我的 ubuntu 服务器防火墙阻止了我访问它的 IP。以下是iptables -L
Chain INPUT (policy DROP)
target prot opt source destination
DROP all -- 192.168.1.1 anywhere
ufw-before-logging-input all -- anywhere anywhere
ufw-before-input all -- anywhere anywhere
ufw-after-input all -- anywhere anywhere
ufw-after-logging-input all -- anywhere anywhere
ufw-reject-input all -- anywhere anywhere
ufw-track-input all -- anywhere anywhere
Chain FORWARD (policy DROP)
target prot opt source destination
DROP all -- 192.168.1.1 anywhere
ufw-before-logging-forward all -- anywhere anywhere
ufw-before-forward all -- anywhere anywhere
ufw-after-forward all -- anywhere anywhere
ufw-after-logging-forward all -- anywhere anywhere
ufw-reject-forward all -- anywhere anywhere
ufw-track-forward all -- anywhere anywhere
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
ufw-before-logging-output all -- anywhere anywhere
ufw-before-output all -- anywhere anywhere
ufw-after-output all -- anywhere anywhere
ufw-after-logging-output all -- anywhere anywhere
ufw-reject-output all -- anywhere anywhere
ufw-track-output all -- anywhere anywhere
Chain ufw-after-forward (1 references)
target prot opt source destination
Chain ufw-after-input (1 references)
target prot opt source destination
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-ns
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:netbios-dgm
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:netbios-ssn
ufw-skip-to-policy-input tcp -- anywhere anywhere tcp dpt:microsoft-ds
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootps
ufw-skip-to-policy-input udp -- anywhere anywhere udp dpt:bootpc
ufw-skip-to-policy-input all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
Chain ufw-after-logging-forward (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-input (1 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-after-logging-output (1 references)
target prot opt source destination
Chain ufw-after-output (1 references)
target prot opt source destination
Chain ufw-before-forward (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ufw-user-forward all -- anywhere anywhere
Chain ufw-before-input (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-logging-deny all -- anywhere anywhere ctstate INVALID
DROP all -- anywhere anywhere ctstate INVALID
ACCEPT icmp -- anywhere anywhere icmp destination-unreachable
ACCEPT icmp -- anywhere anywhere icmp source-quench
ACCEPT icmp -- anywhere anywhere icmp time-exceeded
ACCEPT icmp -- anywhere anywhere icmp parameter-problem
ACCEPT icmp -- anywhere anywhere icmp echo-request
ACCEPT udp -- anywhere anywhere udp spt:bootps dpt:bootpc
ufw-not-local all -- anywhere anywhere
ACCEPT udp -- anywhere 224.0.0.251 udp dpt:mdns
ACCEPT udp -- anywhere 239.255.255.250 udp dpt:1900
ufw-user-input all -- anywhere anywhere
Chain ufw-before-logging-forward (1 references)
target prot opt source destination
Chain ufw-before-logging-input (1 references)
target prot opt source destination
Chain ufw-before-logging-output (1 references)
target prot opt source destination
Chain ufw-before-output (1 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
ACCEPT all -- anywhere anywhere ctstate RELATED,ESTABLISHED
ufw-user-output all -- anywhere anywhere
Chain ufw-logging-allow (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "
Chain ufw-logging-deny (2 references)
target prot opt source destination
RETURN all -- anywhere anywhere ctstate INVALID limit: avg 3/min burst 10
LOG all -- anywhere anywhere limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "
Chain ufw-not-local (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere ADDRTYPE match dst-type LOCAL
