ubuntuusers.de

via DuckDuckGo

Ubuntu 24.04 LTS server .. /etc/resolv.conf

Status: Gelöst | Ubuntu-Version: Ubuntu 24.04 (Noble Numbat)
Antworten |

Colognier

Avatar von Colognier

Anmeldungsdatum:
28. April 2022

Beiträge: 28
Zitieren
3. Juni 2024 21:31 (zuletzt bearbeitet: 3. Juni 2024 21:53)

Moin zusammen, ich betreibe Ubuntu 24.04 LTS Server (headless) mit DNS und slavery für den primary an einem handelsüblichen DSL Anschluss.

In der weltweiten Warteschlange gibt es verschiedene Workaraounds um die "eigene .. /etc/resolv.conf" im System fest zuklopfen. Bei Ubuntu 20.04.x hat das wunderbar funktioniert.

Bei Unbuntu 24.04 wird meine eigene "/etc/resolv.conf" regelmässig überschrieben das auf Apache Systemdienste wie z.b. "fail2ban" und auch für "apt update && apt upgrade -y" fatale Auswirkungen hat.

Hier einen Auszug einer Fail2ban Mail in der eine whois Abfrage mit MEINEM DNS funktioniert:

Hi,

The IP 78.153.140.179 has just been banned by Fail2Ban after
1 attempts against apache-modsecurity.


Here is more information about 78.153.140.179 :
% This is the RIPE Database query service.
% The objects are in RPSL format.
%
% The RIPE Database is subject to Terms and Conditions.
% See https://apps.db.ripe.net/docs/HTML-Terms-And-Conditions

% Note: this output has been filtered.
%       To receive output for a database update, use the "-B" flag.

% Information related to '78.153.140.0 - 78.153.140.255'

% Abuse contact for '78.153.140.0 - 78.153.140.255' is 'abuse@hostglobal.plus'

inetnum:        78.153.140.0 - 78.153.140.255
netname:        HostGlobalPlus
mnt-domains:    MNT-HOSTGLOBALPLUS
mnt-routes:     MNT-HOSTGLOBALPLUS
org:            ORG-HL257-RIPE
country:        GB
geofeed:        https://hostglobal.plus/geofeeds.csv
remarks:        Geofeed https://hostglobal.plus/geofeeds.csv
admin-c:        AE5332-RIPE
tech-c:         AE5332-RIPE
status:         ASSIGNED PA
mnt-by:         MNT-HOSTGLOBALPLUS
mnt-by:         MNT-INTERLAN
created:        2008-10-13T12:31:10Z
last-modified:  2023-10-31T14:57:12Z
source:         RIPE

organisation:   ORG-HL257-RIPE
org-name:       HOSTGLOBAL.PLUS LTD
country:        GB
org-type:       OTHER
address:        20-22 Wenlock Road, London, England, N1 7GU
abuse-c:        ACRO16672-RIPE
mnt-ref:        NETWORK-SUPPORT-MNT
mnt-ref:        MNT-INTERLAN
mnt-by:         MNT-HOSTGLOBALPLUS
created:        2021-03-12T11:14:31Z
last-modified:  2022-12-29T12:38:19Z
source:         RIPE # Filtered

person:         Aleksei Efimov
address:        20-22 Wenlock Road, London, England, N1 7GU
phone:          +447441429374
nic-hdl:        AE5332-RIPE
mnt-by:         MNT-HOSTGLOBALPLUS
created:        2018-06-08T07:28:40Z
last-modified:  2021-06-03T11:03:12Z
source:         RIPE

% Information related to '78.153.140.0/24AS202306'

route:          78.153.140.0/24
origin:         AS202306
mnt-by:         MNT-INTERLAN
created:        2023-10-26T15:00:14Z
last-modified:  2023-10-26T15:00:14Z
source:         RIPE

% This query was served by the RIPE Database Query Service version 1.112 (SHETLAND)



