vsftpd.log

/var/log/vsftpd.log thường có nhiều thông báo CONNECT đáng ngờ từ những IP lạ gây bối rối cho người dùng.

Cấu hình log qua /etc/vsftpd.conf

  • syslog_enable=NO #writes directly to log file instead
  • log_ftp_protocol=NO #Logs everything passing between client and ftp service
  • xferlog_enable=YES #Logs the uploads and downloads and the username of which has done this.
  • vsftpd_log_file=… #Specifies where i want the log file to be written
  • xferlog_std_format=YES/NO #currently have this set yo yes need to play with it a bit more to find if its actually any use or not.
  • xferlog_file=… #Don’t know if this is really required, again need to play, doesn’t seem to log anything overly helpful
  • dual_log_enable=YES #enables logging in both vsftpd or xfer logging styles, vsftpd looks better so far

Sau đây là những thông báo thường gặp:

Connection attempt:

Mon Jul 10 15:51:17 2006 [pid 26152] CONNECT: Client "216.218.206.68"

Failed login:

Mon Aug 21 14:33:24 2006 [pid 20175] [dcid] FAIL LOGIN: Client "127.0.0.1"

Login OK:

Mon Aug 21 14:37:23 2006 [pid 20293] [dcid] OK LOGIN: Client "127.0.0.1"

Anonymous login:

Mon Aug 21 14:32:06 2006 [pid 20127] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lala@"

File upload:

Sun Aug 27 16:28:20 2006 [pid 13962] [xx] OK UPLOAD: Client "1.2.3.4", "/a.php", 8338 bytes, 18.77Kbyte/sec

Comments Off on vsftpd.log

Filed under Software

Comments are closed.