RETURN all -- anywhere anywhere ADDRTYPE match dst-type MULTICAST
RETURN all -- anywhere anywhere ADDRTYPE match dst-type BROADCAST
ufw-logging-deny all -- anywhere anywhere limit: avg 3/min burst 10
DROP all -- anywhere anywhere
Chain ufw-reject-forward (1 references)
target prot opt source destination
Chain ufw-reject-input (1 references)
target prot opt source destination
Chain ufw-reject-output (1 references)
target prot opt source destination
Chain ufw-skip-to-policy-forward (0 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-input (7 references)
target prot opt source destination
DROP all -- anywhere anywhere
Chain ufw-skip-to-policy-output (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-track-forward (1 references)
target prot opt source destination
Chain ufw-track-input (1 references)
target prot opt source destination
Chain ufw-track-output (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere ctstate NEW
ACCEPT udp -- anywhere anywhere ctstate NEW
Chain ufw-user-forward (1 references)
target prot opt source destination
Chain ufw-user-input (1 references)
target prot opt source destination
ACCEPT tcp -- anywhere anywhere tcp dpt:http
ACCEPT udp -- anywhere anywhere udp dpt:http
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT udp -- anywhere anywhere udp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:http /* 'dapp_Apache' */
ACCEPT all -- 192.168.1.1 anywhere
ACCEPT all -- 192.168.1.0/24 anywhere
Chain ufw-user-limit (0 references)
target prot opt source destination
LOG all -- anywhere anywhere limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT all -- anywhere anywhere reject-with icmp-port-unreachable
Chain ufw-user-limit-accept (0 references)
target prot opt source destination
ACCEPT all -- anywhere anywhere
Chain ufw-user-logging-forward (0 references)
target prot opt source destination
Chain ufw-user-logging-input (0 references)
target prot opt source destination
Chain ufw-user-logging-output (0 references)
target prot opt source destination
Chain ufw-user-output (1 references)
target prot opt source destination
iptables -S
-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -m comment --comment "\'dapp_Apache\'" -j ACCEPT
-A ufw-user-input -s 192.168.1.1/32 -j ACCEPT
-A ufw-user-input -s 192.168.1.0/24 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT
我想知道是什么规则导致了这种情况。
DROP all -- 192.168.1.1 anywhere
该规则会在设定的时间内自动添加和删除。
编辑:ps aux
root@buntubox-001:/var/www/html# ps aux
USER PID %CPU %MEM VSZ RSS TTY STAT START TIME COMMAND
root 1 0.0 0.3 185172 4908 ? Ss Aug24 0:31 /sbin/init
root 2 0.0 0.0 0 0 ? S Aug24 0:00 [kthreadd]
root 3 0.0 0.0 0 0 ? S Aug24 0:04 [ksoftirqd/0]
root 5 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:0H]
root 7 0.0 0.0 0 0 ? S Aug24 0:51 [rcu_sched]
root 8 0.0 0.0 0 0 ? S Aug24 0:00 [rcu_bh]
root 9 0.0 0.0 0 0 ? S Aug24 0:00 [migration/0]
root 10 0.0 0.0 0 0 ? S Aug24 0:03 [watchdog/0]
root 11 0.0 0.0 0 0 ? S Aug24 0:02 [watchdog/1]
root 12 0.0 0.0 0 0 ? S Aug24 0:00 [migration/1]
root 13 0.0 0.0 0 0 ? S Aug24 0:02 [ksoftirqd/1]
root 15 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/1:0H]
root 16 0.0 0.0 0 0 ? S Aug24 0:00 [kdevtmpfs]
root 17 0.0 0.0 0 0 ? S< Aug24 0:00 [netns]
root 18 0.0 0.0 0 0 ? S< Aug24 0:00 [perf]
root 19 0.0 0.0 0 0 ? S Aug24 0:00 [khungtaskd]
root 20 0.0 0.0 0 0 ? S< Aug24 0:00 [writeback]
root 21 0.0 0.0 0 0 ? SN Aug24 0:00 [ksmd]
root 22 0.0 0.0 0 0 ? SN Aug24 0:04 [khugepaged]
root 23 0.0 0.0 0 0 ? S< Aug24 0:00 [crypto]
root 24 0.0 0.0 0 0 ? S< Aug24 0:00 [kintegrityd]
root 25 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 26 0.0 0.0 0 0 ? S< Aug24 0:00 [kblockd]
