我的 ubuntu 服务器防火墙阻止了我访问它的 IP

我的 ubuntu 服务器防火墙阻止了我访问它的 IP

我的 ubuntu 服务器防火墙阻止了我访问它的 IP。以下是iptables -L

Chain INPUT (policy DROP)
target     prot opt source               destination
DROP       all  --  192.168.1.1          anywhere
ufw-before-logging-input  all  --  anywhere             anywhere
ufw-before-input  all  --  anywhere             anywhere
ufw-after-input  all  --  anywhere             anywhere
ufw-after-logging-input  all  --  anywhere             anywhere
ufw-reject-input  all  --  anywhere             anywhere
ufw-track-input  all  --  anywhere             anywhere

Chain FORWARD (policy DROP)
target     prot opt source               destination
DROP       all  --  192.168.1.1          anywhere
ufw-before-logging-forward  all  --  anywhere             anywhere
ufw-before-forward  all  --  anywhere             anywhere
ufw-after-forward  all  --  anywhere             anywhere
ufw-after-logging-forward  all  --  anywhere             anywhere
ufw-reject-forward  all  --  anywhere             anywhere
ufw-track-forward  all  --  anywhere             anywhere

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination
ufw-before-logging-output  all  --  anywhere             anywhere
ufw-before-output  all  --  anywhere             anywhere
ufw-after-output  all  --  anywhere             anywhere
ufw-after-logging-output  all  --  anywhere             anywhere
ufw-reject-output  all  --  anywhere             anywhere
ufw-track-output  all  --  anywhere             anywhere

Chain ufw-after-forward (1 references)
target     prot opt source               destination

Chain ufw-after-input (1 references)
target     prot opt source               destination
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-ns
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:netbios-dgm
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:netbios-ssn
ufw-skip-to-policy-input  tcp  --  anywhere             anywhere             tcp dpt:microsoft-ds
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootps
ufw-skip-to-policy-input  udp  --  anywhere             anywhere             udp dpt:bootpc
ufw-skip-to-policy-input  all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST

Chain ufw-after-logging-forward (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-input (1 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-after-logging-output (1 references)
target     prot opt source               destination

Chain ufw-after-output (1 references)
target     prot opt source               destination

Chain ufw-before-forward (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ufw-user-forward  all  --  anywhere             anywhere

Chain ufw-before-input (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-logging-deny  all  --  anywhere             anywhere             ctstate INVALID
DROP       all  --  anywhere             anywhere             ctstate INVALID
ACCEPT     icmp --  anywhere             anywhere             icmp destination-unreachable
ACCEPT     icmp --  anywhere             anywhere             icmp source-quench
ACCEPT     icmp --  anywhere             anywhere             icmp time-exceeded
ACCEPT     icmp --  anywhere             anywhere             icmp parameter-problem
ACCEPT     icmp --  anywhere             anywhere             icmp echo-request
ACCEPT     udp  --  anywhere             anywhere             udp spt:bootps dpt:bootpc
ufw-not-local  all  --  anywhere             anywhere
ACCEPT     udp  --  anywhere             224.0.0.251          udp dpt:mdns
ACCEPT     udp  --  anywhere             239.255.255.250      udp dpt:1900
ufw-user-input  all  --  anywhere             anywhere

Chain ufw-before-logging-forward (1 references)
target     prot opt source               destination

Chain ufw-before-logging-input (1 references)
target     prot opt source               destination

Chain ufw-before-logging-output (1 references)
target     prot opt source               destination

Chain ufw-before-output (1 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere
ACCEPT     all  --  anywhere             anywhere             ctstate RELATED,ESTABLISHED
ufw-user-output  all  --  anywhere             anywhere

Chain ufw-logging-allow (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW ALLOW] "

Chain ufw-logging-deny (2 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ctstate INVALID limit: avg 3/min burst 10
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 10 LOG level warning prefix "[UFW BLOCK] "

