[CentOS] OT Proftpd Continued

Wed Feb 22 03:41:32 UTC 2006
Mike Kercher <mike at CamaroSS.net>

You must have just upgraded your proftpd.  Here's the fix...make your
/etc/pam.d/ftp file look like this:

auth       required     /lib/security/pam_listfile.so item=user sense=deny
file=/etc/ftpusers onerr=succeed
auth       required     /lib/security/pam_pwdb.so shadow nullok

# If this is enabled, anonymous logins will fail because the 'ftp' user does
# not have a "valid" shell, as listed in /etc/shells.
#
# If you enable this, it is recommended that you do *not* give the 'ftp'
# user a real shell. Instead, give the 'ftp' user /bin/false for a shell and
# add /bin/false to /etc/shells.
#auth       required    /lib/security/pam_shells.so

account    required     /lib/security/pam_pwdb.so
session    required     /lib/security/pam_pwdb.so

Mike
 

> -----Original Message-----
> From: centos-bounces at centos.org 
> [mailto:centos-bounces at centos.org] On Behalf Of Ed Morrison
> Sent: Tuesday, February 21, 2006 5:10 PM
> To: CentOS mailing list
> Subject: [CentOS] OT Proftpd Continued
> 
> Below is a cut and past from my log files that are sent to 
> me.  This is from the last day that proftpd worked correctly. 
>  I'm not sure why proftpd was restarted as the log states:
> 
>  ################### LogWatch 5.2.2 (06/23/04) #################### 
>        Processing Initiated: Sun Feb 19 09:02:02 2006
>        Date Range Processed: yesterday
>      Detail Level of Output: 0
>           Logfiles for Host: ftp.csdsinc.com  
> ################################################################ 
> 
>  --------------------- ftpd-xferlog Begin ------------------------ 
> 
> TOTAL KB IN: 548KB (0MB)
> 
> Incoming Anonymous FTP Transfers:
>    64.151.114.234 -> /var/ftp/gps/cors/Mirror.txt (2 Times)
>    192.168.1.91 -> /var/ftp/gps/gis/B6021802.zip
>    192.168.1.91 -> /var/ftp/gps/gis/index.ndx (2 Times)
>    192.168.1.91 -> /var/ftp/gps/gis/B6021803.zip
>    64.151.114.234 -> 
> /var/ftp/gps/cors/rinex/2006/049/sacr/Ephm0490.06n (2 Times)
>    64.151.114.234 -> 
> /var/ftp/gps/cors/rinex/2006/048/sacr/sacr0480.06a (2 Times)
> 
>  ---------------------- ftpd-xferlog End ------------------------- 
> 
> 
>  --------------------- httpd Begin ------------------------ 
> 
> 
> Connection attempts using mod_proxy:
>    207.44.162.13 -> 205.188.155.89:25 : 2 Time(s)
> 
>  ---------------------- httpd End ------------------------- 
> 
> 
>  --------------------- pam_unix Begin ------------------------ 
> 
> crond:
>    Unknown Entries:
>       session closed for user root: 458 Time(s)
>       session opened for user root by (uid=0): 458 Time(s)
> 
> su:
>    Sessions Opened:
>       em(uid=500) -> root: 1 Time(s)
> 
> 
>  ---------------------- pam_unix End ------------------------- 
> 
> 
>  --------------------- proftpd-messages Begin 
> ------------------------ 
> 
> 
> **Unmatched Entries**
> proftpd shutdown succeeded
>  - warning: AuthPAMAuthoritative is deprecated proftpd 
> startup succeeded
> 
>  ---------------------- proftpd-messages End 
> ------------------------- 
> 
> 
>  --------------------- Connections (secure-log) Begin 
> ------------------------ 
> 
> 
> **Unmatched Entries**
> userhelper[25867]: pam_timestamp: updated timestamp file 
> `/var/run/sudo/root/0'
> userhelper[25868]: running 
> '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root 
> privileges on behalf of 'root'
> userhelper[26875]: pam_timestamp: updated timestamp file 
> `/var/run/sudo/root/0'
> userhelper[26876]: running 
> '/usr/lib64/chkrootkit-0.46a/chkrootkit.sh' with root 
> privileges on behalf of 'root'
> 
>  ---------------------- Connections (secure-log) End 
> ------------------------- 
> 
> 
>  --------------------- sendmail Begin ------------------------ 
> 
> 
> 
> Bytes Transferred: 200978
> Messages Sent:     2
> Total recipients:  2
>  ---------------------- sendmail End ------------------------- 
> 
> 
>  --------------------- SSHD Begin ------------------------ 
> 
> 
> Users logging in through sshd:
>    xxxxxx:
>       c-71-197-66-21.hsd1.ca.comcast.net (71.197.66.21): 1 time
> 
>  ---------------------- SSHD End ------------------------- 
> 
> 
> 
> ------------------ Disk Space --------------------
> 
> /dev/md1              366G   28G  320G   9% /
> /dev/md0               99M   27M   67M  29% /boot
> 
> 
>  ###################### LogWatch End #########################
> 
> 
> _______________________________________________
> CentOS mailing list
> CentOS at centos.org
> http://lists.centos.org/mailman/listinfo/centos
>