Lines containing failures of 78.153.140.179 (max 1000)
/var/log/apache2/error.log:[Wed May 08 11:25:41.179158 2024] [security2:error] [pid 28899] [client 78.153.140.179:59362] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.86.227"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.86.227"] [uri "/.env"] [unique_id "ZjtFFRli7-MTI-aIkxzyZwAAAAM"]
/var/log/apache2/error.log:[Wed May 08 11:25:41.180955 2024] [security2:error] [pid 28899] [client 78.153.140.179:59362] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.247.86.227"] [uri "/.env"] [unique_id "ZjtFFRli7-MTI-aIkxzyZwAAAAM"]
/var/log/apache2/error.log:[Wed May 08 11:25:41.181991 2024] [security2:error] [pid 28899] [client 78.153.140.179:59362] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.86.227"] [uri "/.env"] [unique_id "ZjtFFRli7-MTI-aIkxzyZwAAAAM"]
/var/log/apache2/error.log:[Wed May 08 11:25:41.182784 2024] [security2:error] [pid 28899] [client 78.153.140.179:59362] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.86.227"] [uri "/.env"] [unique_id "ZjtFFRli7-MTI-aIkxzyZwAAAAM"]
/var/log/apache2/error.log:[Fri May 10 17:25:20.442487 2024] [security2:error] [pid 29497] [client 78.153.140.179:51150] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.245.3.195"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.245.3.195"] [uri "/.env"] [unique_id "Zj48YDWbwuZfrsoH5Z4q_AAAAAY"]
/var/log/apache2/error.log:[Fri May 10 17:25:20.444029 2024] [security2:error] [pid 29497] [client 78.153.140.179:51150] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.245.3.195"] [uri "/.env"] [unique_id "Zj48YDWbwuZfrsoH5Z4q_AAAAAY"]
/var/log/apache2/error.log:[Fri May 10 17:25:20.445369 2024] [security2:error] [pid 29497] [client 78.153.140.179:51150] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.245.3.195"] [uri "/.env"] [unique_id "Zj48YDWbwuZfrsoH5Z4q_AAAAAY"]
/var/log/apache2/error.log:[Fri May 10 17:25:20.446651 2024] [security2:error] [pid 29497] [client 78.153.140.179:51150] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.245.3.195"] [uri "/.env"] [unique_id "Zj48YDWbwuZfrsoH5Z4q_AAAAAY"]
/var/log/apache2/error.log:[Mon May 13 02:07:14.470880 2024] [security2:error] [pid 28899] [client 78.153.140.179:37222] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.245.8.200"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.245.8.200"] [uri "/.env"] [unique_id "ZkFZshli7-MTI-aIkxzzkwAAAAM"]
/var/log/apache2/error.log:[Mon May 13 02:07:14.472493 2024] [security2:error] [pid 28899] [client 78.153.140.179:37222] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.245.8.200"] [uri "/.env"] [unique_id "ZkFZshli7-MTI-aIkxzzkwAAAAM"]
/var/log/apache2/error.log:[Mon May 13 02:07:14.473830 2024] [security2:error] [pid 28899] [client 78.153.140.179:37222] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.245.8.200"] [uri "/.env"] [unique_id "ZkFZshli7-MTI-aIkxzzkwAAAAM"]
/var/log/apache2/error.log:[Mon May 13 02:07:14.475152 2024] [security2:error] [pid 28899] [client 78.153.140.179:37222] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.245.8.200"] [uri "/.env"] [unique_id "ZkFZshli7-MTI-aIkxzzkwAAAAM"]
/var/log/apache2/error.log:[Fri May 17 05:45:45.097911 2024] [security2:error] [pid 128872] [client 78.153.140.179:59518] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.157.16"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.157.16"] [uri "/.env"] [unique_id "ZkbS6XaJNxK4dh7gdczvZwAAAAI"]
/var/log/apache2/error.log:[Fri May 17 05:45:45.099213 2024] [security2:error] [pid 128872] [client 78.153.140.179:59518] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.247.157.16"] [uri "/.env"] [unique_id "ZkbS6XaJNxK4dh7gdczvZwAAAAI"]
/var/log/apache2/error.log:[Fri May 17 05:45:45.100218 2024] [security2:error] [pid 128872] [client 78.153.140.179:59518] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.157.16"] [uri "/.env"] [unique_id "ZkbS6XaJNxK4dh7gdczvZwAAAAI"]
