/var/log/vsftpd.log thường có nhiều thông báo CONNECT đáng ngờ từ những IP lạ gây bối rối cho người dùng.

Cấu hình log qua /etc/vsftpd.conf

  • syslog_enable=NO #writes directly to log file instead
  • log_ftp_protocol=NO #Logs everything passing between client and ftp service
  • xferlog_enable=YES #Logs the uploads and downloads and the username of which has done this.
  • vsftpd_log_file=… #Specifies where i want the log file to be written
  • xferlog_std_format=YES/NO #currently have this set yo yes need to play with it a bit more to find if its actually any use or not.
  • xferlog_file=… #Don’t know if this is really required, again need to play, doesn’t seem to log anything overly helpful
  • dual_log_enable=YES #enables logging in both vsftpd or xfer logging styles, vsftpd looks better so far

Sau đây là những thông báo thường gặp:

Connection attempt:

Mon Jul 10 15:51:17 2006 [pid 26152] CONNECT: Client ""

Failed login:

Mon Aug 21 14:33:24 2006 [pid 20175] [dcid] FAIL LOGIN: Client ""

Login OK:

Mon Aug 21 14:37:23 2006 [pid 20293] [dcid] OK LOGIN: Client ""

Anonymous login:

Mon Aug 21 14:32:06 2006 [pid 20127] [ftp] OK LOGIN: Client "", anon password "lala@"

File upload:

Sun Aug 27 16:28:20 2006 [pid 13962] [xx] OK UPLOAD: Client "", "/a.php", 8338 bytes, 18.77Kbyte/sec

Comments Off on vsftpd.log

Filed under Software

Comments are closed.