Blocco computer

Salve a tutti,

qualche volta il computer si blocca e posso solo spegnerlo e riaccenderlo.
Mi accorgo di questo in quanto questo computer, che chiamo B, viene chiamato tramite ssh da un altro computer (A) che deve copiarci dei file tramite ssh. Il computer A si blocca perché il computer B è bloccato.
Questa volta l’ho fatto ripartire, ma ho dato il comando

systemctl --since today

ed ho estrapolato queste informazioni

nov 09 11:31:22 bina.agr.unipg.it sshd[27046]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 11:31:22 bina.agr.unipg.it audit[27046]: CRYPTO_KEY_USER pid=27046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2
nov 09 11:31:22 bina.agr.unipg.it audit[27046]: CRYPTO_KEY_USER pid=27046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:0f:cf:b2:2f:1c
nov 09 11:31:22 bina.agr.unipg.it audit[27046]: CRYPTO_KEY_USER pid=27046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:29:d1:3c:41:8f:e2
nov 09 11:31:22 bina.agr.unipg.it audit[27046]: CRYPTO_KEY_USER pid=27046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:31:22 bina.agr.unipg.it audit[27046]: USER_LOGIN pid=27046 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? ad
nov 09 11:31:50 bina.agr.unipg.it audit[20536]: CRYPTO_KEY_USER pid=20536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:0f:cf:b2:2f:1c
nov 09 11:31:50 bina.agr.unipg.it audit[20536]: CRYPTO_KEY_USER pid=20536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:29:d1:3c:41:8f:e2
nov 09 11:31:50 bina.agr.unipg.it audit[20536]: CRYPTO_KEY_USER pid=20536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:31:50 bina.agr.unipg.it audit[20524]: CRYPTO_SESSION pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ks
nov 09 11:31:50 bina.agr.unipg.it audit[20524]: CRYPTO_SESSION pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ks
nov 09 11:31:55 bina.agr.unipg.it unix_chkpwd[27841]: password check failed for user (root)
nov 09 11:31:55 bina.agr.unipg.it sshd[20524]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 11:31:55 bina.agr.unipg.it sshd[20524]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:31:55 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:31:57 bina.agr.unipg.it sshd[20524]: Failed password for root from 116.31.116.43 port 14054 ssh2
nov 09 11:31:57 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:31:57 bina.agr.unipg.it unix_chkpwd[30985]: password check failed for user (root)
nov 09 11:31:57 bina.agr.unipg.it sshd[20524]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:31:57 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:32:00 bina.agr.unipg.it sshd[20524]: Failed password for root from 116.31.116.43 port 14054 ssh2
nov 09 11:32:00 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:32:01 bina.agr.unipg.it unix_chkpwd[3372]: password check failed for user (root)
nov 09 11:32:01 bina.agr.unipg.it sshd[20524]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:32:01 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:32:01 bina.agr.unipg.it audit[4581]: USER_ACCT pid=4581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:accounting grantors=pam_access,pam_unix,pam_localu
nov 09 11:32:01 bina.agr.unipg.it audit[4581]: CRED_ACQ pid=4581 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="cris" exe="
nov 09 11:32:01 bina.agr.unipg.it audit[1]: USER_AVC pid=1 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:init_t:s0 msg='Unknown permission start for class system exe="/usr/lib/systemd/systemd" saui
nov 09 11:32:01 bina.agr.unipg.it systemd[1]: Started Session 7319 of user cris.
nov 09 11:32:01 bina.agr.unipg.it systemd[1]: Starting Session 7319 of user cris.
nov 09 11:32:01 bina.agr.unipg.it audit[4581]: USER_START pid=4581 uid=0 auid=1001 ses=7319 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_open grantors=pam_loginuid,pam_limits,pam_systemd acc
nov 09 11:32:01 bina.agr.unipg.it audit[4581]: CRED_REFR pid=4581 uid=0 auid=1001 ses=7319 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="cris" exe="/usr/sbin/c
nov 09 11:32:01 bina.agr.unipg.it CROND[4663]: (cris) CMD (/bin/sendftp --conf /home/cris/config/sendftp.conf -f /home/cris/stations -rc 2>> /home/cris/log/sendftp.log)
nov 09 11:32:02 bina.agr.unipg.it audit[4581]: CRED_DISP pid=4581 uid=0 auid=1001 ses=7319 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:setcred grantors=pam_env,pam_unix acct="cris" exe="/usr/sbin/c
nov 09 11:32:02 bina.agr.unipg.it audit[4581]: USER_END pid=4581 uid=0 auid=1001 ses=7319 subj=system_u:system_r:crond_t:s0-s0:c0.c1023 msg='op=PAM:session_close grantors=pam_loginuid,pam_limits,pam_systemd acct
nov 09 11:32:03 bina.agr.unipg.it sshd[20524]: Failed password for root from 116.31.116.43 port 14054 ssh2
nov 09 11:32:03 bina.agr.unipg.it audit[20524]: USER_AUTH pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:32:04 bina.agr.unipg.it sshd[20524]: Received disconnect from 116.31.116.43 port 14054:11:  [preauth]
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: CRYPTO_KEY_USER pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:32:04 bina.agr.unipg.it sshd[20524]: Disconnected from 116.31.116.43 port 14054 [preauth]
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: CRYPTO_KEY_USER pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=2
nov 09 11:32:04 bina.agr.unipg.it sshd[20524]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: CRYPTO_KEY_USER pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:0f:cf:b2:2f:1c
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: CRYPTO_KEY_USER pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:29:d1:3c:41:8f:e2
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: CRYPTO_KEY_USER pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:32:04 bina.agr.unipg.it audit[20524]: USER_LOGIN pid=20524 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? ad
nov 09 11:32:30 bina.agr.unipg.it audit[12536]: CRYPTO_KEY_USER pid=12536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:0f:cf:b2:2f:1c
nov 09 11:32:30 bina.agr.unipg.it audit[12536]: CRYPTO_KEY_USER pid=12536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:29:d1:3c:41:8f:e2
nov 09 11:32:30 bina.agr.unipg.it audit[12536]: CRYPTO_KEY_USER pid=12536 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:32:31 bina.agr.unipg.it audit[12517]: CRYPTO_SESSION pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-server cipher=aes128-ctr ks
nov 09 11:32:31 bina.agr.unipg.it audit[12517]: CRYPTO_SESSION pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=start direction=from-client cipher=aes128-ctr ks
nov 09 11:32:36 bina.agr.unipg.it unix_chkpwd[20726]: password check failed for user (root)
nov 09 11:32:36 bina.agr.unipg.it sshd[12517]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 11:32:36 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:32:36 bina.agr.unipg.it sshd[12517]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:32:37 bina.agr.unipg.it systemd[1]: Starting dnf makecache...
nov 09 11:32:38 bina.agr.unipg.it sshd[12517]: Failed password for root from 116.31.116.43 port 14430 ssh2
nov 09 11:32:38 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:32:38 bina.agr.unipg.it unix_chkpwd[24404]: password check failed for user (root)
nov 09 11:32:38 bina.agr.unipg.it sshd[12517]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:32:38 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:32:40 bina.agr.unipg.it sshd[12517]: Failed password for root from 116.31.116.43 port 14430 ssh2
nov 09 11:32:40 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:32:41 bina.agr.unipg.it unix_chkpwd[27822]: password check failed for user (root)
nov 09 11:32:41 bina.agr.unipg.it sshd[12517]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 11:32:41 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=PAM:authentication grantors=? acct="root" exe="/usr/s
nov 09 11:32:42 bina.agr.unipg.it sshd[12517]: Failed password for root from 116.31.116.43 port 14430 ssh2
nov 09 11:32:42 bina.agr.unipg.it audit[12517]: USER_AUTH pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=password acct="root" exe="/usr/sbin/sshd" hostname=? 
nov 09 11:32:43 bina.agr.unipg.it sshd[12517]: Received disconnect from 116.31.116.43 port 14430:11:  [preauth]
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: CRYPTO_KEY_USER pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:32:43 bina.agr.unipg.it sshd[12517]: Disconnected from 116.31.116.43 port 14430 [preauth]
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: CRYPTO_KEY_USER pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=session fp=? direction=both spid=1
nov 09 11:32:43 bina.agr.unipg.it sshd[12517]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: CRYPTO_KEY_USER pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:3c:0f:cf:b2:2f:1c
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: CRYPTO_KEY_USER pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:29:d1:3c:41:8f:e2
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: CRYPTO_KEY_USER pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=destroy kind=server fp=SHA256:9b:c0:76:eb:88:a7
nov 09 11:32:43 bina.agr.unipg.it audit[12517]: USER_LOGIN pid=12517 uid=0 auid=4294967295 ses=4294967295 subj=system_u:system_r:sshd_t:s0-s0:c0.c1023 msg='op=login acct="root" exe="/usr/sbin/sshd" hostname=? ad
-- Reboot --
nov 09 11:36:29 localhost.localdomain systemd-journal[174]: Runtime journal is using 8.0M (max allowed 195.4M, trying to leave 293.1M free of 1.9G available → current limit 195.4M).
nov 09 11:36:29 localhost.localdomain systemd-journal[174]: Runtime journal is using 8.0M (max allowed 195.4M, trying to leave 293.1M free of 1.9G available → current limit 195.4M).
nov 09 11:36:29 localhost.localdomain kernel: microcode: microcode updated early to revision 0x1c, date = 2015-02-26
nov 09 11:36:29 localhost.localdomain kernel: Linux version 4.7.9-100.fc23.x86_64 ([email protected]) (gcc version 5.3.1 20160406 (Red Hat 5.3.1-6) (GCC) ) #1 SMP Thu Oct 20 15:59:59 UTC
nov 09 11:36:29 localhost.localdomain kernel: Command line: BOOT_IMAGE=/vmlinuz-4.7.9-100.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet LANG=it_IT.UTF-8
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: xstate_offset[2]:  576, xstate_sizes[2]:  256
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: Supporting XSAVE feature 0x004: 'AVX registers'
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: Enabled xstate features 0x7, context size is 832 bytes, using 'standard' format.
nov 09 11:36:29 localhost.localdomain kernel: x86/fpu: Using 'eager' FPU context switches.
nov 09 11:36:29 localhost.localdomain kernel: e820: BIOS-provided physical RAM map:
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000000000-0x000000000009ebff] usable
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x000000000009ec00-0x000000000009ffff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000000e0000-0x00000000000fffff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000000100000-0x00000000ddc49fff] usable
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000ddc4a000-0x00000000ddce9fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000ddcea000-0x00000000ddcfafff] ACPI data
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000ddcfb000-0x00000000de589fff] ACPI NVS
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000de58a000-0x00000000dedb5fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000dedb6000-0x00000000dedf8fff] ACPI NVS
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000dedf9000-0x00000000df5a1fff] usable
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000df5a2000-0x00000000df7f0fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000df7f1000-0x00000000df7fffff] usable
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000f8000000-0x00000000fbffffff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fed00000-0x00000000fed03fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fed1c000-0x00000000fed1ffff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x00000000ff000000-0x00000000ffffffff] reserved
nov 09 11:36:29 localhost.localdomain kernel: BIOS-e820: [mem 0x0000000100000000-0x000000011effffff] usable
nov 09 11:36:29 localhost.localdomain kernel: NX (Execute Disable) protection: active
nov 09 11:36:29 localhost.localdomain kernel: SMBIOS 2.7 present.