root 27 0.0 0.0 0 0 ? S< Aug24 0:00 [ata_sff]
root 28 0.0 0.0 0 0 ? S< Aug24 0:00 [md]
root 29 0.0 0.0 0 0 ? S< Aug24 0:00 [devfreq_wq]
root 33 0.0 0.0 0 0 ? S Aug24 0:02 [kswapd0]
root 34 0.0 0.0 0 0 ? S< Aug24 0:00 [vmstat]
root 35 0.0 0.0 0 0 ? S Aug24 0:00 [fsnotify_mark]
root 36 0.0 0.0 0 0 ? S Aug24 0:00 [ecryptfs-kthrea]
root 52 0.0 0.0 0 0 ? S< Aug24 0:00 [kthrotld]
root 53 0.0 0.0 0 0 ? S< Aug24 0:00 [acpi_thermal_pm]
root 54 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 55 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 56 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 57 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 58 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 59 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 60 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 61 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 62 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_0]
root 63 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_0]
root 64 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_1]
root 65 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_1]
root 67 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_2]
root 68 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_2]
root 69 0.0 0.0 0 0 ? S Aug24 0:00 [scsi_eh_3]
root 70 0.0 0.0 0 0 ? S< Aug24 0:00 [scsi_tmf_3]
root 75 0.0 0.0 0 0 ? S< Aug24 0:00 [ipv6_addrconf]
root 89 0.0 0.0 0 0 ? S< Aug24 0:00 [deferwq]
root 90 0.0 0.0 0 0 ? S< Aug24 0:00 [charger_manager]
root 92 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 132 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 133 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 134 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 135 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 136 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 137 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 138 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 139 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 141 0.0 0.0 0 0 ? S< Aug24 0:00 [kpsmoused]
root 218 0.0 0.0 0 0 ? S< Aug24 0:00 [raid5wq]
root 244 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush]
root 245 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 254 0.0 0.0 0 0 ? S< Aug24 0:00 [kdmflush]
root 255 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 268 0.0 0.0 0 0 ? S< Aug24 0:00 [bioset]
root 271 0.0 0.0 0 0 ? S< Aug24 0:02 [kworker/1:1H]
root 290 0.0 0.0 0 0 ? S< Aug24 0:00 [kworker/0:1H]
root 294 0.0 0.0 0 0 ? S Aug24 0:08 [jbd2/dm-0-8]
root 295 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver]
root 346 0.0 0.0 0 0 ? S Aug24 0:00 [kauditd]
root 358 0.0 0.2 28992 3704 ? Ss Aug24 0:15 /lib/systemd/systemd-journald
root 377 0.0 0.0 0 0 ? S< Aug24 0:00 [iscsi_eh]
root 389 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_addr]
root 390 0.0 0.0 102972 1276 ? Ss Aug24 0:00 /sbin/lvmetad -f
root 395 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_mcast]
root 396 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_nl_sa_wq]
root 398 0.0 0.0 0 0 ? S< Aug24 0:00 [ib_cm]
root 399 0.0 0.0 0 0 ? S< Aug24 0:00 [iw_cm_wq]
root 401 0.0 0.0 0 0 ? S< Aug24 0:00 [rdma_cm]
root 426 0.0 0.2 44788 3876 ? Ss Aug24 0:03 /lib/systemd/systemd-udevd
root 723 0.0 0.0 0 0 ? S< Aug24 0:00 [ext4-rsv-conver]
systemd+ 828 0.0 0.1 100324 2140 ? Ssl Aug24 0:01 /lib/systemd/systemd-timesyncd
root 919 0.0 0.2 531376 4068 ? Ssl Aug24 0:17 /usr/bin/lxcfs /var/lib/lxcfs/
root 931 0.0 0.0 4400 1172 ? Ss Aug24 0:00 /usr/sbin/acpid
root 946 0.0 0.1 20104 2528 ? Ss Aug24 0:01 /lib/systemd/systemd-logind
