Odd entry in Syslog - Pam&VSFTP
Robert Slade
fedora at bathnetworks.com
Sun Jan 9 12:14:45 UTC 2005
Hiya,
I have been having trouble with VSFTP and during testing I saw this in
the syslog:
--------------------- pam_unix Begin ------------------------
vsftpd:
Unknown Entries:
check pass; user unknown: 9 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser=
rhost=210.121.141.150 : 7 Time(s)
authentication failure; logname= uid=0 euid=0 tty= ruser=
rhost=xxx.xxx.xxx.xxx : 2 Time(s)
---------------------- pam_unix End -------------------------
--------------------- Connections (secure-log) Begin
------------------------
Connections:
Service ftp:
xxx.xxx.xxx.xxx: 5 Time(s)
210.121.141.150: 1 Time(s)
**Unmatched Entries**
vsftpd[953]: pam_succeed_if: requirement "uid < 100" not met by user
"xxxxx"
vsftpd[956]: pam_succeed_if: requirement "uid < 100" not met by user
"xxxxx"
vsftpd[959]: pam_succeed_if: requirement "uid < 100" not met by user
"xxxxx"
---------------------- Connections (secure-log) End
-------------------------
I've replaced the legit user name and ip address with xxxx's, but left
the guilty Korean IP address - now blocked in iptables.
The problem I had is that the remote ftp connection using IE6 could
connect could log on, but was unable to list the directory contents.
(Yes I have ip_contrack_ftp in iptables_config) and the XP firewall was
set to allow passive FTP connections (it worked with an W2K server
running BPFTP Server also on the target network).
My questions are is the pam entry in syslog related to the the ftp
problem. If so how do I fix it. If not, how do I fix both problems?
Rob
More information about the fedora-list
mailing list