mi rendo conto che sono tante, e non so neppure se possono essere utili, ma mi aiutate a vedere perché si blocca?

Sergio

Proviamo a vedere anche gli output di:

$ uname -r
$ df -h -T
$ rpm -q -a \*ssh\*
$ sestatus
# journalctl -a -x -b 0 -p 3 --no-pager
# ausearch -m avc -ts today
# tac /var/log/secure | head -n 30
# cat /etc/ssh/sshd_config

Ciao Cupo

uname -r

4.7.9-100.fc23.x86_64

df -h -T

File system             Tipo      Dim. Usati Dispon. Uso% Montato su
devtmpfs                devtmpfs  1,9G     0    1,9G   0% /dev
tmpfs                   tmpfs     2,0G  132K    2,0G   1% /dev/shm
tmpfs                   tmpfs     2,0G   12M    1,9G   1% /run
tmpfs                   tmpfs     2,0G     0    2,0G   0% /sys/fs/cgroup
/dev/mapper/fedora-root ext4       50G  7,5G     40G  17% /
tmpfs                   tmpfs     2,0G   68K    2,0G   1% /tmp
/dev/sdb2               ext4      917G   21G    850G   3% /disk2
/dev/sdb1               ext4      917G  369G    502G  43% /sismologia
/dev/sda1               ext4      477M  137M    311M  31% /boot
/dev/mapper/fedora-home ext4      405G  414M    384G   1% /home
tmpfs                   tmpfs     391M   20K    391M   1% /run/user/42
tmpfs                   tmpfs     391M     0    391M   0% /run/user/1001
tmpfs                   tmpfs     391M     0    391M   0% /run/user/1000

rpm -q -a \*ssh\*

libssh2-1.6.0-4.fc23.x86_64
openssh-clients-7.2p2-6.fc23.x86_64
openssh-7.2p2-6.fc23.x86_64
openssh-server-7.2p2-6.fc23.x86_64
openssh-askpass-7.2p2-6.fc23.x86_64

sestatus

SELinux status:                 enabled
SELinuxfs mount:                /sys/fs/selinux
SELinux root directory:         /etc/selinux
Loaded policy name:             targeted
Current mode:                   enforcing
Mode from config file:          enforcing
Policy MLS status:              enabled
Policy deny_unknown status:     allowed
Max kernel policy version:      30

journalctl -a -x -b 0 -p 3 --no-pager

-- Logs begin at ven 2016-10-14 18:10:14 CEST, end at mer 2016-11-09 17:43:20 CET. --
nov 09 11:37:22 bina.agr.unipg.it spice-vdagent[1538]: Cannot access vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0
nov 09 11:37:36 bina.agr.unipg.it spice-vdagent[2016]: Cannot access vdagent virtio channel /dev/virtio-ports/com.redhat.spice.0
nov 09 11:37:38 bina.agr.unipg.it pulseaudio[2090]: [pulseaudio] pid.c: Daemon already running.
nov 09 11:38:03 bina.agr.unipg.it pulseaudio[2050]: [pulseaudio] bluez5-util.c: GetManagedObjects() failed: org.freedesktop.DBus.Error.NoReply: Did not receive a reply. Possible causes include: the remote application did not send a reply, the message bus security policy blocked the reply, the reply timeout expired, or the network connection was broken.
nov 09 11:49:47 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:47 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:47 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:47 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:48 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:48 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:48 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 11:49:48 bina.agr.unipg.it gnome-session-binary[1939]: GLib-GObject-CRITICAL: g_object_unref: assertion 'G_IS_OBJECT (object)' failed
nov 09 14:25:14 bina.agr.unipg.it sshd[15898]: fatal: Unable to negotiate with 212.129.15.245 port 10031: no matching key exchange method found. Their offer: diffie-hellman-group1-sha1,diffie-hellman-group-exchange-sha1 [preauth]
nov 09 15:08:01 bina.agr.unipg.it systemd-logind[811]: Failed to abandon session scope: Transport endpoint is not connected
nov 09 15:08:01 bina.agr.unipg.it crond[11338]: pam_systemd(crond:session): Failed to create session: Message recipient disconnected from message bus without replying
nov 09 15:08:01 bina.agr.unipg.it crond[11339]: pam_systemd(crond:session): Failed to create session: Message recipient disconnected from message bus without replying
nov 09 15:11:01 bina.agr.unipg.it crond[14673]: pam_systemd(crond:session): Failed to create session: Message recipient disconnected from message bus without replying
nov 09 15:11:01 bina.agr.unipg.it systemd-logind[11374]: Failed to abandon session scope: Transport endpoint is not connected
nov 09 15:11:01 bina.agr.unipg.it crond[14672]: pam_systemd(crond:session): Failed to create session: Message recipient disconnected from message bus without replying

ausearch -m avc -ts today

<no matches>

tac /var/log/secure | head -n 30

tac: failed to open "/var/log/secure" for reading: File o directory non esistente

cat /etc/ssh/sshd_config

HostKey /etc/ssh/ssh_host_rsa_key

HostKey /etc/ssh/ssh_host_ecdsa_key
HostKey /etc/ssh/ssh_host_ed25519_key
SyslogFacility AUTHPRIV
PermitRootLogin yes
AuthorizedKeysFile	.ssh/authorized_keys
PasswordAuthentication yes
ChallengeResponseAuthentication no

GSSAPIAuthentication yes
GSSAPICleanupCredentials no

UsePAM yes

X11Forwarding yes
AcceptEnv LANG LC_CTYPE LC_NUMERIC LC_TIME LC_COLLATE LC_MONETARY LC_MESSAGES
AcceptEnv LC_PAPER LC_NAME LC_ADDRESS LC_TELEPHONE LC_MEASUREMENT
AcceptEnv LC_IDENTIFICATION LC_ALL LANGUAGE
AcceptEnv XMODIFIERS

Subsystem	sftp	/usr/libexec/openssh/sftp-server

Chiaramente ho tolto tutte le riche di sshd_config che cominciavano per #

Ti risulta noto quell’indirizzo? E’ corretto che tenti una connessione verso la porta 10031 della tua macchina?
E’ previsto l’uso delle chiavi crittografiche per l’accesso al server tramite il protocollo ssh?

Possiamo vedere

$ systemctl status sshd.service
# ss -l -n -t -p
# journalctl -a -x -u sshd.service --since yesterday

Sono anche un po’ perplesso da questo tuo output

strano non esista quel file di log…

l’indirizzo da te mensionato non lo conosco e non ho nessun servizio su questa porta.
Per quanto riguarda il collegamento tramite chiavi crittografate, si, accedo per copiare automaticamente files da un computer

systemctl status sshd.service

● sshd.service - OpenSSH server daemon
   Loaded: loaded (/usr/lib/systemd/system/sshd.service; enabled; vendor preset: disabled)
   Active: active (running) since mer 2016-11-09 11:37:01 CET; 23h ago
     Docs: man:sshd(8)
           man:sshd_config(5)
  Process: 901 ExecStart=/usr/sbin/sshd $OPTIONS (code=exited, status=0/SUCCESS)
 Main PID: 932 (sshd)
   CGroup: /system.slice/sshd.service
           ├─  932 /usr/sbin/sshd
           ├─12174 sshd: root [priv]
           └─14362 sshd: root [net]