root 953 0.0 0.3 275772 5120 ? Ssl Aug24 0:15 /usr/lib/accountsservice/accounts-daemon
message+ 960 0.0 0.2 42912 3380 ? Ss Aug24 0:02 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activati
syslog 965 0.0 0.2 256396 3060 ? Ssl Aug24 0:05 /usr/sbin/rsyslogd -n
root 967 0.0 0.1 29012 2588 ? Ss Aug24 0:02 /usr/sbin/cron -f
daemon 969 0.0 0.1 26048 1972 ? Ss Aug24 0:00 /usr/sbin/atd -f
root 971 0.0 0.8 303892 12544 ? S<sl Aug24 2:41 /usr/lib/snapd/snapd
root 1050 0.0 0.3 65524 5516 ? Ss Aug24 0:02 /usr/sbin/sshd -D
root 1066 0.0 0.0 13376 148 ? Ss Aug24 0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
root 1075 0.0 0.0 5224 160 ? Ss Aug24 0:16 /sbin/iscsid
root 1079 0.0 0.2 5724 3504 ? S<Ls Aug24 1:16 /sbin/iscsid
mysql 1090 0.0 4.2 1312684 64324 ? Ssl Aug24 8:15 /usr/sbin/mysqld
root 1173 0.0 0.0 15940 1468 tty1 Ss+ Aug24 0:00 /sbin/agetty --noclear tty1 linux
root 1182 0.0 0.0 19476 244 ? Ss Aug24 0:52 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
root 1185 0.0 0.3 277184 4988 ? Ssl Aug24 0:00 /usr/lib/policykit-1/polkitd --no-debug
ossecm 1214 0.0 0.1 19356 1832 ? S Aug24 0:06 /var/ossec/bin/ossec-maild
root 1218 0.0 0.1 15040 1596 ? S Aug24 0:00 /var/ossec/bin/ossec-execd
ossec 1232 0.0 0.2 20444 4004 ? S Aug24 0:12 /var/ossec/bin/ossec-analysisd
root 1239 0.0 0.0 6648 1512 ? S Aug24 0:24 /var/ossec/bin/ossec-logcollector
root 1261 0.0 0.1 8680 2816 ? S Aug24 8:18 /var/ossec/bin/ossec-syscheckd
ossec 1265 0.0 0.1 15220 1752 ? S Aug24 0:01 /var/ossec/bin/ossec-monitord
root 1419 0.0 0.2 65408 3496 ? Ss Aug24 0:05 /usr/lib/postfix/sbin/master
postfix 1424 0.0 0.2 67644 3692 ? S Aug24 0:01 qmgr -l -t unix -u
root 9954 0.0 0.0 0 0 ? S< Aug29 0:00 [xfsalloc]
root 9955 0.0 0.0 0 0 ? S< Aug29 0:00 [xfs_mru_cache]
root 9958 0.0 0.0 0 0 ? S Aug29 0:00 [jfsIO]
root 9959 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit]
root 9960 0.0 0.0 0 0 ? S Aug29 0:00 [jfsCommit]
root 9961 0.0 0.0 0 0 ? S Aug29 0:00 [jfsSync]
www-data 10878 0.0 0.8 390800 13072 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 10879 0.0 0.5 390020 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 10880 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 10881 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start
www-data 10882 0.0 0.5 390004 8392 ? S 06:25 0:00 /usr/sbin/apache2 -k start
root 14046 0.0 0.0 0 0 ? S 16:09 0:00 [kworker/0:1]
root 14198 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/1:2]
root 14199 0.0 0.0 0 0 ? S 16:38 0:00 [kworker/u8:1]
root 14351 0.0 0.0 0 0 ? S 17:09 0:00 [kworker/0:2]
root 14464 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/1:1]
root 14466 0.0 0.0 0 0 ? S 17:39 0:00 [kworker/u8:2]
postfix 14495 0.0 0.2 67476 4372 ? S 17:52 0:00 pickup -l -t unix -u -c
root 14585 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/0:0]
root 14586 0.0 0.0 0 0 ? S 18:09 0:00 [kworker/u8:0]
www-data 14597 0.0 0.5 390004 8392 ? S 18:11 0:00 /usr/sbin/apache2 -k start
root 14598 0.1 0.3 68084 6060 ? Ss 18:11 0:00 sshd: root@pts/0
root 14600 1.0 0.2 19616 4564 pts/0 Ss 18:11 0:00 -bash
root 14613 0.0 0.1 34428 2792 pts/0 R+ 18:11 0:00 ps aux
root 25501 0.0 2.5 389980 38340 ? Ss Aug24 0:25 /usr/sbin/apache2 -k start
OSSEC 日志
2017/09/25 02:07:55 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 09:20:06 rootcheck: INFO: Starting rootcheck scan.
2017/09/25 09:26:35 rootcheck: INFO: Ending rootcheck scan.
2017/09/25 14:22:08 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 17:44:05 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 18:46:35 ossec-syscheckd: INFO: Starting syscheck scan.
2017/09/25 18:55:33 ossec-syscheckd: INFO: Ending syscheck scan.