Add all ingredients in a food processor and whiz until it becomes a smooth paste, the bumbu. Set the instant pot on saute mode and saute the bumbu in some coconut oil until fragrant. Press cancel to stop the saute mode of the instant pot.
Add the water to the fragrant bumbu and stir well. Add the rest of the stock ingredients. Set the instant pot on soup mode and let it cook on high pressure for 30 minutes. Press cancel when the cooking time has passed and let the pressure release in a natural way (about 15 minutes).
Put the condiments in a soup bowl and pour the stock including some chicken. Serve with some sambal (chili paste) to taste.
After downloading and installing fail2ban stable from the fail2ban website it is time to tweak it’s behavior. First of all I checked some settings that weren’t set by default like the recidive filter. IP’s that are banned again will be banned for a longer period of time. So enable the recidive filter in the /etc/fail2ban/jail.local and change the find and ban time to your liking. There is one condition that the bantime and the findtime of the recidive filter is bigger than your ‘normal’ settings. My filters have a bantime and a findtime of a day. The bantime and findtime of my recidive filter are set to a week and two days. So if you banned again in the last two days you will be banned for a week. For that to work you have to change the dbpurge setting in /etc/fail2ban/fail2ban.conf to keep the data around long enough to meet the demands of your recidive findtime setting. I set mine to 2.5 days just to be sure. Remember set your own ip addresses to ignore and to restart fail2ban after changing your settings to let them take effect.
Next stop was the sshd filter. I use a key based authentication on my ssh server as most do. Therefore the default regex in the sshd filter doesn’t catch every attempt to logon so I added a few of my own. A very handy tool is fail2ban-regex. First I use it to catch the lines that were missed with the print-all-missed option. You will see all the lines missed by the filter and with some extra grepping show only the lines containing an IP address.
Now you can see the lines for which you can make an extra rule in your filter if you want to catch them. Here are the ones I added myself.
^%(__prefix_line)sReceived disconnect from <HOST>: 11: \[preauth\]\s*$
^%(__prefix_line)sDisconnecting: Too many authentication failures for invalid user \w+ from <HOST> port \d+ ssh2 \[preauth\]\s*$
^%(__prefix_line)sDisconnecting: Too many authentication failures for root from <HOST> port \d+ ssh2 \[preauth\]\s*$
^%(__prefix_line)sConnection closed by <HOST> \[preauth\]\s*$
^%(__prefix_line)sReceived disconnect from <HOST>: 11: Bye Bye \[preauth\]\s*$
^%(__prefix_line)sDid not receive identification string from <HOST>\s*$
^%(__prefix_line)sReceived disconnect from <HOST>: 11: disconnected by user\s*$
^%(__prefix_line)sBad protocol version identification '.*' from <HOST> port \d+\s*$
^%(__prefix_line)sReceived disconnect from <HOST>: 11: disconnected by user \[preauth\]\s*$
From time to time I check if foes use some “new” tricks to catch.