas,dc=ubc,dc=ca" # ldapsearch -ZZ -x -LLL -h ldap01.phas.ubc.ca -W -D cn=Manager,dc=phas,dc=ubc,dc=ca -b "ou=users,dc=phas,dc=ubc,dc=ca" "posixAccount","top","person","organizationalPerson","inetOrgPerson","shadowAccount" ===================================================================================================== 21-11-02 fixing addusr... # yum install perl-DBI Installed: perl-DBI-1.641-3.module+el8.3.0+6481+fbe55708.x86_64 # yum -y install perl-DBD-MySQL Installed: mariadb-connector-c-3.1.11-2.el8_3.x86_64 mariadb-connector-c-config-3.1.11-2.el8_3.noarch perl-DBD-MySQL-4.046-3.module+el8.1.0+2938+301254e2.x86_64 # yum -y install perl-Config-Tiny Installed: perl-Config-Tiny-2.24-1.el8.noarch # yum -y install perl-Date-Calc Installed: perl-Bit-Vector-7.4-11.el8.x86_64 perl-Carp-Clan-6.06-6.el8.noarch perl-Date-Calc-6.4-9.el8.noarch # yum -y install perl-File-Slurp Installed: perl-File-Slurp-9999.19-19.el8.noarch # yum -y install perl-List-MoreUtils Installed: perl-Exporter-Tiny-1.000000-4.el8.noarch perl-List-MoreUtils-0.428-2.el8.noarch perl-List-MoreUtils-XS-0.428-3.el8.x86_64 # yum -y install perl-Crypt-SmbHash Installed: perl-Crypt-SmbHash-0.12-38.el8.noarch perl-Digest-MD4-1.9-23.el8.x86_64 # yum -y install perl-Email-Simple Installed: perl-Email-Date-Format-1.005-11.el8.noarch perl-Email-Simple-2.216-6.el8.noarch # yum -y install perl-Email-Sender Installed: perl-Class-Method-Modifiers-2.12-8.el8.noarch perl-Convert-BinHex-1.125-13.el8.noarch perl-Devel-GlobalDestruction-0.14-5.el8.noarch perl-Devel-StackTrace-1:2.03-2.el8.noarch perl-Email-Abstract-3.008-15.el8.noarch perl-Email-Address-1.912-5.el8.noarch perl-Email-Address-XS-1.04-6.el8.x86_64 perl-Email-MIME-1.949-1.el8.noarch perl-Email-MIME-ContentType-1.024-1.el8.noarch perl-Email-MIME-Encodings-1.315-17.el8.noarch perl-Email-MessageID-1.406-14.el8.noarch perl-Email-Sender-1.300031-9.el8.noarch perl-Geography-Countries-2009041301-27.el8.noarch perl-HTML-Formatter-2.16-10.el8.noarch perl-HTML-Tree-1:5.07-2.el8.noarch perl-IO-stringy-2.111-9.el8.noarch perl-Import-Into-1.002005-7.el8.noarch perl-MIME-Types-2.17-3.el8.noarch perl-MIME-tools-5.509-9.el8.noarch perl-Mail-Message-3.008-6.el8.noarch perl-Mail-Transport-3.004-3.el8.noarch perl-MailTools-2.20-2.el8.noarch perl-Module-Pluggable-2:5.2-7.el8.noarch perl-Module-Runtime-0.016-2.el8.noarch perl-Moo-2.003004-7.el8.noarch perl-MooX-Types-MooseLike-0.29-13.el8.noarch perl-Net-SMTP-SSL-1.04-5.el8.noarch perl-Role-Tiny-2.000006-2.el8.noarch perl-Sub-Exporter-Progressive-0.001013-5.el8.noarch perl-Sub-Quote-2.006003-3.el8.noarch perl-TeX-Hyphen-1.18-10.1.el8.noarch perl-Text-Autoformat-1.750000-1.el8.noarch perl-Text-Reform-1.20-25.el8.noarch perl-Throwable-0.200013-12.el8.noarch perl-User-Identity-0.99-8.el8.noarch # ../phas_passwd/rmusr rap1 Can't locate File/Remote.pm in @INC (you may need to install the File::Remote module) (@INC contains: /opt/sysadmin/common/phas_passwd/lib/ /opt/sysadmin/common/lib /opt/sysadmin/common/phas_passwd/lib /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5) at /opt/sysadmin/common/phas_passwd/lib/phas_PW_Mail.pm line 248. BEGIN failed--compilation aborted at /opt/sysadmin/common/phas_passwd/lib/phas_PW_Mail.pm line 248. Compilation failed in require at ../phas_passwd/rmusr line 42. BEGIN failed--compilation aborted at ../phas_passwd/rmusr line 42. # yum -y install perl-Object-Remote Installed: perl-Algorithm-C3-0.10-16.el8.noarch perl-Class-C3-0.34-1.el8.noarch perl-Data-Dumper-Concise-2.023-12.el8.noarch perl-Devel-ArgNames-0.03-19.el8.noarch perl-Eval-WithLexicals-1.003006-10.el8.noarch perl-Exporter-Declare-0.114-15.el8.noarch perl-Future-0.46-1.el8.noarch perl-Log-Contextual-0.008001-10.el8.noarch perl-Meta-Builder-0.004-7.el8.noarch perl-Object-Remote-0.004001-4.el8.noarch