nov 10 11:26:29 bina.agr.unipg.it sshd[27936]: Failed password for root from 116.31.116.41 port 40739 ssh2
nov 10 11:26:29 bina.agr.unipg.it sshd[27936]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 10 11:26:31 bina.agr.unipg.it sshd[27936]: Failed password for root from 116.31.116.41 port 40739 ssh2
nov 10 11:26:32 bina.agr.unipg.it sshd[27936]: Received disconnect from 116.31.116.41 port 40739:11:  [preauth]
nov 10 11:26:32 bina.agr.unipg.it sshd[27936]: Disconnected from 116.31.116.41 port 40739 [preauth]
nov 10 11:26:32 bina.agr.unipg.it sshd[27936]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.41  user=root
nov 10 11:27:04 bina.agr.unipg.it sshd[12174]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.41  user=root
nov 10 11:27:04 bina.agr.unipg.it sshd[12174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 10 11:27:06 bina.agr.unipg.it sshd[12174]: Failed password for root from 116.31.116.41 port 49517 ssh2
nov 10 11:27:06 bina.agr.unipg.it sshd[12174]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"

ss -l -n -t -p

State       Recv-Q Send-Q                                                            Local Address:Port                                                                           Peer Address:Port              
LISTEN      0      5                                                                 192.168.124.1:53                                                                                        *:*                   users:(("dnsmasq",pid=1374,fd=6))
LISTEN      0      128                                                                           *:22                                                                                        *:*                   users:(("sshd",pid=932,fd=3))
LISTEN      0      5                                                                     127.0.0.1:631                                                                                       *:*                   users:(("cupsd",pid=2097,fd=11))
LISTEN      0      128                                                                          :::22                                                                                       :::*                   users:(("sshd",pid=932,fd=4))
LISTEN      0      5                                                                           ::1:631                                                                                      :::*                   users:(("cupsd",pid=2097,fd=10))
LISTEN      0      128                                                                          :::3306                                                                                     :::*                   users:(("mysqld",pid=1172,fd=19))

nov 09 00:00:23 bina.agr.unipg.it sshd[29440]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:00:23 bina.agr.unipg.it sshd[29440]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:00:24 bina.agr.unipg.it sshd[29440]: Failed password for root from 116.31.116.43 port 64399 ssh2
nov 09 00:00:25 bina.agr.unipg.it unix_chkpwd[3724]: password check failed for user (root)
nov 09 00:00:25 bina.agr.unipg.it sshd[29440]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:00:27 bina.agr.unipg.it sshd[29440]: Failed password for root from 116.31.116.43 port 64399 ssh2
nov 09 00:00:27 bina.agr.unipg.it sshd[29440]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:01:02 bina.agr.unipg.it sshd[16144]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:01:02 bina.agr.unipg.it sshd[16144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:01:03 bina.agr.unipg.it sshd[16144]: Failed password for root from 116.31.116.43 port 48530 ssh2
nov 09 00:01:04 bina.agr.unipg.it sshd[16144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:01:06 bina.agr.unipg.it sshd[16144]: Failed password for root from 116.31.116.43 port 48530 ssh2
nov 09 00:01:07 bina.agr.unipg.it sshd[16144]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:01:08 bina.agr.unipg.it sshd[16144]: Failed password for root from 116.31.116.43 port 48530 ssh2
nov 09 00:01:09 bina.agr.unipg.it sshd[16144]: Received disconnect from 116.31.116.43 port 48530:11:  [preauth]
nov 09 00:01:09 bina.agr.unipg.it sshd[16144]: Disconnected from 116.31.116.43 port 48530 [preauth]
nov 09 00:02:44 bina.agr.unipg.it sshd[1325]: Accepted publickey for s.tardioli from 192.168.1.2 port 51720 ssh2: RSA SHA256:AKnEko41g9myVVi3IwCqc1I7jjICoa4e0kyMDo8BG9c
nov 09 00:11:20 bina.agr.unipg.it sshd[27673]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:11:20 bina.agr.unipg.it sshd[27673]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:11:20 bina.agr.unipg.it sshd[19052]: Accepted publickey for s.tardioli from 192.168.1.2 port 52076 ssh2: RSA SHA256:AKnEko41g9myVVi3IwCqc1I7jjICoa4e0kyMDo8BG9c
nov 09 00:11:20 bina.agr.unipg.it sshd[11390]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:11:20 bina.agr.unipg.it sshd[11390]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:11:20 bina.agr.unipg.it sshd[3519]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:11:20 bina.agr.unipg.it sshd[3519]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:11:22 bina.agr.unipg.it sshd[11390]: Failed password for root from 116.31.116.43 port 57086 ssh2
nov 09 00:11:22 bina.agr.unipg.it sshd[11390]: Received disconnect from 116.31.116.43 port 57086:11:  [preauth]
nov 09 00:11:22 bina.agr.unipg.it sshd[11390]: Disconnected from 116.31.116.43 port 57086 [preauth]
nov 09 00:11:22 bina.agr.unipg.it sshd[27673]: Failed password for root from 116.31.116.43 port 62137 ssh2
nov 09 00:11:22 bina.agr.unipg.it sshd[27673]: Received disconnect from 116.31.116.43 port 62137:11:  [preauth]
nov 09 00:11:22 bina.agr.unipg.it sshd[27673]: Disconnected from 116.31.116.43 port 62137 [preauth]
nov 09 00:11:22 bina.agr.unipg.it sshd[3519]: Failed password for root from 116.31.116.43 port 10912 ssh2
nov 09 00:11:22 bina.agr.unipg.it sshd[3519]: Received disconnect from 116.31.116.43 port 10912:11:  [preauth]
nov 09 00:11:22 bina.agr.unipg.it sshd[3519]: Disconnected from 116.31.116.43 port 10912 [preauth]
nov 09 00:11:38 bina.agr.unipg.it sshd[7103]: Accepted publickey for s.tardioli from 192.168.1.2 port 52156 ssh2: RSA SHA256:AKnEko41g9myVVi3IwCqc1I7jjICoa4e0kyMDo8BG9c
nov 09 00:11:39 bina.agr.unipg.it sshd[8104]: Accepted publickey for s.tardioli from 192.168.1.2 port 52158 ssh2: RSA SHA256:AKnEko41g9myVVi3IwCqc1I7jjICoa4e0kyMDo8BG9c
nov 09 00:11:55 bina.agr.unipg.it unix_chkpwd[29601]: password check failed for user (root)
nov 09 00:11:55 bina.agr.unipg.it sshd[24121]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:11:55 bina.agr.unipg.it sshd[24121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:11:57 bina.agr.unipg.it sshd[24121]: Failed password for root from 116.31.116.43 port 60172 ssh2
nov 09 00:11:58 bina.agr.unipg.it sshd[24121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:12:00 bina.agr.unipg.it sshd[24121]: Failed password for root from 116.31.116.43 port 60172 ssh2
nov 09 00:12:01 bina.agr.unipg.it sshd[24121]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:12:03 bina.agr.unipg.it sshd[24121]: Failed password for root from 116.31.116.43 port 60172 ssh2
nov 09 00:12:03 bina.agr.unipg.it sshd[24121]: Received disconnect from 116.31.116.43 port 60172:11:  [preauth]
nov 09 00:12:03 bina.agr.unipg.it sshd[24121]: Disconnected from 116.31.116.43 port 60172 [preauth]
nov 09 00:12:03 bina.agr.unipg.it sshd[24121]: PAM 2 more authentication failures; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:12:37 bina.agr.unipg.it sshd[17907]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=116.31.116.43  user=root
nov 09 00:12:37 bina.agr.unipg.it sshd[17907]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:12:38 bina.agr.unipg.it sshd[17907]: Failed password for root from 116.31.116.43 port 22618 ssh2
nov 09 00:12:39 bina.agr.unipg.it unix_chkpwd[24131]: password check failed for user (root)
nov 09 00:12:39 bina.agr.unipg.it sshd[17907]: pam_succeed_if(sshd:auth): requirement "uid >= 1000" not met by user "root"
nov 09 00:12:40 bina.agr.unipg.it sshd[17907]: Failed password for root from 116.31.116.43 port 22618 ssh2

