Quote:
Originally Posted by wit_273
Log in attempts are logged in /var/log/secure. So you need to set your log path for fail2ban to /var/log/secure. The xferlog records what files transfer. I am not sure what vstfpd.log records--but I believe it is optional as a way to break down what xferlog records. Not sure how to redirect what log file is used for log in attempts--not sure that you would want to combine them with the other logs either. If anything you would want to setup a separate log file to record ftp login attempts.
|
Hmm.. Seems like vsftpd was logging to /var/log/vsftpd.log
Here is the currect contents of the file:
Wed Jan 2 17:17:42 2008 [pid 25713] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:17:42 2008 [pid 25712] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:00 2008 [pid 25742] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:00 2008 [pid 25741] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:17 2008 [pid 25745] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:17 2008 [pid 25744] [joe] FAIL LOGIN: Client "x.x.x.x"
Wed Jan 2 17:23:30 2008 [pid 25747] CONNECT: Client "x.x.x.x"
Wed Jan 2 17:23:30 2008 [pid 25746] [joe] FAIL LOGIN: Client "x.x.x.x"
I dont know why it would have stopped?!!??!
This looks like the syntax fail2ban would need, correct?