perl-PadWalker-2.3-2.el8.x86_64 perl-String-ShellQuote-1.04-24.module+el8.1.0+2942+5e3df93c.noarch perl-aliased-0.34-14.el8.noarch perl-strictures-2.000006-6.el8.noarch # yum -y install perl-Date-Simple Installed: perl-Date-Simple-3.03-29.el8.x86_64 # yum -y install perl-Path-Tiny Installed: perl-Path-Tiny-0.104-5.el8.noarch perl-Unicode-UTF8-0.62-5.el8.x86_64 # yum -y install mysql Installed: mysql-8.0.26-1.module+el8.4.0+12359+b8928c02.x86_64 mysql-common-8.0.26-1.module+el8.4.0+12359+b8928c02.x86_64 ===================================================================================================== 21-11-22 # cscli hub update INFO[22-11-2021 07:35:17 AM] Wrote new 162478 bytes index to /etc/crowdsec/hub/.index.json INFO[22-11-2021 07:35:17 AM] dependency of crowdsecurity/linux : outdated parsers crowdsecurity/syslog-logs INFO[22-11-2021 07:35:17 AM] update for collection crowdsecurity/sshd available (currently:0.1, latest:0.2) # cscli hub upgrade INFO[22-11-2021 07:38:19 AM] Upgrading collections WARN[22-11-2021 07:38:20 AM] crowdsecurity/sshd-logs : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/ssh-bf : overwrite INFO[22-11-2021 07:38:20 AM] crowdsecurity/ssh-slow-bf : OK INFO[22-11-2021 07:38:20 AM] Enabled scenarios : crowdsecurity/ssh-slow-bf WARN[22-11-2021 07:38:20 AM] crowdsecurity/sshd : overwrite INFO[22-11-2021 07:38:20 AM] 📦 crowdsecurity/sshd : updated WARN[22-11-2021 07:38:20 AM] crowdsecurity/syslog-logs : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/geoip-enrich : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/dateparse-enrich : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/sshd-logs : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/ssh-bf : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/ssh-slow-bf : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/sshd : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/sshd : overwrite WARN[22-11-2021 07:38:20 AM] crowdsecurity/linux : overwrite INFO[22-11-2021 07:38:20 AM] 📦 crowdsecurity/linux : updated INFO[22-11-2021 07:38:20 AM] Upgraded 2 items INFO[22-11-2021 07:38:20 AM] Upgrading parsers INFO[22-11-2021 07:38:20 AM] crowdsecurity/syslog-logs : up-to-date INFO[22-11-2021 07:38:20 AM] crowdsecurity/geoip-enrich : up-to-date INFO[22-11-2021 07:38:20 AM] crowdsecurity/dateparse-enrich : up-to-date INFO[22-11-2021 07:38:20 AM] crowdsecurity/whitelists : up-to-date INFO[22-11-2021 07:38:20 AM] crowdsecurity/sshd-logs : up-to-date INFO[22-11-2021 07:38:20 AM] All parsers are already up-to-date INFO[22-11-2021 07:38:20 AM] Upgrading scenarios INFO[22-11-2021 07:38:20 AM] crowdsecurity/ssh-bf : up-to-date INFO[22-11-2021 07:38:20 AM] crowdsecurity/ssh-slow-bf : up-to-date INFO[22-11-2021 07:38:20 AM] All scenarios are already up-to-date INFO[22-11-2021 07:38:20 AM] Upgrading postoverflows INFO[22-11-2021 07:38:20 AM] No postoverflows installed, nothing to upgrade [root@falcon-EduCld-RH8 ~] 07:38:20 # cscli hub update INFO[22-11-2021 07:38:46 AM] Wrote new 162478 bytes index to /etc/crowdsec/hub/.index.json [root@falcon-EduCld-RH8 ~] 07:38:46 # cscli hub list INFO[22-11-2021 07:38:53 AM] Loaded 23 collecs, 28 parsers, 36 scenarios, 3 post-overflow parsers INFO[22-11-2021 07:38:53 AM] PARSERS: ------------------------------------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH ------------------------------------------------------------------------------------------------------------- crowdsecurity/sshd-logs ✔️ enabled 1.3 /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml crowdsecurity/dateparse-enrich ✔️ enabled 0.1 /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml crowdsecurity/syslog-logs ✔️ enabled 0.4 /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml crowdsecurity/geoip-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml crowdsecurity/whitelists ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/whitelists.yaml ------------------------------------------------------------------------------------------------------------- INFO[22-11-2021 07:38:53 AM] SCENARIOS: ------------------------------------------------------------------------------------------ NAME 📦 STATUS VERSION LOCAL PATH ------------------------------------------------------------------------------------------ crowdsecurity/ssh-bf ✔️ enabled 0.1 /etc/crowdsec/scenarios/ssh-bf.yaml crowdsecurity/ssh-slow-bf ✔️ enabled 0.2 /etc/crowdsec/scenarios/ssh-slow-bf.yaml ------------------------------------------------------------------------------------------ INFO[22-11-2021 07:38:53 AM] COLLECTIONS: -------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH -------------------------------------------------------------------------------- crowdsecurity/sshd ✔️ enabled 0.2 /etc/crowdsec/collections/sshd.yaml crowdsecurity/linux ✔️ enabled 0.2 /etc/crowdsec/collections/linux.yaml -------------------------------------------------------------------------------- INFO[22-11-2021 07:38:53 AM] POSTOVERFLOWS: -------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH -------------------------------------- -------------------------------------- # cscli parsers list ------------------------------------------------------------------------------------------------------------- NAME 📦 STATUS VERSION LOCAL PATH ------------------------------------------------------------------------------------------------------------- crowdsecurity/whitelists ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/whitelists.yaml crowdsecurity/syslog-logs ✔️ enabled 0.4 /etc/crowdsec/parsers/s00-raw/syslog-logs.yaml crowdsecurity/geoip-enrich ✔️ enabled 0.2 /etc/crowdsec/parsers/s02-enrich/geoip-enrich.yaml crowdsecurity/dateparse-enrich ✔️ enabled 0.1 /etc/crowdsec/parsers/s02-enrich/dateparse-enrich.yaml crowdsecurity/sshd-logs ✔️ enabled 1.3 /etc/crowdsec/parsers/s01-parse/sshd-logs.yaml ------------------------------------------------------------------------------------------------------------- ===================================================================================================== 22-02-07 cscli metrics INFO[07-02-2022 10:05:06 AM] Buckets Metrics: +-------------------------------------+---------------+-----------+--------------+--------+---------+ | BUCKET | CURRENT COUNT | OVERFLOWS | INSTANCIATED | POURED | EXPIRED | +-------------------------------------+---------------+-----------+--------------+--------+---------+ | crowdsecurity/ssh-bf | - | 94 | 7969 | 27784 | 7875 | | crowdsecurity/ssh-bf_user-enum | - | 1 | 9050 | 13829 | 9049 | | crowdsecurity/ssh-slow-bf | - | 1093 | 1982 | 27784 | 889 | | crowdsecurity/ssh-slow-bf_user-enum | - | - | 2084 | 7271 | 2084 | +-------------------------------------+---------------+-----------+--------------+--------+---------+ INFO[07-02-2022 10:05:06 AM] Acquisition Metrics: +------------------------+------------+--------------+----------------+------------------------+ | SOURCE | LINES READ | LINES PARSED | LINES UNPARSED | LINES POURED TO BUCKET | +------------------------+------------+--------------+----------------+------------------------+ | file:/var/log/messages | 8971 | - | 8971 | - | | file:/var/log/secure | 64185 | 27879 | 36306 | 76668 | +------------------------+------------+--------------+----------------+------------------------+ INFO[07-02-2022 10:05:06 AM] Parser Metrics: +--------------------------------+--------+--------+----------+ | PARSERS | HITS | PARSED | UNPARSED | +--------------------------------+--------+--------+----------+ | child-crowdsecurity/sshd-logs | 291652 | 27879 | 263773 | | crowdsecurity/dateparse-enrich | 27879 | 27879 | - | | crowdsecurity/geoip-enrich | 27879 | 27879 | - | | crowdsecurity/sshd-logs | 56845 | 27879 | 28966 | | crowdsecurity/syslog-logs | 73156 | 73156 | - | | crowdsecurity/whitelists | 27879 | 27879 | - | +--------------------------------+--------+--------+----------+ INFO[07-02-2022 10:05:06 AM] Local Api Metrics: +----------------------+--------+--------+ | ROUTE | METHOD | HITS | +----------------------+--------+--------+ | /v1/alerts | GET | 996 | | /v1/alerts | POST | 1133 | | /v1/decisions/stream | GET | 103019 | | /v1/watchers/login | POST | 1213 | +----------------------+--------+--------+ INFO[07-02-2022 10:05:06 AM] Local Api Machines Metrics: +--------------------------------------------------+------------+--------+------+ | MACHINE | ROUTE | METHOD | HITS | +--------------------------------------------------+------------+--------+------+ | 27c12be4b2664587a59a8268b9dfc4d75AOL66O9R1ROQuvT | /v1/alerts | POST | 1133 | | 27c12be4b2664587a59a8268b9dfc4d75AOL66O9R1ROQuvT | /v1/alerts | GET | 996 | +--------------------------------------------------+------------+--------+------+ INFO[07-02-2022 10:05:06 AM] Local Api Bouncers Metrics: +----------------------------+----------------------+--------+--------+ | BOUNCER | ROUTE | METHOD | HITS | +----------------------------+----------------------+--------+--------+ | FirewallBouncer-1628709481 | /v1/decisions/stream | GET | 103019 | +----------------------------+----------------------+--------+--------+ # dnf install firefox Installed: firefox-91.5.0-1.el8_5.x86_64 liberation-sans-fonts-1:2.00.3-7.el8.noarch mozilla-filesystem-1.9-18.el8.x86_64 redhat-indexhtml-8-7.el8.noarch # cscli decisions list +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | ID | SOURCE | SCOPE:VALUE | REASON | ACTION | COUNTRY | AS | EVENTS | EXPIRATION | ALERT ID | +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | 2267628 | crowdsec | Ip:178.162.22.222 | crowdsecurity/ssh-slow-bf | ban | RU | 20807 WEST CALL SPb LLC | 18 | 3h49m55.436257614s | 12452 | | 2260276 | crowdsec | Ip:142.103.82.9 | crowdsecurity/ssh-bf | ban | CA | 393249 University of British | 8 | 1h26m20.76330007s | 12442 | | | | | | | | Columbia | | | | | 2260272 | crowdsec | Ip:217.77.211.98 | crowdsecurity/ssh-slow-bf | ban | UA | 31272 WildPark Co | 30 | 22.171645683s | 12438 | +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ # cscli decisions delete -i 142.103.82.9 INFO[07-02-2022 12:02:01 PM] 1 decision(s) deleted # cscli decisions list +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | ID | SOURCE | SCOPE:VALUE | REASON | ACTION | COUNTRY | AS | EVENTS | EXPIRATION | ALERT ID | +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ | 2267628 | crowdsec | Ip:178.162.22.222 | crowdsecurity/ssh-slow-bf | ban | RU | 20807 WEST CALL SPb LLC | 18 | 3h49m33.342222951s | 12452 | | 2260272 | crowdsec | Ip:217.77.211.98 | crowdsecurity/ssh-slow-bf | ban | UA | 31272 WildPark Co | 30 | 77.069492ms | 12438 | +---------+----------+-------------------+---------------------------+--------+---------+--------------------------------+--------+--------------------+----------+ ===================================================================================================== 22-02-17 [root@falcon-EduCld-RH8 services] 07:58:42 # diff sshd sshd.orig 831,833c831 < print "List of entries suppressed (/usr/share/logwatch/scripts/services/sshd, line 832) \n" foreach keys %OtherList; < # commented out next line, 22-02-17, rdp < #print "$_ : $OtherList{$_} time(s)\n" foreach keys %OtherList; --- > print "$_ : $OtherList{$_} time(s)\n" foreach keys %OtherList; # diff systemd systemd.orig 189,193c189,191 < print "List of entries suppressed (/usr/share/logwatch/scripts/services/systemd, line 190) \n" foreach keys %OtherList; < # commented out