From: Frank Brehm Date: Fri, 21 Jul 2017 04:36:22 +0000 (+0200) Subject: daily autocommit X-Git-Url: https://git.uhu-banane.org/?a=commitdiff_plain;h=aee34c80809f99c888ef47908fcdbbfcb98e76ce;p=config%2Fsarah%2Fetc.git daily autocommit --- diff --git a/iptables/rules.v4 b/iptables/rules.v4 index 01d9d26..8576690 100644 --- a/iptables/rules.v4 +++ b/iptables/rules.v4 @@ -1,9 +1,18 @@ -# Generated by iptables-save v1.6.0 on Wed Jul 19 21:42:25 2017 +# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017 +*nat +:PREROUTING ACCEPT [7691:490389] +:INPUT ACCEPT [1504:145068] +:OUTPUT ACCEPT [9822:727415] +:POSTROUTING ACCEPT [9822:727415] +COMMIT +# Completed on Thu Jul 20 10:13:13 2017 +# Generated by iptables-save v1.6.0 on Thu Jul 20 10:13:13 2017 *filter :INPUT DROP [0:0] :FORWARD DROP [0:0] -:OUTPUT ACCEPT [66:13536] +:OUTPUT ACCEPT [120:16499] :mysql - [0:0] +:rejects - [0:0] -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 80,443,25,587,110,995,143,993,4190 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 222.184.0.0/13 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable -A INPUT -s 220.192.0.0/12 -p tcp -m multiport --dports 22 -j REJECT --reject-with icmp-port-unreachable @@ -23,6 +32,7 @@ -A INPUT -p tcp -m tcp --dport 993 -j ACCEPT -A INPUT -p tcp -m tcp --dport 4190 -j ACCEPT -A INPUT -p tcp -m tcp --dport 3306 -j mysql +-A INPUT -j rejects -A INPUT -j NFLOG --nflog-prefix "INPUT Reject " --nflog-threshold 1 -A INPUT -j REJECT --reject-with icmp-port-unreachable -A mysql -s 127.0.0.1/32 -j ACCEPT @@ -31,13 +41,17 @@ -A mysql -s 10.12.20.2/32 -j ACCEPT -A mysql -j NFLOG --nflog-prefix "MySQL Reject " --nflog-threshold 1 -A mysql -j REJECT --reject-with icmp-port-unreachable +-A rejects -s 134.119.179.226/32 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 23 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 445 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 137 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1433 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 1900 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 2323 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 3389 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p udp -m udp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 5060 -j REJECT --reject-with icmp-port-unreachable +-A rejects -p tcp -m tcp --dport 8080 -j REJECT --reject-with icmp-port-unreachable COMMIT -# Completed on Wed Jul 19 21:42:25 2017 -# Generated by iptables-save v1.6.0 on Wed Jul 19 21:42:25 2017 -*nat -:PREROUTING ACCEPT [76:3960] -:INPUT ACCEPT [23:1804] -:OUTPUT ACCEPT [19:1598] -:POSTROUTING ACCEPT [19:1598] -COMMIT -# Completed on Wed Jul 19 21:42:25 2017 +# Completed on Thu Jul 20 10:13:13 2017 diff --git a/iptables/rules.v6 b/iptables/rules.v6 index 10c2a10..26f60a1 100644 --- a/iptables/rules.v6 +++ b/iptables/rules.v6 @@ -1,8 +1,8 @@ -# Generated by ip6tables-save v1.6.0 on Wed Jul 19 21:42:25 2017 +# Generated by ip6tables-save v1.6.0 on Thu Jul 20 10:13:13 2017 *filter :INPUT DROP [0:0] :FORWARD ACCEPT [0:0] -:OUTPUT ACCEPT [0:0] +:OUTPUT ACCEPT [67:4588] :mysql - [0:0] -A INPUT -m conntrack --ctstate ESTABLISHED -j ACCEPT -A INPUT -m conntrack --ctstate RELATED -j ACCEPT @@ -25,4 +25,4 @@ -A mysql -j NFLOG --nflog-prefix "IPv6 MySQL Reject " --nflog-threshold 1 -A mysql -j REJECT --reject-with icmp6-port-unreachable COMMIT -# Completed on Wed Jul 19 21:42:25 2017 +# Completed on Thu Jul 20 10:13:13 2017 diff --git a/logwatch/conf/services/iptables.conf b/logwatch/conf/services/iptables.conf index 854e310..36d66da 100644 --- a/logwatch/conf/services/iptables.conf +++ b/logwatch/conf/services/iptables.conf @@ -24,12 +24,12 @@ $iptables_ip_lookup = Yes # Set this to enable a filter on iptables/ipchains displays # This will block out hosts who have less than the specified # number of hits between all ports. Defaults to 0. -$iptables_host_min_count = 0 +$iptables_host_min_count = 5 # If both of the following settings are enabled, two output lists # will be produced. If none is set, the old style output is prduced. # Set this to generate old style output (sorted by source hosts) -#$iptables_list_by_host = 0 +$iptables_list_by_host = 1 # Set this to generate new style output (sorted by targeted service) $iptables_list_by_service = 1 diff --git a/motd b/motd index 46dec07..1cc5394 100644 --- a/motd +++ b/motd @@ -6,8 +6,8 @@ Debian GNU/Linux 9.0 (stretch) |____/ \__,_|_| \__,_|_| |_| -Abwesenheit kann das Leben retten. -Die meisten, die starben, waren dabei in der Nähe! +Reue ist Verstand, der zu spät kommt. + -- Ernst Freiherr von Feuchtersleben -Today is Sweetmorn, the 55th day of Confusion in the YOLD 3183 +Today is Boomtime, the 56th day of Confusion in the YOLD 3183