I keep getting security alerts from a remote client backup. The backups always run to success. The IPs that are listed in the job log are different every time and in various locations including some in Russia but also in London and European data centres. There are no entries at all in the remote client bacula log. This only happens with remote client backups, never with local client backups.
It's not clear to me whether these alerts are coming from the DIR or being sent to the Director by the client. I'm not sure whether to just ignore these or take some steps to block them. Is there an FD directive that would reject these perhaps? Any advice welcomed. Thanks -Chris Wilkinson ---------- Forwarded message --------- From: Bacula <winstonia...@gmail.com> Date: Tue, 17 Sep 2024, 03:50 Subject: Bacula: Backup OK of Client:nuc2 Fileset:nuc2 Incremental To: <root@localhost> 17-Sep 03:50 raspberrypi-dir JobId 7536: Start Backup JobId 7536, Job=nuc2.2024-09-17_03.50.00_03 17-Sep 03:50 raspberrypi-dir JobId 7536: Using Device "qnap-usb3" to write. 17-Sep 03:50 raspberrypi-dir JobId 7536: Sending Accurate information to the FD. 17-Sep 03:50 raspberrypi-sd JobId 7536: Volume "nuc2-incremental6040" previously written, moving to end of data. 17-Sep 03:50 raspberrypi-sd JobId 7536: Ready to append to end of Volume "nuc2-incremental6040" size=162,983,874 16-Sep 07:25 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.167. Len=-4. 17-Sep 03:50 raspberrypi-sd JobId 7536: Elapsed time=00:00:01, Transfer rate=90.58 K Bytes/second 16-Sep 07:26 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.159. Len=-4. 16-Sep 07:26 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.148. Len=-4. 16-Sep 07:26 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.154. Len=-4. 16-Sep 07:26 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.155. Len=-2147483608. 16-Sep 07:27 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.163. Len=49. 16-Sep 07:27 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.163. Len=110. 16-Sep 07:27 nuc2 JobId 0: Security Alert: bsock.c:560 Read error from client:87.236.176.156:9102: ERR=No data available 16-Sep 07:27 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.156. Len=0. 16-Sep 07:27 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.161. Len=-4. 16-Sep 07:28 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.178. Len=-4. 16-Sep 07:28 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.156. Len=-4. 16-Sep 07:28 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.170. Len=-4. 16-Sep 07:29 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.159. Len=-4. 16-Sep 07:29 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.152. Len=-4. 16-Sep 07:29 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.156. Len=-4. 16-Sep 07:30 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.170. Len=-4. 16-Sep 07:30 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.168. Len=0. 16-Sep 07:30 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.171. Len=0. 16-Sep 07:30 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 87.236.176.166. Len=-4. 16-Sep 19:54 nuc2 JobId 0: Security Alert: job.c:548 FD expecting Hello got bad command from 80.66.76.134. Len=-4. 17-Sep 03:50 raspberrypi-sd JobId 7536: Sending spooled attrs to the Director. Despooling 6,131 bytes ... 17-Sep 03:50 raspberrypi-dir JobId 7536: Bacula raspberrypi-dir 11.0.6 (10Mar22): Build OS: aarch64-unknown-linux-gnu debian 11.3 JobId: 7536 Job: nuc2.2024-09-17_03.50.00_03 Backup Level: Incremental, since=2024-09-16 03:50:03 Client: "nuc2" 11.0.6 (10Mar22) x86_64-pc-linux-gnu,debian,12.7 FileSet: "nuc2" 2023-09-26 03:50:00 Pool: "nuc2-incremental" (From Job IncPool override) Catalog: "MyCatalog" (From Pool resource) Storage: "remote-clients" (From Job resource) Scheduled time: 17-Sep-2024 03:50:00 Start time: 17-Sep-2024 03:50:05 End time: 17-Sep-2024 03:50:13 Elapsed time: 8 secs Priority: 10 FD Files Written: 25 SD Files Written: 25 FD Bytes Written: 87,301 (87.30 KB) SD Bytes Written: 90,582 (90.58 KB) Rate: 10.9 KB/s Software Compression: 50.0% 2.0:1 Comm Line Compression: None Snapshot/VSS: no Encryption: no Accurate: yes Volume name(s): nuc2-incremental6040 Volume Session Id: 175 Volume Session Time: 1725763550 Last Volume Bytes: 163,075,762 (163.0 MB) Non-fatal FD errors: 0 SD Errors: 0 FD termination status: OK SD termination status: OK Termination: Backup OK 17-Sep 03:50 raspberrypi-dir JobId 7536: Begin pruning Jobs older than 7 days . 17-Sep 03:50 raspberrypi-dir JobId 7536: Pruned 2 Jobs for client nuc2 from catalog. 17-Sep 03:50 raspberrypi-dir JobId 7536: Begin pruning Files. 17-Sep 03:50 raspberrypi-dir JobId 7536: No Files found to prune. 17-Sep 03:50 raspberrypi-dir JobId 7536: End auto prune. 17-Sep 03:50 raspberrypi-dir JobId 7536: shell command: run AfterJob "/home/pi/run-copy-job.sh nuc2-copy Incremental nuc2-Incremental nuc2-copy-Incremental" 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: Connecting to Director raspberrypi.fritz.box:9101 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: 1000 OK: 10002 raspberrypi-dir Version: 11.0.6 (10 March 2022) 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: Enter a period to cancel a command. 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: run yes job=nuc2-copy level=Incremental pool=nuc2-incremental nextpool=nuc2-copy-incremental 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: Using Catalog "MyCatalog" 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: Job queued. JobId=7537 17-Sep 03:50 raspberrypi-dir JobId 7536: AfterJob: You have messages.
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users