/var/log/apache2/error.log:[Fri May 17 05:45:45.101205 2024] [security2:error] [pid 128872] [client 78.153.140.179:59518] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.157.16"] [uri "/.env"] [unique_id "ZkbS6XaJNxK4dh7gdczvZwAAAAI"]
/var/log/apache2/error.log:[Sun May 19 20:57:37.616581 2024] [security2:error] [pid 135175] [client 78.153.140.179:34176] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.144.227"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.144.227"] [uri "/.env"] [unique_id "ZkpLobr9wx19mGqB7yShtgAAAAY"]
/var/log/apache2/error.log:[Sun May 19 20:57:37.617634 2024] [security2:error] [pid 135175] [client 78.153.140.179:34176] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.247.144.227"] [uri "/.env"] [unique_id "ZkpLobr9wx19mGqB7yShtgAAAAY"]
/var/log/apache2/error.log:[Sun May 19 20:57:37.618589 2024] [security2:error] [pid 135175] [client 78.153.140.179:34176] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.144.227"] [uri "/.env"] [unique_id "ZkpLobr9wx19mGqB7yShtgAAAAY"]
/var/log/apache2/error.log:[Sun May 19 20:57:37.619562 2024] [security2:error] [pid 135175] [client 78.153.140.179:34176] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.144.227"] [uri "/.env"] [unique_id "ZkpLobr9wx19mGqB7yShtgAAAAY"]
/var/log/apache2/error.log:[Tue May 21 19:45:40.446942 2024] [security2:error] [pid 171953] [client 78.153.140.179:41964] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.245.10.68"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.245.10.68"] [uri "/.env"] [unique_id "ZkzdxJ-qeLyx3-MEd7AIFQAAAAQ"]
/var/log/apache2/error.log:[Tue May 21 19:45:40.448528 2024] [security2:error] [pid 171953] [client 78.153.140.179:41964] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.245.10.68"] [uri "/.env"] [unique_id "ZkzdxJ-qeLyx3-MEd7AIFQAAAAQ"]
/var/log/apache2/error.log:[Tue May 21 19:45:40.450017 2024] [security2:error] [pid 171953] [client 78.153.140.179:41964] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.245.10.68"] [uri "/.env"] [unique_id "ZkzdxJ-qeLyx3-MEd7AIFQAAAAQ"]
/var/log/apache2/error.log:[Tue May 21 19:45:40.451693 2024] [security2:error] [pid 171953] [client 78.153.140.179:41964] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.245.10.68"] [uri "/.env"] [unique_id "ZkzdxJ-qeLyx3-MEd7AIFQAAAAQ"]
/var/log/apache2/error.log:[Fri May 24 00:58:33.630965 2024] [security2:error] [pid 172779] [client 78.153.140.179:60310] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.245.1.93"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.245.1.93"] [uri "/.env"] [unique_id "Zk_KGVcoytlyyvBK74HugwAAAAY"]
/var/log/apache2/error.log:[Fri May 24 00:58:33.632733 2024] [security2:error] [pid 172779] [client 78.153.140.179:60310] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.245.1.93"] [uri "/.env"] [unique_id "Zk_KGVcoytlyyvBK74HugwAAAAY"]
/var/log/apache2/error.log:[Fri May 24 00:58:33.633674 2024] [security2:error] [pid 172779] [client 78.153.140.179:60310] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.245.1.93"] [uri "/.env"] [unique_id "Zk_KGVcoytlyyvBK74HugwAAAAY"]
/var/log/apache2/error.log:[Fri May 24 00:58:33.634574 2024] [security2:error] [pid 172779] [client 78.153.140.179:60310] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.245.1.93"] [uri "/.env"] [unique_id "Zk_KGVcoytlyyvBK74HugwAAAAY"]
/var/log/apache2/error.log:[Sat May 25 22:01:57.750748 2024] [security2:error] [pid 215184] [client 78.153.140.179:58198] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.245.106.226"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.245.106.226"] [uri "/.env"] [unique_id "ZlJDtWyKLHpW-9T-sRweXQAAAAM"]
/var/log/apache2/error.log:[Sat May 25 22:01:57.752304 2024] [security2:error] [pid 215184] [client 78.153.140.179:58198] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.245.106.226"] [uri "/.env"] [unique_id "ZlJDtWyKLHpW-9T-sRweXQAAAAM"]
/var/log/apache2/error.log:[Sat May 25 22:01:57.753791 2024] [security2:error] [pid 215184] [client 78.153.140.179:58198] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.245.106.226"] [uri "/.env"] [unique_id "ZlJDtWyKLHpW-9T-sRweXQAAAAM"]