Ha beh, sono sotto attacco da 116.31.116.43
Ma come posso bloccare questi tentativi?

Si, penso anch’io che il tuo sistema sia “bombardato” di richieste ssh originate da quell’indirizzo 116.31.116.43
Se questa è la causa dei blocchi che riscontri non ne ho certezza ma sicuramente la situazione non aiuta.

Vi sono diverse soluzioni per bloccare quei tentativi. Le prime che mi vengono in mente sono:

• Regole ad hoc di Netfilter (iptables)
• Fail2ban
• la configurazione di tcp_wrappers (file /etc/hosts.deny)

Valuta tu quale soluzione può esserti più famigliare o pratica da implementare

A margine, possiamo vedere gli output di

$ ip a
# iptables -t filter -L -n
# iptables -t nat -L -n

Edit: lo scenario generale mi ricorda un po’ http://forum.fedoraonline.it/viewtopic.php?id=24257&p=2 discussione

ip a

1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1
    link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
    inet 127.0.0.1/8 scope host lo
       valid_lft forever preferred_lft forever
    inet6 ::1/128 scope host 
       valid_lft forever preferred_lft forever
2: enp3s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UP group default qlen 1000
    link/ether 74:27:ea:2e:da:cc brd ff:ff:ff:ff:ff:ff
    inet 141.250.121.168/24 brd 141.250.121.255 scope global enp3s0
       valid_lft forever preferred_lft forever
    inet6 fe80::7627:eaff:fe2e:dacc/64 scope link 
       valid_lft forever preferred_lft forever
3: enp5s0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc fq_codel state UNKNOWN group default qlen 1000
    link/ether 00:0e:e8:e0:1f:76 brd ff:ff:ff:ff:ff:ff
    inet 192.168.1.1/24 brd 192.168.1.255 scope global enp5s0
       valid_lft forever preferred_lft forever
    inet6 fe80::20e:e8ff:fee0:1f76/64 scope link 
       valid_lft forever preferred_lft forever
4: virbr0: <NO-CARRIER,BROADCAST,MULTICAST,UP> mtu 1500 qdisc noqueue state DOWN group default qlen 1000
    link/ether 52:54:00:f2:1c:66 brd ff:ff:ff:ff:ff:ff
    inet 192.168.124.1/24 brd 192.168.124.255 scope global virbr0
       valid_lft forever preferred_lft forever
5: virbr0-nic: <BROADCAST,MULTICAST> mtu 1500 qdisc fq_codel master virbr0 state DOWN group default qlen 1000
    link/ether 52:54:00:f2:1c:66 brd ff:ff:ff:ff:ff:ff

iptables -t filter -L -n

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:53
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:53
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:67
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:67
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
INPUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            192.168.124.0/24     ctstate RELATED,ESTABLISHED
ACCEPT     all  --  192.168.124.0/24     0.0.0.0/0           
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-port-unreachable
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0            ctstate RELATED,ESTABLISHED
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_direct  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_IN_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
FORWARD_OUT_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           
DROP       all  --  0.0.0.0/0            0.0.0.0/0            ctstate INVALID
REJECT     all  --  0.0.0.0/0            0.0.0.0/0            reject-with icmp-host-prohibited

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:68
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FORWARD_IN_ZONES (1 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDI_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_IN_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_OUT_ZONES (1 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
FWDO_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain FORWARD_OUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain FORWARD_direct (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation (3 references)
target     prot opt source               destination         
FWDI_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDI_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain FWDI_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDI_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation (3 references)
target     prot opt source               destination         
FWDO_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
FWDO_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     all  --  0.0.0.0/0            0.0.0.0/0           

Chain FWDO_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain FWDO_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain INPUT_ZONES (1 references)
target     prot opt source               destination         
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
IN_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain INPUT_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain INPUT_direct (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation (3 references)
target     prot opt source               destination         
IN_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
IN_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           
ACCEPT     icmp --  0.0.0.0/0            0.0.0.0/0           

Chain IN_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpts:1025:65535 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpts:1025:65535 ctstate NEW
ACCEPT     tcp  --  0.0.0.0/0            0.0.0.0/0            tcp dpt:22 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            224.0.0.251          udp dpt:5353 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:137 ctstate NEW
ACCEPT     udp  --  0.0.0.0/0            0.0.0.0/0            udp dpt:138 ctstate NEW

Chain IN_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain IN_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

iptables -t nat -L -n

Chain PREROUTING (policy ACCEPT)
target     prot opt source               destination         
PREROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
PREROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
PREROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         
OUTPUT_direct  all  --  0.0.0.0/0            0.0.0.0/0           

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
RETURN     all  --  192.168.124.0/24     224.0.0.0/24        
RETURN     all  --  192.168.124.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.124.0/24    !192.168.124.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.124.0/24    !192.168.124.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.124.0/24    !192.168.124.0/24    
POSTROUTING_direct  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES_SOURCE  all  --  0.0.0.0/0            0.0.0.0/0           
POSTROUTING_ZONES  all  --  0.0.0.0/0            0.0.0.0/0           