Chain ufw-not-local (1 references)
target     prot opt source               destination
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type LOCAL
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type MULTICAST
RETURN     all  --  anywhere             anywhere             ADDRTYPE match dst-type BROADCAST
ufw-logging-deny  all  --  anywhere             anywhere             limit: avg 3/min burst 10
DROP       all  --  anywhere             anywhere

Chain ufw-reject-forward (1 references)
target     prot opt source               destination

Chain ufw-reject-input (1 references)
target     prot opt source               destination

Chain ufw-reject-output (1 references)
target     prot opt source               destination

Chain ufw-skip-to-policy-forward (0 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-input (7 references)
target     prot opt source               destination
DROP       all  --  anywhere             anywhere

Chain ufw-skip-to-policy-output (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-track-forward (1 references)
target     prot opt source               destination

Chain ufw-track-input (1 references)
target     prot opt source               destination

Chain ufw-track-output (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW
ACCEPT     udp  --  anywhere             anywhere             ctstate NEW

Chain ufw-user-forward (1 references)
target     prot opt source               destination

Chain ufw-user-input (1 references)
target     prot opt source               destination
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http
ACCEPT     udp  --  anywhere             anywhere             udp dpt:http
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:ssh
ACCEPT     udp  --  anywhere             anywhere             udp dpt:ssh
ACCEPT     tcp  --  anywhere             anywhere             tcp dpt:http /* 'dapp_Apache' */
ACCEPT     all  --  192.168.1.1          anywhere
ACCEPT     all  --  192.168.1.0/24       anywhere

Chain ufw-user-limit (0 references)
target     prot opt source               destination
LOG        all  --  anywhere             anywhere             limit: avg 3/min burst 5 LOG level warning prefix "[UFW LIMIT BLOCK] "
REJECT     all  --  anywhere             anywhere             reject-with icmp-port-unreachable

Chain ufw-user-limit-accept (0 references)
target     prot opt source               destination
ACCEPT     all  --  anywhere             anywhere

Chain ufw-user-logging-forward (0 references)
target     prot opt source               destination

Chain ufw-user-logging-input (0 references)
target     prot opt source               destination

Chain ufw-user-logging-output (0 references)
target     prot opt source               destination

Chain ufw-user-output (1 references)
target     prot opt source               destination

iptables -S

-P INPUT DROP
-P FORWARD DROP
-P OUTPUT ACCEPT
-N ufw-after-forward
-N ufw-after-input
-N ufw-after-logging-forward
-N ufw-after-logging-input
-N ufw-after-logging-output
-N ufw-after-output
-N ufw-before-forward
-N ufw-before-input
-N ufw-before-logging-forward
-N ufw-before-logging-input
-N ufw-before-logging-output
-N ufw-before-output
-N ufw-logging-allow
-N ufw-logging-deny
-N ufw-not-local
-N ufw-reject-forward
-N ufw-reject-input
-N ufw-reject-output
-N ufw-skip-to-policy-forward
-N ufw-skip-to-policy-input
-N ufw-skip-to-policy-output
-N ufw-track-forward
-N ufw-track-input
-N ufw-track-output
-N ufw-user-forward
-N ufw-user-input
-N ufw-user-limit
-N ufw-user-limit-accept
-N ufw-user-logging-forward
-N ufw-user-logging-input
-N ufw-user-logging-output
-N ufw-user-output
-A INPUT -j ufw-before-logging-input
-A INPUT -j ufw-before-input
-A INPUT -j ufw-after-input
-A INPUT -j ufw-after-logging-input
-A INPUT -j ufw-reject-input
-A INPUT -j ufw-track-input
-A FORWARD -j ufw-before-logging-forward
-A FORWARD -j ufw-before-forward
-A FORWARD -j ufw-after-forward
-A FORWARD -j ufw-after-logging-forward
-A FORWARD -j ufw-reject-forward
-A FORWARD -j ufw-track-forward
-A OUTPUT -j ufw-before-logging-output
-A OUTPUT -j ufw-before-output
-A OUTPUT -j ufw-after-output
-A OUTPUT -j ufw-after-logging-output
-A OUTPUT -j ufw-reject-output
-A OUTPUT -j ufw-track-output
-A ufw-after-input -p udp -m udp --dport 137 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 138 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 139 -j ufw-skip-to-policy-input
-A ufw-after-input -p tcp -m tcp --dport 445 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 67 -j ufw-skip-to-policy-input
-A ufw-after-input -p udp -m udp --dport 68 -j ufw-skip-to-policy-input
-A ufw-after-input -m addrtype --dst-type BROADCAST -j ufw-skip-to-policy-input
-A ufw-after-logging-forward -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-after-logging-input -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-before-forward -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-forward -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-forward -j ufw-user-forward
-A ufw-before-input -i lo -j ACCEPT
-A ufw-before-input -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-input -m conntrack --ctstate INVALID -j ufw-logging-deny
-A ufw-before-input -m conntrack --ctstate INVALID -j DROP
-A ufw-before-input -p icmp -m icmp --icmp-type 3 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 4 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 11 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 12 -j ACCEPT
-A ufw-before-input -p icmp -m icmp --icmp-type 8 -j ACCEPT
-A ufw-before-input -p udp -m udp --sport 67 --dport 68 -j ACCEPT
-A ufw-before-input -j ufw-not-local
-A ufw-before-input -d 224.0.0.251/32 -p udp -m udp --dport 5353 -j ACCEPT
-A ufw-before-input -d 239.255.255.250/32 -p udp -m udp --dport 1900 -j ACCEPT
-A ufw-before-input -j ufw-user-input
-A ufw-before-output -o lo -j ACCEPT
-A ufw-before-output -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A ufw-before-output -j ufw-user-output
-A ufw-logging-allow -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW ALLOW] "
-A ufw-logging-deny -m conntrack --ctstate INVALID -m limit --limit 3/min --limit-burst 10 -j RETURN
-A ufw-logging-deny -m limit --limit 3/min --limit-burst 10 -j LOG --log-prefix "[UFW BLOCK] "
-A ufw-not-local -m addrtype --dst-type LOCAL -j RETURN
-A ufw-not-local -m addrtype --dst-type MULTICAST -j RETURN
-A ufw-not-local -m addrtype --dst-type BROADCAST -j RETURN
-A ufw-not-local -m limit --limit 3/min --limit-burst 10 -j ufw-logging-deny
-A ufw-not-local -j DROP
-A ufw-skip-to-policy-forward -j DROP
-A ufw-skip-to-policy-input -j DROP
-A ufw-skip-to-policy-output -j ACCEPT
-A ufw-track-output -p tcp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-track-output -p udp -m conntrack --ctstate NEW -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 80 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 22 -j ACCEPT
-A ufw-user-input -p udp -m udp --dport 22 -j ACCEPT
-A ufw-user-input -p tcp -m tcp --dport 80 -m comment --comment "\'dapp_Apache\'" -j ACCEPT
-A ufw-user-input -s 192.168.1.1/32 -j ACCEPT
-A ufw-user-input -s 192.168.1.0/24 -j ACCEPT
-A ufw-user-limit -m limit --limit 3/min -j LOG --log-prefix "[UFW LIMIT BLOCK] "
-A ufw-user-limit -j REJECT --reject-with icmp-port-unreachable
-A ufw-user-limit-accept -j ACCEPT

我想知道是什么规则导致了这种情况。

DROP       all  --  192.168.1.1          anywhere

该规则会在设定的时间内自动添加和删除。

编辑:ps aux

root@buntubox-001:/var/www/html# ps aux
USER       PID %CPU %MEM    VSZ   RSS TTY      STAT START   TIME COMMAND
root         1  0.0  0.3 185172  4908 ?        Ss   Aug24   0:31 /sbin/init
root         2  0.0  0.0      0     0 ?        S    Aug24   0:00 [kthreadd]
root         3  0.0  0.0      0     0 ?        S    Aug24   0:04 [ksoftirqd/0]
root         5  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kworker/0:0H]
root         7  0.0  0.0      0     0 ?        S    Aug24   0:51 [rcu_sched]
root         8  0.0  0.0      0     0 ?        S    Aug24   0:00 [rcu_bh]
root         9  0.0  0.0      0     0 ?        S    Aug24   0:00 [migration/0]
root        10  0.0  0.0      0     0 ?        S    Aug24   0:03 [watchdog/0]
root        11  0.0  0.0      0     0 ?        S    Aug24   0:02 [watchdog/1]
root        12  0.0  0.0      0     0 ?        S    Aug24   0:00 [migration/1]
root        13  0.0  0.0      0     0 ?        S    Aug24   0:02 [ksoftirqd/1]
root        15  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kworker/1:0H]
root        16  0.0  0.0      0     0 ?        S    Aug24   0:00 [kdevtmpfs]
root        17  0.0  0.0      0     0 ?        S<   Aug24   0:00 [netns]
root        18  0.0  0.0      0     0 ?        S<   Aug24   0:00 [perf]
root        19  0.0  0.0      0     0 ?        S    Aug24   0:00 [khungtaskd]
root        20  0.0  0.0      0     0 ?        S<   Aug24   0:00 [writeback]
root        21  0.0  0.0      0     0 ?        SN   Aug24   0:00 [ksmd]
root        22  0.0  0.0      0     0 ?        SN   Aug24   0:04 [khugepaged]
root        23  0.0  0.0      0     0 ?        S<   Aug24   0:00 [crypto]
root        24  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kintegrityd]
root        25  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        26  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kblockd]
root        27  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ata_sff]
root        28  0.0  0.0      0     0 ?        S<   Aug24   0:00 [md]
root        29  0.0  0.0      0     0 ?        S<   Aug24   0:00 [devfreq_wq]
root        33  0.0  0.0      0     0 ?        S    Aug24   0:02 [kswapd0]
root        34  0.0  0.0      0     0 ?        S<   Aug24   0:00 [vmstat]
root        35  0.0  0.0      0     0 ?        S    Aug24   0:00 [fsnotify_mark]
root        36  0.0  0.0      0     0 ?        S    Aug24   0:00 [ecryptfs-kthrea]
root        52  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kthrotld]
root        53  0.0  0.0      0     0 ?        S<   Aug24   0:00 [acpi_thermal_pm]
root        54  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        55  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        56  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        57  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        58  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        59  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        60  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        61  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root        62  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_0]
root        63  0.0  0.0      0     0 ?        S<   Aug24   0:00 [scsi_tmf_0]
root        64  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_1]
root        65  0.0  0.0      0     0 ?        S<   Aug24   0:00 [scsi_tmf_1]
root        67  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_2]
root        68  0.0  0.0      0     0 ?        S<   Aug24   0:00 [scsi_tmf_2]
root        69  0.0  0.0      0     0 ?        S    Aug24   0:00 [scsi_eh_3]
root        70  0.0  0.0      0     0 ?        S<   Aug24   0:00 [scsi_tmf_3]