/var/log/apache2/error.log:[Sat May 25 22:01:57.755077 2024] [security2:error] [pid 215184] [client 78.153.140.179:58198] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.245.106.226"] [uri "/.env"] [unique_id "ZlJDtWyKLHpW-9T-sRweXQAAAAM"]
/var/log/apache2/error.log:[Mon May 27 13:55:11.291339 2024] [security2:error] [pid 215182] [client 78.153.140.179:39514] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "87.123.89.240"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "87.123.89.240"] [uri "/.env"] [unique_id "ZlR0n_qCfaM48CCqpUWhCAAAAAE"]
/var/log/apache2/error.log:[Mon May 27 13:55:11.293066 2024] [security2:error] [pid 215182] [client 78.153.140.179:39514] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "87.123.89.240"] [uri "/.env"] [unique_id "ZlR0n_qCfaM48CCqpUWhCAAAAAE"]
/var/log/apache2/error.log:[Mon May 27 13:55:11.294672 2024] [security2:error] [pid 215182] [client 78.153.140.179:39514] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "87.123.89.240"] [uri "/.env"] [unique_id "ZlR0n_qCfaM48CCqpUWhCAAAAAE"]
/var/log/apache2/error.log:[Mon May 27 13:55:11.295568 2024] [security2:error] [pid 215182] [client 78.153.140.179:39514] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "87.123.89.240"] [uri "/.env"] [unique_id "ZlR0n_qCfaM48CCqpUWhCAAAAAE"]
/var/log/apache2/error.log:[Sat Jun 01 14:38:01.716506 2024] [security2:error] [pid 1632] [client 78.153.140.179:38252] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.81.214"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.81.214"] [uri "/.env"] [unique_id "ZlsWKcoHYRr1GJn-tR9RnQAAAAQ"]
/var/log/apache2/error.log:[Sat Jun 01 14:38:01.718285 2024] [security2:error] [pid 1632] [client 78.153.140.179:38252] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.247.81.214"] [uri "/.env"] [unique_id "ZlsWKcoHYRr1GJn-tR9RnQAAAAQ"]
/var/log/apache2/error.log:[Sat Jun 01 14:38:01.719727 2024] [security2:error] [pid 1632] [client 78.153.140.179:38252] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.81.214"] [uri "/.env"] [unique_id "ZlsWKcoHYRr1GJn-tR9RnQAAAAQ"]
/var/log/apache2/error.log:[Sat Jun 01 14:38:01.721217 2024] [security2:error] [pid 1632] [client 78.153.140.179:38252] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.81.214"] [uri "/.env"] [unique_id "ZlsWKcoHYRr1GJn-tR9RnQAAAAQ"]
/var/log/apache2/error.log:[Mon Jun 03 19:37:16.867024 2024] [security2:error] [pid 25379] [client 78.153.140.179:60648] [client 78.153.140.179] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.80.216"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.80.216"] [uri "/.env"] [unique_id "Zl3_TOBSY018OQWLR53mmgAAAAQ"]
/var/log/apache2/error.log:[Mon Jun 03 19:37:16.868795 2024] [security2:error] [pid 25379] [client 78.153.140.179:60648] [client 78.153.140.179] ModSecurity: Warning. Matched phrase "/.env" at REQUEST_FILENAME. [file "/usr/share/modsecurity-crs/rules/REQUEST-930-APPLICATION-ATTACK-LFI.conf"] [line "125"] [id "930130"] [msg "Restricted File Access Attempt"] [data "Matched Data: /.env found within REQUEST_FILENAME: /.env"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-lfi"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/255/153/126"] [tag "PCI/6.5.4"] [hostname "89.247.80.216"] [uri "/.env"] [unique_id "Zl3_TOBSY018OQWLR53mmgAAAAQ"]
/var/log/apache2/error.log:[Mon Jun 03 19:37:16.870261 2024] [security2:error] [pid 25379] [client 78.153.140.179:60648] [client 78.153.140.179] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.80.216"] [uri "/.env"] [unique_id "Zl3_TOBSY018OQWLR53mmgAAAAQ"]
/var/log/apache2/error.log:[Mon Jun 03 19:37:16.871288 2024] [security2:error] [pid 25379] [client 78.153.140.179:60648] [client 78.153.140.179] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=5,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.80.216"] [uri "/.env"] [unique_id "Zl3_TOBSY018OQWLR53mmgAAAAQ"]