Chain OUTPUT_direct (1 references)
target     prot opt source               destination         

Chain POSTROUTING_ZONES (1 references)
target     prot opt source               destination         
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
POST_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain POSTROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain POSTROUTING_direct (1 references)
target     prot opt source               destination         

Chain POST_FedoraWorkstation (3 references)
target     prot opt source               destination         
POST_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
POST_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
POST_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain POST_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         
MASQUERADE  all  --  0.0.0.0/0            0.0.0.0/0           

Chain POST_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain POST_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Chain PREROUTING_ZONES (1 references)
target     prot opt source               destination         
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 
PRE_FedoraWorkstation  all  --  0.0.0.0/0            0.0.0.0/0           [goto] 

Chain PREROUTING_ZONES_SOURCE (1 references)
target     prot opt source               destination         

Chain PREROUTING_direct (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation (3 references)
target     prot opt source               destination         
PRE_FedoraWorkstation_log  all  --  0.0.0.0/0            0.0.0.0/0           
PRE_FedoraWorkstation_deny  all  --  0.0.0.0/0            0.0.0.0/0           
PRE_FedoraWorkstation_allow  all  --  0.0.0.0/0            0.0.0.0/0           

Chain PRE_FedoraWorkstation_allow (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation_deny (1 references)
target     prot opt source               destination         

Chain PRE_FedoraWorkstation_log (1 references)
target     prot opt source               destination         

Gia me lo hanno bucato???

Chain POSTROUTING (policy ACCEPT)
target     prot opt source               destination         
RETURN     all  --  192.168.124.0/24     224.0.0.0/24        
RETURN     all  --  192.168.124.0/24     255.255.255.255     
MASQUERADE  tcp  --  192.168.124.0/24    !192.168.124.0/24     masq ports: 1024-65535
MASQUERADE  udp  --  192.168.124.0/24    !192.168.124.0/24     masq ports: 1024-65535
MASQUERADE  all  --  192.168.124.0/24    !192.168.124.0/24    

Credo che più che nella catena di POSTROUTING della tabella del Nat il problema sia qui:

La regola “dovrebbe” (uso il condizionale perché sono regole originate da FirewallD in merito al quale ho scarsa esperienza… utilizzando da diversi anni l’accoppiata Netflter/Iptables ho mantenuto sui miei sistemi una gestione più tradizionale…) indicare il sistema di accettare qualsiasi connessione ssh proveniente da qualsiasi sorgente (compresi indirizzi pubblici).

La modifica di questa regola con una più restrittiva potrebbe essere un buon punto di partenza per mitigare le problematiche riscontrate

Non credo comunque che sia un problema di ssh.
Ogni volta vedo che gli hd sono fermi, come se stessero in stand-by.
L’unico lampeggio è dei led della rete, quello degli hd è spento.
Ho provato a vedere nel bios se c’è una istruzione che spegne i dischi, ma non sono riuscito a vedere nulla.
Il bios è Acer versione 2.15.1227
E’ possibile vedere se qualche programma mette i dischi a riposo?

Salve,
a distanza di mesi (sono stato molto impegnato) non sono riuscito ancora a risolvere questo problema che ancora persiste, anzi, mentre prima questo accadeva saltuariamente, ora si è fatto molto più invasivo, bloccando il computer dopo circa mezza giornata di lavoro.
Avete qualche suggerimento da darmi per ovviare a questo problema?

Ciao sergio59.
Bisognerebbe prima capire bene a che livello avviene il blocco.
A livello hardware? Dopo appena mezz’ora di funzionamento del PC potrebbe essere, tanto più se lo stacchi dalla rete e vedi che comunque dopo un po’ si ferma. E li poi bisogna capire bene dove è l’inghippo (ventole? surriscaldamento? altro?).

Invece se il blocco è di ssh bisogna indagare meglio i log di accesso via rete e di ssh. Potrebbe essere che siano sempre i soliti attacchi e la configurazione della tua macchina prevede la sospensione dei servizi dopo un numero di tentativi falliti.

Altra possibilità è un bug del sistema quindi se si potesse aggiornare il tutto (escludendo però problemi hardware) sarebbe un buon punto di partenza.

Ciao Mario S
Grazie della risposta.

Da dove comincio?

Hardware!!!

Ciao Mario,
scusa del ritardo, ma sono impegnato per altri motivi che mi tengono lontano…
Tra le altre cose ho trovato un dispositivo (router utilizzato come access point) che disturbava la rete.
Ora il computer non si blocca più, ma continua comunque a dare questi messaggi da sshd con la macchina 192.168.1.2 che tenta di accedere su porte impossibili e viene bloccata. Tra parentesi questa macchina, la 1.2, si collega tramite utente con chiave per accedere senza password, e sembra funzionare. Sembra come se sia stata violata e volesse accedere alla 1.1 tramite porte alte.

Per quanto riguarda l’hardware questo è quanto mi da con lspci:

00:00.0 Host bridge: Intel Corporation Skylake Host Bridge/DRAM Registers (rev 07)
00:14.0 USB controller: Intel Corporation Sunrise Point-H USB 3.0 xHCI Controller (rev 31)
00:16.0 Communication controller: Intel Corporation Sunrise Point-H CSME HECI #1 (rev 31)
00:17.0 SATA controller: Intel Corporation Sunrise Point-H SATA controller [AHCI mode] (rev 31)
00:1b.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Root Port #19 (rev f1)
00:1b.3 PCI bridge: Intel Corporation Sunrise Point-H PCI Root Port #20 (rev f1)
00:1c.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #5 (rev f1)
00:1d.0 PCI bridge: Intel Corporation Sunrise Point-H PCI Express Root Port #9 (rev f1)
00:1f.0 ISA bridge: Intel Corporation Sunrise Point-H LPC Controller (rev 31)
00:1f.2 Memory controller: Intel Corporation Sunrise Point-H PMC (rev 31)
00:1f.3 Audio device: Intel Corporation Sunrise Point-H HD Audio (rev 31)
00:1f.4 SMBus: Intel Corporation Sunrise Point-H SMBus (rev 31)
00:1f.6 Ethernet controller: Intel Corporation Ethernet Connection (2) I219-V (rev 31)
01:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
02:00.0 Ethernet controller: Realtek Semiconductor Co., Ltd. RTL8111/8168/8411 PCI Express Gigabit Ethernet Controller (rev 06)
03:00.0 VGA compatible controller: Advanced Micro Devices, Inc. [AMD/ATI] Redwood XT [Radeon HD 5670/5690/5730]
03:00.1 Audio device: Advanced Micro Devices, Inc. [AMD/ATI] Redwood HDMI Audio [Radeon HD 5000 Series]

