Bug#827726: vsftpd: the connection logs are not sent to syslog when invalid login is used

Mon, 20 Jun 2016 02:39:37 -0700 

Package: vsftpd
Version: 3.0.2-17+deb8u1
Severity: normal


Dear Maintainer,
When syslog option is set to yes, syslog_enable=YES, the attemps from an invalid user are not sent to syslog as they are sent to log file if this option is set to no. 

Below is the information found in the logs for both configurations.

log found if syslog_enable=NO,
** in /var/log/vsftpd.log
Mon Jun 20 05:26:09 2016 [pid 6760] CONNECT: Client "::ffff:192.168.10.25"
Mon Jun 20 05:26:11 2016 [pid 6759] [administrator] FAIL LOGIN: Client "::ffff:192.168.10.25" 

** in journalctl:
Jun 20 05:26:09 debian vsftpd[6759]: pam_unix(vsftpd:auth): check pass; user unknown Jun 20 05:26:09 debian vsftpd[6759]: pam_unix(vsftpd:auth): authentication failure; logname= uid=0 euid=0 tty=ftp ruser=administrator rhost=::ffff:192.168.10.25 

----
Log found if syslog_enable=YES,
** in /var/log/vsftpd.log - there is nothing, as expected

** in journalctl:
Jun 20 05:24:58 debian kernel: audit: type=1326 audit(1466414698.870:7): auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=6722 comm="vsftpd" exe="/usr/sbin/vsftpd" sig=31 syscall=41 compat=0 ip=0x7fece08f09f7 code=0x0 


-- Package-specific info:

-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vsftpd depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  dialog                 1.2-20140911-1
ii  init-system-helpers    1.22
ii  libc6                  2.19-18+deb8u4
ii  libcap2                1:2.24-8
ii  libpam-modules         1.1.8-3.1+deb8u1+b1
ii  libpam0g               1.1.8-3.1+deb8u1+b1
ii  libssl1.0.0            1.0.1k-3+deb8u5
ii  libwrap0               7.6.q-25
ii  netbase                5.3

Versions of packages vsftpd recommends:
ii  logrotate  3.8.7-1+b1
ii  ssl-cert   1.0.35

vsftpd suggests no packages.

-- Configuration Files:
/etc/vsftpd.conf changed:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
syslog_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO


-- debconf information:
  vsftpd/username: ftp
  vsftpd/directory: /srv/ftp

Reply via email to