next 3 lines, 22-02-17, rdp < #foreach my $line (sort {$a cmp $b} keys %OtherList) { < # print " $line: $OtherList{$line} Time(s)\n"; < #} --- > foreach my $line (sort {$a cmp $b} keys %OtherList) { > print " $line: $OtherList{$line} Time(s)\n"; > } ===================================================================================================== 22-11-07 dnf install httpd-tools ===================================================================================================== # shutdown -r 23:30 "Maintenance reboot at 11:30pm 23-06-28" Shutdown scheduled for Wed 2023-06-28 23:30:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== [root@falcon-EduCld-RH8 ~] 14:00:28 # shutdown -r 23:41 "Maintenance reboot at 11:41pm 23-08-14" ===================================================================================================== 23-12-06 fail2ban reporting: https://www.the-art-of-web.com/system/fail2ban-log/ Fail2Ban – Realtime Display of Banned IP’s in a Webpage: https://www.kiloroot.com/fail2ban-realtime-display-of-banned-ips-in-a-webpage/ # systemctl start fail2ban # systemctl enable fail2ban Created symlink /etc/systemd/system/multi-user.target.wants/fail2ban.service → /usr/lib/systemd/system/fail2ban.service. # tail -f /var/log/fail2ban.log # /usr/bin/fail2ban-client -help #Reporting on 'today's activity: #Here's a report I find useful to run before midnight each day to generate a summary of the day's activity: grep "Ban " /var/log/fail2ban.log \ | grep $(date +%Y-%m-%d) \ | awk '{print $NF}' | sort \ | awk '{print $1,"("$1")"}' \ | logresolve \ | uniq -c | sort -n ===================================================================================================== 24-01-02 # fail2ban-client status Status |- Number of jail: 1 `- Jail list: sshd [root@falcon-EduCld-RH8 log] 10:10:13 # fail2ban-client status sshd Status for the jail: sshd |- Filter | |- Currently failed: 4 | |- Total failed: 2881 | `- Journal matches: _SYSTEMD_UNIT=sshd.service + _COMM=sshd `- Actions |- Currently banned: 0 |- Total banned: 30 `- Banned IP list: ===================================================================================================== 24-02-14 Check if fail2ban is working https://www.the-art-of-web.com/system/fail2ban/ # zcat /var/log/secure* | grep 'Failed password' | grep sshd | awk '{print $1,$2}' | sort -k 1,1M -k 2n | uniq -c ===================================================================================================== 24-02-15 root@falcon-EduCld-RH8 passwd] 15:39:21 # /opt/sysadmin/common/phas_passwd/rmusr asbw ================================================================= For deleting users without prompting use: /opt/sysadmin/common/phas_passwd/rmusrNoprompt For deleting multiple users without prompting use: /opt/sysadmin/common/phas_passwd/rmusrMulti ================================================================= rmusr - will remove asbw Step 1 info on user {asbw}... ---- Continue (y*/n) ? print_user_info:: looking for user {asbw} user: asbw uid: 247 gid: 307 Supervisor: Dept Category: Emeritus Student #: 0 fullname: Bruce White Home dir: /home/asbw Expires: 2030-01-31 PCode: no pcode Comment: no comment Cron Tab: Does Not Exist /var/spool/cron/asbw Maildir: Exists ==> /mail/home/asbw Public HTML: Does Not Exist /www/pubHtml/asbw Pykota: pykota.user.id = 143 limitby = noquota balance = 0 SMB UID: 247 PDCacct: asbw ---------------------------------------- What to do with files in /home/asbw directory Del or Archive [Arch] > phas_PW::archive_files ans is [Arch] Okay to move /home/asbw directory to /home/asbw _DeleteME? [Y] > What to do with files in /mail/home/asbw directory Del or Archive [Arch] > Okay to delete files in /mail/home/asbw directory [Y] > Step 4 delete pykota info for {asbw}... ---- Continue (y*/n) ? call