ProFTPd lässt nur wenige Verbindungen zu nach Update auf RC6 - DaSilva - 08-19-2008 03:56 AM
Nach einem Update auf RC6 (von RC5) lässt ProFTPd immer nur 1-2 Verbindungen zu, danach bekommt man bei einem Verbindungsaufbau ein time out.
proftpd.conf:
Code:
#
# ispCP OMEGA ProFTPd config file
#
#
#
# Includes required DSO modules. This is mandatory in proftpd 1.3
#
Include /etc/proftpd/modules.conf
# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 off
ServerName "domain.net"
ServerType standalone
DeferWelcome off
ShowSymlinks on
MultilineRFC2228 on
DefaultServer on
ShowSymlinks on
AllowOverwrite on
UseReverseDNS off
IdentLookups off
AllowStoreRestart on
AllowForeignAddress on
LogFormat traff "%b %u"
TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200
DisplayLogin welcome.msg
DisplayFirstChdir message
#ListOptions "-l"
DenyFilter \*.*/
DefaultRoot ~
# Uncomment this if you are using NIS or LDAP to retrieve passwords:
#PersistentPasswd off
# Port 21 is the standard FTP port.
Port 21
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nogroup
# Normally, we want files to be overwriteable.
<Directory /*>
# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
AllowOverwrite on
HideNoAccess on
</Directory>
<Limit ALL>
IgnoreHidden on
</Limit>
<Global>
RootLogin off
TransferLog /var/log/proftpd/xferlog
ExtendedLog /var/log/proftpd/ftp_traff.log read,write traff
PathDenyFilter "\.quota$"
</Global>
SystemLog /var/log/proftpd/proftpd.log
<IfModule mod_delay.c>
DelayEngine off
</IfModule>
#
# ISPCP Managment;
#
SQLBackend mysql # enable for proFTPd >= 1.3
SQLAuthTypes Crypt
SQLAuthenticate on
SQLConnectInfo ispcp@localhost vftp qwertz
SQLUserInfo ftp_users userid passwd uid gid homedir shell
SQLGroupInfo ftp_group groupname gid members
SQLMinID 2000
#
# ISPCP Quota management;
#
QuotaEngine on
QuotaShowQuotas on
QuotaDisplayUnits Mb
SQLNamedQuery get-quota-limit SELECT "name, quota_type, per_session, limit_type, bytes_in_avail, bytes_out_avail, bytes_xfer_avail, files_in_avail, files_out_avail, files_xfer_avail FROM quotalimits WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery get-quota-tally SELECT "name, quota_type, bytes_in_used, bytes_out_used, bytes_xfer_used, files_in_used, files_out_used, files_xfer_used FROM quotatallies WHERE name = '%{0}' AND quota_type = '%{1}'"
SQLNamedQuery update-quota-tally UPDATE "bytes_in_used = bytes_in_used + %{0}, bytes_out_used = bytes_out_used + %{1}, bytes_xfer_used = bytes_xfer_used + %{2}, files_in_used = files_in_used + %{3}, files_out_used = files_out_used + %{4}, files_xfer_used = files_xfer_used + %{5} WHERE name = '%{6}' AND quota_type = '%{7}'" quotatallies
SQLNamedQuery insert-quota-tally INSERT "%{0}, %{1}, %{2}, %{3}, %{4}, %{5}, %{6}, %{7}" quotatallies
QuotaLock /var/run/proftpd/tally.lock
QuotaLimitTable sql:/get-quota-limit
QuotaTallyTable sql:/get-quota-tally/update-quota-tally/insert-quota-tally
#
# SSL via TLS
#
#<IfModule mod_tls.c>
# TLSEngine off # on for use of TLS
# TLSLog /var/log/proftpd/ftp_ssl.log # where to log to
# TLSProtocol SSLv23 # SSLv23 or TLSv1
# TLSOptions NoCertRequest # either to request the certificate or not
# TLSRSACertificateFile /etc/proftpd/ssl.crt # SSL certfile
# TLSRSACertificateKeyFile /etc/proftpd/ssl.key # SSL keyfile
# TLSVerifyClient off # client verification
#</IfModule>
modules.conf:
Code:
#
# This file is used to manage DSO modules and features.
#
# This is the directory where DSO modules reside
ModulePath /usr/lib/proftpd
# Allow only user root to load and unload modules, but allow everyone
# to see which modules have been loaded
ModuleControlsACLs insmod,rmmod allow user root
ModuleControlsACLs lsmod allow user *
LoadModule mod_ctrls_admin.c
LoadModule mod_tls.c
LoadModule mod_sql.c
LoadModule mod_ldap.c
LoadModule mod_sql_mysql.c
LoadModule mod_sql_postgres.c
LoadModule mod_quotatab.c
LoadModule mod_quotatab_file.c
LoadModule mod_quotatab_ldap.c
LoadModule mod_quotatab_sql.c
LoadModule mod_radius.c
LoadModule mod_wrap.c
LoadModule mod_rewrite.c
# keep this module the last one
LoadModule mod_ifsession.c
Leider kann ich in /var/log/proftpd/* nichts dazu finden, da die proftpd.log leer ist.
In der /var/log/auth.log steht:
Code:
Aug 18 19:49:26 s1 proftpd[14727]: s1.domain.net (::ffff:12.34.56.78[::ffff:12.34.56.78]) - FTP no transfer timeout, disconnected
Aug 18 19:49:26 s1 proftpd[14727]: s1.domain.net (::ffff:12.34.56.78[::ffff:12.34.56.78]) - FTP session closed. ]
Aug 18 20:00:52 s1 proftpd[16951] s1.domain.net (12.34.56.78[12.34.56.78]): PAM(root@domain.net): User not known to the underlying authentication module.
Wodran kann das liegen und wie kann ich es beheben? Danke.
RE: ProFTPd lässt nur wenige Verbindungen zu nach Update auf RC6 - Cube - 08-19-2008 07:10 AM
Also ich kann dir nur sagen, dass die aktuelle proftpd.conf anders ausschaut, aber ob es mit deinem Problem etwas zu tun hat, kann ich dir nicht sagen.
http://www.isp-control.net/ispcp/browser/trunk/configs/debian/proftpd/proftpd.conf
RE: ProFTPd lässt nur wenige Verbindungen zu nach Update auf RC6 - DaSilva - 08-20-2008 01:03 AM
Ich weiß jetzt wodran es liegt:
fail2ban schiebt Probleme. Aus irgendeinem Grund bekomme ich seit dem Update beim Einloggen auf den FTP folgende Nachricht (in den logs):
Quote:Aug 18 20:00:52 s1 proftpd[16951] s1.domain.net (12.34.56.78[12.34.56.78]): PAM(root@domain.net): User not known to the underlying authentication module.
Darauf reagiert fail2ban so:
Quote:/var/log/fail2ban.log:2008-08-17 06:26:03,401 fail2ban.filter : INFO Set failregex = proftpd: \(pam_unix\) authentication failure; .* rhost=(?:::f{4,6}:)?(?P<host>\S+)
/var/log/fail2ban.log:2008-08-17 22:04:30,072 fail2ban.actions: WARNING [proftpd] Ban 12.34.56.78
Jetzt ist die Frage warum ich diese Fehlermeldung für jeden FTP-Account bekomme, mich aber trotzdem einloggen kann (bis ich von fail2ban gebannt werde). EDIT: Anscheinend ist es dieses Problem. So konnte ich es auch lösen, nur mit dem net2ftp und der Wartezeit ist blöd. Gibt es da eine bessere Lösung für?
Danke.
|