[Logcheck-devel] Bug#443886: /etc/logcheck/ignore.d.server/proftpd: [proftpd] Refused user $USER for service $FOO
Frédéric Brière
fbriere at fbriere.net
Mon Sep 24 20:33:00 UTC 2007
Package: logcheck-database
Version: 1.2.61
Severity: wishlist
File: /etc/logcheck/ignore.d.server/proftpd
Two weeks ago, I got a rush of these:
Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd
(Apparently, fail2ban managed to miss those.)
This is triggered by pam_listfile, which is used by proftpd (and other
FTP daemons) to block users listed in /etc/ftpusers.
Given how lazy I am, I simply wrote a rule for my own particular daemon:
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ proftpd: PAM-listfile: Refused user [-_.[:alnum:]]+ for service proftpd$
I'm not sure how you'd prefer to handle this case, though, as there are
various other FTP daemons that do the same thing. Copy the same rule
over and over for each package? Write an enumeration and create
ignore.d.server/libpam-modules? There may be other packages that use
pam_listfile, so should you use ".*" for the daemon and service names?
Ahh, the joy of being a mere user and not having to come up with
answers. :)
FYI, here's the list of packages that include /etc/ftpusers:
ftpd
ftpd-ssl
proftpd
pure-ftpd
pure-ftpd-ldap
pure-ftpd-mysql
pure-ftpd-postgresql
vsftpd
wu-ftpd
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: i386 (i686)
Kernel: Linux 2.6.21-2-k7 (SMP w/1 CPU core)
Locale: LANG=en_CA.utf-8, LC_CTYPE=en_CA.utf-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
-- debconf information excluded
More information about the Logcheck-devel
mailing list