Regards,

Fail2Ban

Und hier eine Meldung, die etwa 40 Minuten nach der vorhergehenden Mail eingetroffen ist nachdem meine /etc/resolv.conf überschrieben wurde

Hi,

The IP 157.230.33.60 has just been banned by Fail2Ban after
1 attempts against apache-modsecurity.


Here is more information about 157.230.33.60 :
missing whois program

Lines containing failures of 157.230.33.60 (max 1000)
/var/log/apache2/error.log:[Mon Jun 03 20:11:07.773783 2024] [security2:error] [pid 25378] [client 157.230.33.60:52534] [client 157.230.33.60] ModSecurity: Warning. Matched phrase "zgrab" at REQUEST_HEADERS:User-Agent. [file "/usr/share/modsecurity-crs/rules/REQUEST-913-SCANNER-DETECTION.conf"] [line "55"] [id "913100"] [msg "Found User-Agent associated with security scanner"] [data "Matched Data: zgrab found within REQUEST_HEADERS:User-Agent: mozilla/5.0 zgrab/0.x"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-reputation-scanner"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/118/224/541/310"] [tag "PCI/6.5.10"] [hostname "89.247.80.216"] [uri "/ab2g"] [unique_id "Zl4HO5GJkYMeo0FdNgGRSQAAAAM"]
/var/log/apache2/error.log:[Mon Jun 03 20:11:07.774698 2024] [security2:error] [pid 25378] [client 157.230.33.60:52534] [client 157.230.33.60] ModSecurity: Warning. Pattern match "^[\\\\d.:]+$" at REQUEST_HEADERS:Host. [file "/usr/share/modsecurity-crs/rules/REQUEST-920-PROTOCOL-ENFORCEMENT.conf"] [line "736"] [id "920350"] [msg "Host header is a numeric IP address"] [data "89.247.80.216"] [severity "WARNING"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-protocol"] [tag "paranoia-level/1"] [tag "OWASP_CRS"] [tag "capec/1000/210/272"] [tag "PCI/6.5.10"] [hostname "89.247.80.216"] [uri "/ab2g"] [unique_id "Zl4HO5GJkYMeo0FdNgGRSQAAAAM"]
/var/log/apache2/error.log:[Mon Jun 03 20:11:07.776775 2024] [security2:error] [pid 25378] [client 157.230.33.60:52534] [client 157.230.33.60] ModSecurity: Access denied with code 403 (phase 2). Operator GE matched 5 at TX:anomaly_score. [file "/usr/share/modsecurity-crs/rules/REQUEST-949-BLOCKING-EVALUATION.conf"] [line "94"] [id "949110"] [msg "Inbound Anomaly Score Exceeded (Total Score: 8)"] [severity "CRITICAL"] [ver "OWASP_CRS/3.3.5"] [tag "application-multi"] [tag "language-multi"] [tag "platform-multi"] [tag "attack-generic"] [hostname "89.247.80.216"] [uri "/ab2g"] [unique_id "Zl4HO5GJkYMeo0FdNgGRSQAAAAM"]
/var/log/apache2/error.log:[Mon Jun 03 20:11:07.778322 2024] [security2:error] [pid 25378] [client 157.230.33.60:52534] [client 157.230.33.60] ModSecurity: Warning. Operator GE matched 5 at TX:inbound_anomaly_score. [file "/usr/share/modsecurity-crs/rules/RESPONSE-980-CORRELATION.conf"] [line "92"] [id "980130"] [msg "Inbound Anomaly Score Exceeded (Total Inbound Score: 8 - SQLI=0,XSS=0,RFI=0,LFI=0,RCE=0,PHPI=0,HTTP=0,SESS=0): individual paranoia level scores: 8, 0, 0, 0"] [ver "OWASP_CRS/3.3.5"] [tag "event-correlation"] [hostname "89.247.80.216"] [uri "/ab2g"] [unique_id "Zl4HO5GJkYMeo0FdNgGRSQAAAAM"]