phas_Pykota::delete_User Step 5 delete SMB info for {asbw}... ---- Continue (y*/n) ? call phas_SMB::delete_User(asbw) Step 6 delete PDC account for user {asbw} ---- Continue (y*/n) ? call phas_PDC::delete_User(asbw) cmd is {/usr/bin/ssh administrator@phaspdc.phas.ubc.ca net user asbw /delete} if 0 The command completed successfully. Step 7 delete UNIX accounts for user {asbw} ---- Continue (y*/n) ? call phas_UNIX::(%user_info) Step 8 delete LDAP accounts for user {asbw} ---- Continue (y*/n) ? Step 9 update dbase01:sysadmin:phas_users database for user {asbw} ---- Continue (y*/n) ? ================================================================= Be sure to disable PHAS-VPN access for user. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-05-27" Shutdown scheduled for Mon 2024-05-27 23:41:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-06-06" Shutdown scheduled for Thu 2024-06-06 23:41:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-07-03" Shutdown scheduled for Wed 2024-07-03 23:41:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== 24-08-07 https://www.redhat.com/sysadmin/arp-versus-ip # arp -bash: arp: command not found # ip neigh show 142.103.51.253 dev ens192 lladdr 3c:57:31:bb:c9:42 STALE 142.103.51.252 dev ens192 lladdr 3c:57:31:bb:c9:82 STALE 142.103.51.15 dev ens192 lladdr 00:50:56:01:8f:66 REACHABLE 142.103.51.53 dev ens192 lladdr 00:50:56:01:20:77 STALE 142.103.51.60 dev ens192 lladdr 00:50:56:01:30:b9 STALE 142.103.51.13 dev ens192 lladdr 00:50:56:01:79:46 STALE 142.103.51.5 dev ens192 lladdr 00:50:56:01:92:b9 STALE 142.103.51.20 dev ens192 lladdr 00:50:56:01:9a:a4 STALE 142.103.51.12 dev ens192 lladdr 00:50:56:01:8f:39 REACHABLE 142.103.51.4 dev ens192 lladdr 00:50:56:01:64:42 STALE 142.103.51.68 dev ens192 lladdr 00:50:56:01:40:88 STALE 142.103.51.2 dev ens192 lladdr 00:50:56:01:5b:fc STALE 142.103.51.254 dev ens192 lladdr 00:00:0c:07:ac:00 REACHABLE 142.103.51.9 dev ens192 lladdr 00:50:56:01:78:28 STALE ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-08-20" Shutdown scheduled for Tue 2024-08-20 23:41:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== 24-08-21 # cd /etc/audit/ # diff auditd.conf auditd.conf.rpmnew 19c19 < space_left_action = EMAIL --- > space_left_action = SYSLOG 36c36 < q_depth = 400 --- > q_depth = 2000 39a40 > end_of_event_timeout = 2 # cp auditd.conf.rpmnew auditd.conf # systemctl status auditd ● auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: active (running) since Tue 2024-08-20 23:41:46 PDT; 9h ago Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Process: 977 ExecStartPost=/sbin/augenrules --load (code=exited, status=1/FAILURE) Process: 949 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS) Main PID: 974 (auditd) Tasks: 2 (limit: 17398) Memory: 3.3M CGroup: /system.slice/auditd.service └─974 /sbin/auditd Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: enabled 1 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: failure 1 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: pid 974 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: rate_limit 0 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: backlog_limit 8192 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: lost 0 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: backlog 24 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: backlog_wait_time 60000 Aug 20 23:41:46 falcon.phas.ubc.ca augenrules[1005]: backlog_wait_time_actual 0 Aug 20 23:41:46 falcon.phas.ubc.ca systemd[1]: Started Security Auditing Service. # service auditd restart Stopping logging: Redirecting start to /bin/systemctl start auditd.service # systemctl status auditd.service ● auditd.service - Security Auditing Service Loaded: loaded (/usr/lib/systemd/system/auditd.