root        75  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ipv6_addrconf]
root        89  0.0  0.0      0     0 ?        S<   Aug24   0:00 [deferwq]
root        90  0.0  0.0      0     0 ?        S<   Aug24   0:00 [charger_manager]
root        92  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       132  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       133  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       134  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       135  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       136  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       137  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       138  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       139  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       141  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kpsmoused]
root       218  0.0  0.0      0     0 ?        S<   Aug24   0:00 [raid5wq]
root       244  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kdmflush]
root       245  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       254  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kdmflush]
root       255  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       268  0.0  0.0      0     0 ?        S<   Aug24   0:00 [bioset]
root       271  0.0  0.0      0     0 ?        S<   Aug24   0:02 [kworker/1:1H]
root       290  0.0  0.0      0     0 ?        S<   Aug24   0:00 [kworker/0:1H]
root       294  0.0  0.0      0     0 ?        S    Aug24   0:08 [jbd2/dm-0-8]
root       295  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ext4-rsv-conver]
root       346  0.0  0.0      0     0 ?        S    Aug24   0:00 [kauditd]
root       358  0.0  0.2  28992  3704 ?        Ss   Aug24   0:15 /lib/systemd/systemd-journald
root       377  0.0  0.0      0     0 ?        S<   Aug24   0:00 [iscsi_eh]
root       389  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ib_addr]
root       390  0.0  0.0 102972  1276 ?        Ss   Aug24   0:00 /sbin/lvmetad -f
root       395  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ib_mcast]
root       396  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ib_nl_sa_wq]
root       398  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ib_cm]
root       399  0.0  0.0      0     0 ?        S<   Aug24   0:00 [iw_cm_wq]
root       401  0.0  0.0      0     0 ?        S<   Aug24   0:00 [rdma_cm]
root       426  0.0  0.2  44788  3876 ?        Ss   Aug24   0:03 /lib/systemd/systemd-udevd
root       723  0.0  0.0      0     0 ?        S<   Aug24   0:00 [ext4-rsv-conver]
systemd+   828  0.0  0.1 100324  2140 ?        Ssl  Aug24   0:01 /lib/systemd/systemd-timesyncd
root       919  0.0  0.2 531376  4068 ?        Ssl  Aug24   0:17 /usr/bin/lxcfs /var/lib/lxcfs/
root       931  0.0  0.0   4400  1172 ?        Ss   Aug24   0:00 /usr/sbin/acpid
root       946  0.0  0.1  20104  2528 ?        Ss   Aug24   0:01 /lib/systemd/systemd-logind
root       953  0.0  0.3 275772  5120 ?        Ssl  Aug24   0:15 /usr/lib/accountsservice/accounts-daemon
message+   960  0.0  0.2  42912  3380 ?        Ss   Aug24   0:02 /usr/bin/dbus-daemon --system --address=systemd: --nofork --nopidfile --systemd-activati
syslog     965  0.0  0.2 256396  3060 ?        Ssl  Aug24   0:05 /usr/sbin/rsyslogd -n
root       967  0.0  0.1  29012  2588 ?        Ss   Aug24   0:02 /usr/sbin/cron -f
daemon     969  0.0  0.1  26048  1972 ?        Ss   Aug24   0:00 /usr/sbin/atd -f
root       971  0.0  0.8 303892 12544 ?        S<sl Aug24   2:41 /usr/lib/snapd/snapd
root      1050  0.0  0.3  65524  5516 ?        Ss   Aug24   0:02 /usr/sbin/sshd -D
root      1066  0.0  0.0  13376   148 ?        Ss   Aug24   0:00 /sbin/mdadm --monitor --pid-file /run/mdadm/monitor.pid --daemonise --scan --syslog