Regards,

Fail2Ban

Wegen des Verhaltens von Ubuntu 24.04 LTS Server, wird die Sicherheit des Systems und des internen Netzwerks unnötig strapaziert und eingeschränkt sowie die demon basierte "whois" abfrage für Sys Admins erschwert.

Hat evtl. jemand einen besseren Vorschlag, wie die eigene "/etc/resolv.conf" als einzige gültige behalten werden kann?

Welche Informationen braucht ihr dafür um dieses Problem zu lösen?

Im voraus, vielen Danke für eure Antworten und Hilfe.

Bearbeitet von sebix:

Forensyntax verbessert.

lubux

Anmeldungsdatum:
21. November 2012

Beiträge: 14313
Zitieren
3. Juni 2024 22:02

Colognier schrieb:

Bei Unbuntu 24.04 wird meine eigene "/etc/resolv.conf" regelmässig überschrieben ...
Hat evtl. jemand einen besseren Vorschlag, wie die eigene "/etc/resolv.conf" als einzige gültige behalten werden kann?

Ist die /etc/resolv.conf eine Datei (bzw. kein symlink) und willst Du diese Datei gegen überschreiben schützen? Wenn ja, dann mit:

sudo chattr +i /etc/resolv.conf

Colognier

(Themenstarter)
Avatar von Colognier

Anmeldungsdatum:
28. April 2022

Beiträge: 28
Zitieren
3. Juni 2024 22:10 (zuletzt bearbeitet: 3. Juni 2024 22:14)

Moin, die /etc/resolv.conf ist (noch) ein symlink.

chattr +i /etc/resolv.conf
chattr: Vorgang wird nicht unterstützt beim Lesens der Flags in /etc/resolv.conf

Ich konnte bisher die /etc/resolv.conf nicht "ent sym linken"

lubux

Anmeldungsdatum:
21. November 2012

Beiträge: 14313
Zitieren
3. Juni 2024 22:42 (zuletzt bearbeitet: 3. Juni 2024 22:43)

Colognier schrieb:

Ich konnte bisher die /etc/resolv.conf nicht "ent sym linken"

Du kannst mit rm den symlink löschen und mit:

sudo nano /etc/resolv.conf

die Datei erstellen, den gewünschten Inhalt dort eintragen und danach das i-flag setzen.

Colognier

(Themenstarter)
Avatar von Colognier

Anmeldungsdatum:
28. April 2022

Beiträge: 28
Zitieren
4. Juni 2024 07:32

Moin zusammen, ok, den symlink hab ich gelöscht und meine eigene resolv.conf geschrieben. Hoffentlich ist jetzt ruhe.

Danke für eure Hilfe.
Antworten |