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2024-08-21 08:45:23 PDT; 3s ago Docs: man:auditd(8) https://github.com/linux-audit/audit-documentation Process: 226469 ExecStartPost=/sbin/augenrules --load (code=exited, status=1/FAILURE) Process: 226465 ExecStart=/sbin/auditd (code=exited, status=0/SUCCESS) Main PID: 226466 (auditd) Tasks: 2 (limit: 17398) Memory: 1.1M CGroup: /system.slice/auditd.service └─226466 /sbin/auditd Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: enabled 1 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: failure 1 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: pid 226466 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: rate_limit 0 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: backlog_limit 8192 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: lost 0 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: backlog 24 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: backlog_wait_time 60000 Aug 21 08:45:23 falcon.phas.ubc.ca augenrules[226491]: backlog_wait_time_actual 0 Aug 21 08:45:23 falcon.phas.ubc.ca systemd[1]: Started Security Auditing Service. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-08-30" Shutdown scheduled for Fri 2024-08-30 23:41:00 PDT, use 'shutdown -c' to cancel. ===================================================================================================== 24-09-13 When running rmuser script were getting errors: I receive the following errors when running rmusr script, and have to Ctrl-C to stop Step 7 and continue. Step 7 delete UNIX accounts for user {aditiadhikari} ---- Continue (y*/n) ?y call phas_UNIX::(%user_info) [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.23], expected [0.24] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.23], expected [0.24] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains with debug on: Debug [phas_UNIX::delete_Unix_user] --> userdel cmd on host [falcon.phas.ubc.ca] user is [ testb ] DEBUG in sub delete_Unix_user in phas_UNIX - host [falcon.phas.ubc.ca] user is [ testb ] Debug [phas_UNIX::delete_Unix_user] --> DEBUG in sub delete_Unix_user in phas_UNIX - userdel cmd on host [falcon.phas.ubc.ca] is [ /usr/sbin/userdel testb ] [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.23], expected [0.24] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains [sss_cache] [sysdb_domain_cache_connect] (0x0010): DB version too old [0.23], expected [0.24] for domain implicit_files! Higher version of database is expected! In order to upgrade the database, you must run SSSD. Removing cache files in /var/lib/sss/db should fix the issue, but note that removing cache files will also remove all of your cached credentials. Could not open available domains From https://access.redhat.com/solutions/7031304 # systemctl stop sssd ; rm -f /var/lib/sss/db/* ; systemctl start sssd # systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: inactive (dead) Condition: start condition failed at Fri 2024-08-30 23:42:08 PDT; 1 weeks 6 days ago ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met [root@falcon-EduCld-RH8 phas_passwd] 15:55:39 # systemctl stop sssd ; rm -f /var/lib/sss/db/* ; systemctl start sssd [root@falcon-EduCld-RH8 phas_passwd] 15:55:58 # systemctl status sssd ● sssd.service - System Security Services Daemon Loaded: loaded (/usr/lib/systemd/system/sssd.service; enabled; vendor preset: enabled) Active: inactive (dead) Condition: start condition failed at Fri 2024-09-13 15:55:58 PDT; 2s ago ├─ ConditionPathExists=|/etc/sssd/sssd.conf was not met └─ ConditionDirectoryNotEmpty=|/etc/sssd/conf.d was not met ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-11-06" Shutdown scheduled for Wed 2024-11-06 23:41:00 PST, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 24-12-02" Shutdown scheduled for Mon 2024-12-02 23:41:00 PST, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 25-01-03" Shutdown scheduled for Fri 2025-01-03 23:41:00 PST, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 25-01-09" Shutdown scheduled for Thu 2025-01-09 23:41:00 PST, use 'shutdown -c' to cancel. ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 11:41pm 25-02-03" Shutdown scheduled for Mon 2025-02-03 23:41:00 PST, use 'shutdown -c' to cancel. ========================================================================================= shutdown -r 23:41 "Maintenance reboot at 11:41pm 2025-02-06" USEC=1738914060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 11:41pm 2025-02-06 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-02-24" USEC=1740469260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-02-24 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-03-17" USEC=1742280060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-03-17 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-03-20" USEC=1742539260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-03-20 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-03-31" USEC=1743489660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-03-31 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-04-08" USEC=1744180860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-04-08 date -d @USEC ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-04-23" USEC=1745476860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-04-23 date -d @USEC ===================================================================================================== 25-04-28 # rkhunter --propupd # rkhunter --update # rkhunter -c ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-05-05" USEC=1746513660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-05-05 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-05-20" USEC=1747809660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-05-20 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-07-15" USEC=1752648060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-07-15 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-07-18" USEC=1752907260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-07-18 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-07-29" USEC=1753857660000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-07-29 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-08-11" USEC=1754980860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-08-11 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-08-12" USEC=1755067260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-08-12 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-08-21" USEC=1755844860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-08-21 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-08-27" USEC=1756363260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-08-27 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-08-27" USEC=1756363260000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-08-27 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-09-08" USEC=1757400060000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-09-08 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-09-15" USEC=1758004860000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-09-15 date -d @USEC ===================================================================================================== ===================================================================================================== # shutdown -r 23:41 "Maintenance reboot at 23:41pm 2025-10-24" USEC=1761374460000000 WARN_WALL=1 MODE=reboot WALL_MESSAGE=Maintenance reboot at 23:41pm 2025-10-24 date -d @USEC =====================================================================================================