Sergio

Ciao Sergio, mi togli una curiosità?
Puoi postare

$ systemctl list-unit-files --type service --state enabled --no-pager
$ systemctl status libvirtd.service
$ free -m
$ swapon -s
$ grep Dirty /proc/meminfo
$ su -c 'dmidecode -t 17'
$ ip route show table main scope global

Ciao Cupo,
ben trovato…
Questo l’output del computer 1.2 (quello che si collega)

[root@new-host]# systemctl list-unit-files --type service --state enabled --no-pager
UNIT FILE                                   STATE  
abrt-ccpp.service                           enabled
abrt-oops.service                           enabled
abrt-vmcore.service                         enabled
abrt-xorg.service                           enabled
abrtd.service                               enabled
accounts-daemon.service                     enabled
atd.service                                 enabled
auditd.service                              enabled
avahi-daemon.service                        enabled
bluetooth.service                           enabled
chronyd.service                             enabled
crond.service                               enabled
cups.service                                enabled
dbus-org.bluez.service                      enabled
dbus-org.fedoraproject.FirewallD1.service   enabled
dbus-org.freedesktop.Avahi.service          enabled
dbus-org.freedesktop.ModemManager1.service  enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service  enabled
dbus-org.freedesktop.timedate1.service      enabled
display-manager.service                     enabled
dmraid-activation.service                   enabled
firewalld.service                           enabled
gdm.service                                 enabled
[email protected]                              enabled
httpd.service                               enabled
iscsi.service                               enabled
libvirtd.service                            enabled
lvm2-monitor.service                        enabled
mariadb.service                             enabled
mcelog.service                              enabled
mdmonitor.service                           enabled
ModemManager.service                        enabled
multipathd.service                          enabled
netcf-transaction.service                   enabled
NetworkManager-dispatcher.service           enabled
NetworkManager.service                      enabled
ntpdate.service                             enabled
rngd.service                                enabled
rtkit-daemon.service                        enabled
spice-vdagentd.service                      enabled
sshd.service                                enabled
startsocat.service                          enabled
syslog.service                              enabled
teamviewerd.service                         enabled
timedatex.service                           enabled
vgauthd.service                             enabled
vmtoolsd.service                            enabled

48 unit files listed.

[root@new-host]# systemctl status libvirtd.service
● libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: active (running) since lun 2017-02-20 09:56:40 CET; 1 day 23h ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 1191 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           ├─1191 /usr/sbin/libvirtd
           ├─1741 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
           └─1742 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

feb 20 09:56:41 new-host.station libvirtd[1191]: Failed to probe capabilities for /usr/bin/qemu-kvm: internal error: QEMU / QMP failed: Could not access KVM kernel module: No such file or directory
                                                 failed to initialize KVM: No such file or directory
feb 20 09:56:41 new-host.station dnsmasq[1741]: started, version 2.76 cachesize 150
feb 20 09:56:41 new-host.station dnsmasq[1741]: compile time options: IPv6 GNU-getopt DBus no-i18n IDN DHCP DHCPv6 no-Lua TFTP no-conntrack ipset auth DNSSEC loop-detect inotify
feb 20 09:56:41 new-host.station dnsmasq-dhcp[1741]: DHCP, IP range 192.168.124.2 -- 192.168.124.254, lease time 1h
feb 20 09:56:41 new-host.station dnsmasq-dhcp[1741]: DHCP, sockets bound exclusively to interface virbr0
feb 20 09:56:41 new-host.station dnsmasq[1741]: reading /etc/resolv.conf
feb 20 09:56:41 new-host.station dnsmasq[1741]: using nameserver 8.8.8.8#53
feb 20 09:56:41 new-host.station dnsmasq[1741]: read /etc/hosts - 32 addresses
feb 20 09:56:41 new-host.station dnsmasq[1741]: read /var/lib/libvirt/dnsmasq/default.addnhosts - 0 addresses
feb 20 09:56:41 new-host.station dnsmasq-dhcp[1741]: read /var/lib/libvirt/dnsmasq/default.hostsfile

[root@new-host]# free -m
              total        used        free      shared  buff/cache   available
Mem:          15973        3868         176          64       11929       11612
Swap:          7999           0        7999

[root@new-host]# swapon -s
Filename				Type		Size	Used	Priority
/dev/dm-1                              	partition	8191996	472	-1

[root@new-host]# grep Dirty /proc/meminfo
Dirty:             15468 kB

[root@new-host]#  su -c 'dmidecode -t 17'
# dmidecode 3.0
Getting SMBIOS data from sysfs.
SMBIOS 3.0.0 present.

Handle 0x0047, DMI type 17, 40 bytes
Memory Device
	Array Handle: 0x0046
	Error Information Handle: Not Provided
	Total Width: Unknown
	Data Width: Unknown
	Size: No Module Installed
	Form Factor: Unknown
	Set: None
	Locator: DIMM_A1
	Bank Locator: BANK 0
	Type: Unknown
	Type Detail: None
	Speed: Unknown
	Manufacturer: Not Specified
	Serial Number: Not Specified
	Asset Tag: Not Specified
	Part Number: Not Specified
	Rank: Unknown
	Configured Clock Speed: Unknown
	Minimum Voltage: Unknown
	Maximum Voltage: Unknown
	Configured Voltage: Unknown

Handle 0x0048, DMI type 17, 40 bytes
Memory Device
	Array Handle: 0x0046
	Error Information Handle: Not Provided
	Total Width: 64 bits
	Data Width: 64 bits
	Size: 8192 MB
	Form Factor: DIMM
	Set: None
	Locator: DIMM_A2
	Bank Locator: BANK 1
	Type: DDR4
	Type Detail: Synchronous
	Speed: 2133 MHz
	Manufacturer: Kingston
	Serial Number: 02221719
	Asset Tag: 9876543210
	Part Number: 9905622-058.A00G    
	Rank: 1
	Configured Clock Speed: 2133 MHz
	Minimum Voltage: Unknown
	Maximum Voltage: Unknown
	Configured Voltage: 1.2 V