root      1075  0.0  0.0   5224   160 ?        Ss   Aug24   0:16 /sbin/iscsid
root      1079  0.0  0.2   5724  3504 ?        S<Ls Aug24   1:16 /sbin/iscsid
mysql     1090  0.0  4.2 1312684 64324 ?       Ssl  Aug24   8:15 /usr/sbin/mysqld
root      1173  0.0  0.0  15940  1468 tty1     Ss+  Aug24   0:00 /sbin/agetty --noclear tty1 linux
root      1182  0.0  0.0  19476   244 ?        Ss   Aug24   0:52 /usr/sbin/irqbalance --pid=/var/run/irqbalance.pid
root      1185  0.0  0.3 277184  4988 ?        Ssl  Aug24   0:00 /usr/lib/policykit-1/polkitd --no-debug
ossecm    1214  0.0  0.1  19356  1832 ?        S    Aug24   0:06 /var/ossec/bin/ossec-maild
root      1218  0.0  0.1  15040  1596 ?        S    Aug24   0:00 /var/ossec/bin/ossec-execd
ossec     1232  0.0  0.2  20444  4004 ?        S    Aug24   0:12 /var/ossec/bin/ossec-analysisd
root      1239  0.0  0.0   6648  1512 ?        S    Aug24   0:24 /var/ossec/bin/ossec-logcollector
root      1261  0.0  0.1   8680  2816 ?        S    Aug24   8:18 /var/ossec/bin/ossec-syscheckd
ossec     1265  0.0  0.1  15220  1752 ?        S    Aug24   0:01 /var/ossec/bin/ossec-monitord
root      1419  0.0  0.2  65408  3496 ?        Ss   Aug24   0:05 /usr/lib/postfix/sbin/master
postfix   1424  0.0  0.2  67644  3692 ?        S    Aug24   0:01 qmgr -l -t unix -u
root      9954  0.0  0.0      0     0 ?        S<   Aug29   0:00 [xfsalloc]
root      9955  0.0  0.0      0     0 ?        S<   Aug29   0:00 [xfs_mru_cache]
root      9958  0.0  0.0      0     0 ?        S    Aug29   0:00 [jfsIO]
root      9959  0.0  0.0      0     0 ?        S    Aug29   0:00 [jfsCommit]
root      9960  0.0  0.0      0     0 ?        S    Aug29   0:00 [jfsCommit]
root      9961  0.0  0.0      0     0 ?        S    Aug29   0:00 [jfsSync]
www-data 10878  0.0  0.8 390800 13072 ?        S    06:25   0:00 /usr/sbin/apache2 -k start
www-data 10879  0.0  0.5 390020  8392 ?        S    06:25   0:00 /usr/sbin/apache2 -k start
www-data 10880  0.0  0.5 390004  8392 ?        S    06:25   0:00 /usr/sbin/apache2 -k start
www-data 10881  0.0  0.5 390004  8392 ?        S    06:25   0:00 /usr/sbin/apache2 -k start
www-data 10882  0.0  0.5 390004  8392 ?        S    06:25   0:00 /usr/sbin/apache2 -k start
root     14046  0.0  0.0      0     0 ?        S    16:09   0:00 [kworker/0:1]
root     14198  0.0  0.0      0     0 ?        S    16:38   0:00 [kworker/1:2]
root     14199  0.0  0.0      0     0 ?        S    16:38   0:00 [kworker/u8:1]
root     14351  0.0  0.0      0     0 ?        S    17:09   0:00 [kworker/0:2]
root     14464  0.0  0.0      0     0 ?        S    17:39   0:00 [kworker/1:1]
root     14466  0.0  0.0      0     0 ?        S    17:39   0:00 [kworker/u8:2]
postfix  14495  0.0  0.2  67476  4372 ?        S    17:52   0:00 pickup -l -t unix -u -c
root     14585  0.0  0.0      0     0 ?        S    18:09   0:00 [kworker/0:0]
root     14586  0.0  0.0      0     0 ?        S    18:09   0:00 [kworker/u8:0]
www-data 14597  0.0  0.5 390004  8392 ?        S    18:11   0:00 /usr/sbin/apache2 -k start
root     14598  0.1  0.3  68084  6060 ?        Ss   18:11   0:00 sshd: root@pts/0
root     14600  1.0  0.2  19616  4564 pts/0    Ss   18:11   0:00 -bash
root     14613  0.0  0.1  34428  2792 pts/0    R+   18:11   0:00 ps aux
root     25501  0.0  2.5 389980 38340 ?        Ss   Aug24   0:25 /usr/sbin/apache2 -k start

OSSEC 日志

2017/09/25 02:07:55 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 09:20:06 rootcheck: INFO: Starting rootcheck scan.
2017/09/25 09:26:35 rootcheck: INFO: Ending rootcheck scan.
2017/09/25 14:22:08 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 17:44:05 ossec-maild(1223): ERROR: Error Sending email to smtp.live.com (smtp server)
2017/09/25 18:46:35 ossec-syscheckd: INFO: Starting syscheck scan.
2017/09/25 18:55:33 ossec-syscheckd: INFO: Ending syscheck scan.

相关内容