Bug#827726: vsftpd: the connection logs are not sent to syslog when invalid login is used

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#827726: vsftpd: the connection logs are not sent to syslog when invalid login is used
From: Antonio Silva <asilva@wirelessmundi.com>
Date: Mon, 20 Jun 2016 11:37:19 +0200
Message-id: <[🔎] 06ea23fa-3985-570b-6273-99dcc3bec93b@wirelessmundi.com>
Reply-to: Antonio Silva <asilva@wirelessmundi.com>, 827726@bugs.debian.org

Package: vsftpd
Version: 3.0.2-17+deb8u1
Severity: normal


Dear Maintainer,

When syslog option is set to yes, syslog_enable=YES, the attemps from aninvalid user are not sent to syslog as they are sent to log file if thisoption is set to no.


Below is the information found in the logs for both configurations.

log found if syslog_enable=NO,
** in /var/log/vsftpd.log
Mon Jun 20 05:26:09 2016 [pid 6760] CONNECT: Client "::ffff:192.168.10.25"

Mon Jun 20 05:26:11 2016 [pid 6759] [administrator] FAIL LOGIN: Client"::ffff:192.168.10.25"


** in journalctl:

Jun 20 05:26:09 debian vsftpd[6759]: pam_unix(vsftpd:auth): check pass;user unknownJun 20 05:26:09 debian vsftpd[6759]: pam_unix(vsftpd:auth):authentication failure; logname= uid=0 euid=0 tty=ftpruser=administrator rhost=::ffff:192.168.10.25


----
Log found if syslog_enable=YES,
** in /var/log/vsftpd.log - there is nothing, as expected

** in journalctl:

Jun 20 05:24:58 debian kernel: audit: type=1326 audit(1466414698.870:7):auid=4294967295 uid=65534 gid=65534 ses=4294967295 pid=6722comm="vsftpd" exe="/usr/sbin/vsftpd" sig=31 syscall=41 compat=0ip=0x7fece08f09f7 code=0x0



-- Package-specific info:

-- System Information:
Debian Release: 8.4
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages vsftpd depends on:
ii  adduser                3.113+nmu3
ii  debconf [debconf-2.0]  1.5.56
ii  dialog                 1.2-20140911-1
ii  init-system-helpers    1.22
ii  libc6                  2.19-18+deb8u4
ii  libcap2                1:2.24-8
ii  libpam-modules         1.1.8-3.1+deb8u1+b1
ii  libpam0g               1.1.8-3.1+deb8u1+b1
ii  libssl1.0.0            1.0.1k-3+deb8u5
ii  libwrap0               7.6.q-25
ii  netbase                5.3

Versions of packages vsftpd recommends:
ii  logrotate  3.8.7-1+b1
ii  ssl-cert   1.0.35

vsftpd suggests no packages.

-- Configuration Files:
/etc/vsftpd.conf changed:
listen=NO
listen_ipv6=YES
anonymous_enable=NO
local_enable=YES
dirmessage_enable=YES
use_localtime=YES
syslog_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
ssl_enable=NO


-- debconf information:
  vsftpd/username: ftp
  vsftpd/directory: /srv/ftp

Reply to:

Prev by Date: Bug#826235: marked as done (libindicator: FTBFS: touch: cannot touch 'debian/stamp-makefile-check/gtk2': No such file or directory)
Next by Date: Processed: tagging 827550
Previous by thread: flowscan-cuflow is marked for autoremoval from testing
Next by thread: Processed: tagging 827550
Index(es):
- Date
- Thread