Handle 0x0049, DMI type 17, 40 bytes
Memory Device
	Array Handle: 0x0046
	Error Information Handle: Not Provided
	Total Width: Unknown
	Data Width: Unknown
	Size: No Module Installed
	Form Factor: Unknown
	Set: None
	Locator: DIMM_B1
	Bank Locator: BANK 2
	Type: Unknown
	Type Detail: None
	Speed: Unknown
	Manufacturer: Not Specified
	Serial Number: Not Specified
	Asset Tag: Not Specified
	Part Number: Not Specified
	Rank: Unknown
	Configured Clock Speed: Unknown
	Minimum Voltage: Unknown
	Maximum Voltage: Unknown
	Configured Voltage: Unknown

Handle 0x004A, DMI type 17, 40 bytes
Memory Device
	Array Handle: 0x0046
	Error Information Handle: Not Provided
	Total Width: 64 bits
	Data Width: 64 bits
	Size: 8192 MB
	Form Factor: DIMM
	Set: None
	Locator: DIMM_B2
	Bank Locator: BANK 3
	Type: DDR4
	Type Detail: Synchronous
	Speed: 2133 MHz
	Manufacturer: Kingston
	Serial Number: 15538020
	Asset Tag: 9876543210
	Part Number: 9905678-023.A00G    
	Rank: 1
	Configured Clock Speed: 2133 MHz
	Minimum Voltage: Unknown
	Maximum Voltage: Unknown
	Configured Voltage: 1.2 V

[root@new-host]# ip route show table main scope global
default via 192.168.0.1 dev enp1s0  proto static  metric 100 

Se vuoi ti posto anche l’altro computer (che si spegneva e che ha gli accessi sshd)

Sergio

Si grazie, infatti mi riferivo alla macchina per la quale riscontri i blocchi sistematici

Ok, ecco l’output dell’altra macchina (quella che si blocca)

[root@bina]# systemctl list-unit-files --type service --state enabled --no-pager
UNIT FILE                                   STATE  
abrt-ccpp.service                           enabled
abrt-oops.service                           enabled
abrt-vmcore.service                         enabled
abrt-xorg.service                           enabled
abrtd.service                               enabled
accounts-daemon.service                     enabled
atd.service                                 enabled
auditd.service                              enabled
avahi-daemon.service                        enabled
bluetooth.service                           enabled
chronyd.service                             enabled
crond.service                               enabled
cups.service                                enabled
dbus-org.bluez.service                      enabled
dbus-org.fedoraproject.FirewallD1.service   enabled
dbus-org.freedesktop.Avahi.service          enabled
dbus-org.freedesktop.ModemManager1.service  enabled
dbus-org.freedesktop.NetworkManager.service enabled
dbus-org.freedesktop.nm-dispatcher.service  enabled
dbus-org.freedesktop.timedate1.service      enabled
dhcpd.service                               enabled
display-manager.service                     enabled
dmraid-activation.service                   enabled
firewalld.service                           enabled
gdm.service                                 enabled
[email protected]                              enabled
iscsi.service                               enabled
libvirtd.service                            enabled
lvm2-monitor.service                        enabled
mcelog.service                              enabled
mdmonitor.service                           enabled
ModemManager.service                        enabled
multipathd.service                          enabled
netcf-transaction.service                   enabled
NetworkManager-dispatcher.service           enabled
NetworkManager.service                      enabled
ntpdate.service                             enabled
rngd.service                                enabled
rtkit-daemon.service                        enabled
spice-vdagentd.service                      enabled
sshd.service                                enabled
syslog.service                              enabled
timedatex.service                           enabled
vgauthd.service                             enabled
vmtoolsd.service                            enabled
vsftpd.service                              enabled

46 unit files listed.

[root@bina]# systemctl status libvirtd.service
● libvirtd.service - Virtualization daemon
   Loaded: loaded (/usr/lib/systemd/system/libvirtd.service; enabled; vendor preset: enabled)
   Active: active (running) since ven 2017-02-17 09:41:29 CET; 5 days ago
     Docs: man:libvirtd(8)
           http://libvirt.org
 Main PID: 1066 (libvirtd)
   CGroup: /system.slice/libvirtd.service
           ├─1066 /usr/sbin/libvirtd
           ├─1178 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper
           └─1179 /sbin/dnsmasq --conf-file=/var/lib/libvirt/dnsmasq/default.conf --leasefile-ro --dhcp-script=/usr/libexec/libvirt_leaseshelper

Warning: Journal has been rotated since unit was started. Log output is incomplete or unavailable.

[root@bina]# free -m
              total        used        free      shared  buff/cache   available
Mem:           3907         577         499           1        2830        2995
Swap:          3967           7        3960

[root@bina s.tardioli]# free -m
              total        used        free      shared  buff/cache   available
Mem:           3907         577         499           1        2830        2995
Swap:          3967           7        3960
[root@bina]# swapon -s
Filename				Type		Size	Used	Priority
/dev/dm-1                              	partition	4063228	7220	-1

[root@bina]# grep Dirty /proc/meminfo
Dirty:               272 kB

[root@bina]# su -c 'dmidecode -t 17'
# dmidecode 3.0
Getting SMBIOS data from sysfs.
SMBIOS 2.7 present.

Handle 0x0026, DMI type 17, 34 bytes
Memory Device
	Array Handle: 0x0007
	Error Information Handle: No Error
	Total Width: 64 bits
	Data Width: 64 bits
	Size: 4096 MB
	Form Factor: DIMM
	Set: None
	Locator: DIMM1
	Bank Locator: BANK 1
	Type: DDR3
	Type Detail: Synchronous
	Speed: 1600 MHz
	Manufacturer: Kingston
	Serial Number: 113A1CFC
	Asset Tag:                       
	Part Number: ACR512X64D3U16C11G    
	Rank: 2
	Configured Clock Speed: 1600 MHz

Handle 0x0029, DMI type 17, 34 bytes
Memory Device
	Array Handle: 0x0007
	Error Information Handle: No Error
	Total Width: Unknown
	Data Width: Unknown
	Size: No Module Installed
	Form Factor: DIMM
	Set: None
	Locator: DIMM2
	Bank Locator: BANK 2
	Type: Unknown
	Type Detail: None
	Speed: Unknown
	Manufacturer: [Empty]
	Serial Number: [Empty]
	Asset Tag:                       
	Part Number:                       
	Rank: Unknown
	Configured Clock Speed: Unknown

[root@bina]# ip route show table main scope global
default via 141.250.121.3 dev enp3s0  proto static  metric 100 

Sergio