2

I've got question about pure-ftpd server, I'm running. I want to setup it to log IP addresses instead of hostnames, but none of configuration works.

I tried:

  • Writing "yes" or "1" to /etc/pure-ftpd/conf/DontResolve (as I found somewhere)
  • Running with -H argument as it is in docs

I tried also restart service after change but without change.

None of it works and my auth.log looks still the same:

Aug 18 19:46:38 vps pure-ftpd: pam_unix(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=webmaster rhost=is-being-WHORED-by.TAUG-Clan.com

It shows the reason I want to see the IP. I receive many attempts to login with obfuscated hostname and Fail2Ban can't stop it.

I'm using version 1.0.28-3+squeeze1 from Debian repositories. Is problem with my installation, or I'm doing something wrong?

MadHatter
  • 79,770
  • 20
  • 184
  • 232
Jakuje
  • 9,715
  • 2
  • 42
  • 45
  • Is your pure-ftpd configured with php-mysql? – Pratap Aug 20 '13 at 14:22
  • What do you mean? I configured it by hand. But server runs php and mysql too. – Jakuje Aug 20 '13 at 16:18
  • Cause I am running pure-ftpd which is configured with mysql. Hence for me putting "yes" in file /etc/pure-ftpd/conf/DontResolve works without any issue. Do you see any error while restarting pure-ftpd? Provide the log and startup script if possible. – Pratap Aug 22 '13 at 08:20
  • After restart, I see no errors: Restarting ftp server: Running: /usr/sbin/pure-ftpd -l puredb:/etc/pure-ftpd/pureftpd.pdb -l pam -E -u 1000 -8 UTF-8 -O clf:/var/log/pure-ftpd/transfer.log -H -B No errors I can see in /var/log too. In /var/log/pure-ftpd/ is only transfer log (It does log IP correctly) In syslog with successful logins, there is also IP. I see that wrong login is also in syslog with IP addresses. But in auth.log it is still in hostname format. So another related question? How to force Fail2ban to parse syslog instead of auth.log? – Jakuje Aug 24 '13 at 08:21

1 Answers1

4

I'm using pure-ftpd 1.0.35 Ubuntu 12.04.3 LTS. Don't work

echo 'yes' > /etc/pure-ftpd/conf/DontResolve

The parameter 'DontResolve' changes '/var/log/syslog' but it don't change '/var/log/auth.log'. So for Fail2ban

# nano jail.local
[pure-ftpd]

enabled  = true
port     = ftp,ftp-data,ftps,ftps-data
filter   = pure-ftpd
#logpath  = /var/log/auth.log
logpath  = /var/log/syslog
maxretry = 6
Darkfire
  • 41
  • 6
  • echo 'yes' > /etc/pure-ftpd/conf/DontResolve && /etc/init.d/pure-ftpd restart did the trick for me. I see log records in /var/log/messages and /var/log/syslog ... but I don't see it logging differently in different files. – David Goodwin Feb 25 '15 at 17:38