Atomicorp

Security for Everyone
https://forums.atomicorp.com/

Excessive logging psa-proftpd update - FIXED error in rpm

https://forums.atomicorp.com/viewtopic.php?t=2856

Page 1 of 1

Excessive logging psa-proftpd update - FIXED error in rpm

Posted: Wed Feb 18, 2009 9:29 pm
by aus-city
Scott,

I am now logging heaps of events as follows in asl-web-gui level 3 events:

This started the moment psa-proftpd was updated.

12:21:52 server proftpd[7489]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - FTP session op 11201 3
12:21:52 server sshd[7231]: pam_unix(sshd:session): session closed for user root 5502 3
12:21:52 server proftpd[7489]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - USER aus-city: 11205 3
12:22:02 server proftpd[7498]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - FTP session op 11201 3
12:22:02 server proftpd[7498]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - USER aus-city: 11205 3
12:22:22 server proftpd[7516]: localhost6.localdomain6 (203.14.171.15[203.14.171.15]) - FTP 11201 3
12:22:22 server proftpd[7516]: localhost6.localdomain6 (203.14.171.15[203.14.171.15]) - USER 11205 3
12:22:22 server proftpd[7521]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - FTP session op 11201 3
12:22:22 server proftpd[7521]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - USER aus-city: 11205 3
12:22:52 server proftpd[7534]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - FTP session op 11201 3
12:22:52 server proftpd[7534]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - USER aus-city: 11205 3
12:23:12 server proftpd[7547]: localhost6.localdomain6 (10.0.0.1[10.0.0.1]) - FTP session op 11201 3


Problem is these will appear in the ossec emails?

Re: Excessive logging events with psa-proftpd update

Posted: Wed Feb 18, 2009 9:45 pm
by scott
Please keep these posts in the correct forum. The psa-proftpd package is not covered by ASL support.

Re: Excessive logging events with psa-proftpd update

Posted: Wed Feb 18, 2009 10:17 pm
by aus-city
Okay sorry its atomic support.

Resolved - your proftpd.pam is wrong.

I corrected it and the PAM errors are gone. I filed this before F8 was EOL, its been upstream since then. I then rebuilt the rpm from source with updated proftpd.pam

It's been noted in fedora upstream as I reported the bug in bugzilla it's a known issue for chrooted enviroments for proftpd.

Note you MUST comment it out as noted in the file.

Re: Excessive logging psa-proftpd update - FIXED error in rpm

Posted: Wed Feb 18, 2009 11:27 pm
by scott
Im using the one from plesk, so they're the upstream in this case. I would report this to parallels.

Re: Excessive logging psa-proftpd update - FIXED error in rpm

Posted: Thu Feb 19, 2009 3:09 am
by aus-city
Hi Scott,

The last one from parallels matched what I have now.

I think they use different ones depending on what the OS is, I can only speak for both Fedora 8 and a friend has a Fedora 7 server, both look like mine.

I can put them here on the weekend if you want.
All times are UTC-04:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited