Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states:
################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: ftp.csdsinc.com ################################################################
--------------------- ftpd-xferlog Begin ------------------------
TOTAL KB IN: 548KB (0MB)
Incoming Anonymous FTP Transfers: 64.151.114.234 -> /var/ftp/gps/cors/Mirror.txt (2 Times) 192.168.1.91 -> /var/ftp/gps/gis/B6021802.zip 192.168.1.91 -> /var/ftp/gps/gis/index.ndx (2 Times) 192.168.1.91 -> /var/ftp/gps/gis/B6021803.zip 64.151.114.234 -> /var/ftp/gps/cors/rinex/2006/049/sacr/Ephm0490.06n (2 Times) 64.151.114.234 -> /var/ftp/gps/cors/rinex/2006/048/sacr/sacr0480.06a (2 Times)
---------------------- ftpd-xferlog End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy: 207.44.162.13 -> 205.188.155.89:25 : 2 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
crond: Unknown Entries: session closed for user root: 458 Time(s) session opened for user root by (uid=0): 458 Time(s)
su: Sessions Opened: em(uid=500) -> root: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- proftpd-messages Begin ------------------------
**Unmatched Entries** proftpd shutdown succeeded - warning: AuthPAMAuthoritative is deprecated proftpd startup succeeded
---------------------- proftpd-messages End -------------------------
--------------------- Connections (secure-log) Begin ------------------------
**Unmatched Entries** userhelper[25867]: pam_timestamp: updated timestamp file `/var/run/sudo/root/0' userhelper[25868]: running '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root privileges on behalf of 'root' userhelper[26875]: pam_timestamp: updated timestamp file `/var/run/sudo/root/0' userhelper[26876]: running '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root privileges on behalf of 'root'
---------------------- Connections (secure-log) End -------------------------
--------------------- sendmail Begin ------------------------
Bytes Transferred: 200978 Messages Sent: 2 Total recipients: 2 ---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd: xxxxxx: c-71-197-66-21.hsd1.ca.comcast.net (71.197.66.21): 1 time
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
/dev/md1 366G 28G 320G 9% / /dev/md0 99M 27M 67M 29% /boot
###################### LogWatch End #########################
You must have just upgraded your proftpd. Here's the fix...make your /etc/pam.d/ftp file look like this:
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. # # If you enable this, it is recommended that you do *not* give the 'ftp' # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and # add /bin/false to /etc/shells. #auth required /lib/security/pam_shells.so
account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so
Mike
-----Original Message----- From: centos-bounces@centos.org [mailto:centos-bounces@centos.org] On Behalf Of Ed Morrison Sent: Tuesday, February 21, 2006 5:10 PM To: CentOS mailing list Subject: [CentOS] OT Proftpd Continued
Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states:
################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles for Host: ftp.csdsinc.com ################################################################
--------------------- ftpd-xferlog Begin ------------------------
TOTAL KB IN: 548KB (0MB)
Incoming Anonymous FTP Transfers: 64.151.114.234 -> /var/ftp/gps/cors/Mirror.txt (2 Times) 192.168.1.91 -> /var/ftp/gps/gis/B6021802.zip 192.168.1.91 -> /var/ftp/gps/gis/index.ndx (2 Times) 192.168.1.91 -> /var/ftp/gps/gis/B6021803.zip 64.151.114.234 -> /var/ftp/gps/cors/rinex/2006/049/sacr/Ephm0490.06n (2 Times) 64.151.114.234 -> /var/ftp/gps/cors/rinex/2006/048/sacr/sacr0480.06a (2 Times)
---------------------- ftpd-xferlog End -------------------------
--------------------- httpd Begin ------------------------
Connection attempts using mod_proxy: 207.44.162.13 -> 205.188.155.89:25 : 2 Time(s)
---------------------- httpd End -------------------------
--------------------- pam_unix Begin ------------------------
crond: Unknown Entries: session closed for user root: 458 Time(s) session opened for user root by (uid=0): 458 Time(s)
su: Sessions Opened: em(uid=500) -> root: 1 Time(s)
---------------------- pam_unix End -------------------------
--------------------- proftpd-messages Begin
**Unmatched Entries** proftpd shutdown succeeded
- warning: AuthPAMAuthoritative is deprecated proftpd
startup succeeded
---------------------- proftpd-messages End
--------------------- Connections (secure-log) Begin
**Unmatched Entries** userhelper[25867]: pam_timestamp: updated timestamp file `/var/run/sudo/root/0' userhelper[25868]: running '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root privileges on behalf of 'root' userhelper[26875]: pam_timestamp: updated timestamp file `/var/run/sudo/root/0' userhelper[26876]: running '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root privileges on behalf of 'root'
---------------------- Connections (secure-log) End
--------------------- sendmail Begin ------------------------
Bytes Transferred: 200978 Messages Sent: 2 Total recipients: 2 ---------------------- sendmail End -------------------------
--------------------- SSHD Begin ------------------------
Users logging in through sshd: xxxxxx: c-71-197-66-21.hsd1.ca.comcast.net (71.197.66.21): 1 time
---------------------- SSHD End -------------------------
------------------ Disk Space --------------------
/dev/md1 366G 28G 320G 9% / /dev/md0 99M 27M 67M 29% /boot
###################### LogWatch End #########################
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Mike Kercher wrote:
You must have just upgraded your proftpd. Here's the fix...make your /etc/pam.d/ftp file look like this:
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth required /lib/security/pam_pwdb.so shadow nullok
# If this is enabled, anonymous logins will fail because the 'ftp' user does # not have a "valid" shell, as listed in /etc/shells. # # If you enable this, it is recommended that you do *not* give the 'ftp' # user a real shell. Instead, give the 'ftp' user /bin/false for a shell and # add /bin/false to /etc/shells. #auth required /lib/security/pam_shells.so
account required /lib/security/pam_pwdb.so session required /lib/security/pam_pwdb.so
Mike
Mike, thanks for the reply. It got me into the right area to get this resolved. I set my /etc/pam.d/ftp file as you suggested but that did not fix my problem, although setting the file to this did:
#%PAM-1.0 auth required pam_unix.so nullok account required pam_unix.so session required pam_unix.so
Again, I would still be wondering how to fix if not for your assistance....thanks again!
Ed
-
Ed Morrison -
Mike Kercher