PDA

Archiv verlassen und diese Seite im Standarddesign anzeigen : Proftp soll logs in Mysql-DB schreiben.



piccus
04.06.08, 16:56
Hallo Forum,
ich habe vesucht nach dieser Anleitung (http://www.iezzi.ch/archives/110#more-110) einen Proftpd zu installieren, der alles in eine MySQL-DB schreibt.

Das habe ich bisher gemacht:



apt-get update && apt-get -y install proftpd-mysql

# Mein FTP-Server soll ständig laufen. Also wähle ich Deamon.

sed -i "s/.*UseIPv6.*/UseIPv6 no/g" /etc/proftpd/proftpd.conf
/etc/init.d/proftpd restart
apt-get -y install mysql-common mysql-server

mysqladmin -u root password '123'
mysqladmin -p create xferlog #so soll meine DB heißen
mysql -u root -p < xferlog.sql

cat proftp_insert >> /etc/proftpd/proftpd.conf


Das SQL-File xferlog.sql sieht so aus:

USE xferlog;
CREATE TABLE `ftpxferlog` (
`id` INT NOT NULL AUTO_INCREMENT,
`username` VARCHAR(30) NOT NULL DEFAULT '',
`filename` text,
`size` bigint(20) DEFAULT NULL,
`host` tinytext,
`ip` tinytext,
`action` tinytext,
`duration` tinytext,
`localtime` timestamp NULL DEFAULT NULL,
`success` BOOL NOT NULL DEFAULT '0',
PRIMARY KEY (`id`),
KEY `idx_usersucc` (`username`, `success`)
) TYPE=InnoDB;

GRANT INSERT ON xferlog.ftpxferlog TO root@localhost;
FLUSH PRIVILEGES;

Das ist die proftp_insert, die ich an die proftpd.conf anhänge...


SQLConnectInfo xferlog@localhost root 123

# xfer log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "NULL, '%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), '1'" ftpxferlog

SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "NULL, '%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), '0'" ftpxferlog

Wenn ich dann den proftpd neustarte, kommt das:

421 Service not available

Hier noch ein paar Infos:


debian:~# proftpd -l
Compiled-in modules:
mod_core.c
mod_xfer.c
mod_auth_unix.c
mod_auth_file.c
mod_auth.c
mod_ls.c
mod_log.c
mod_site.c
mod_delay.c
mod_dso.c
mod_auth_pam.c
mod_readme.c
mod_cap.c
mod_ctrls.c
debian:~# netstat -tap | grep mysql
tcp 0 0 localhost:mysql *:* LISTEN 2796/mysqld
debian:~# netstat -tap | grep proftpd
tcp 0 0 *:ftp *:* LISTEN 3771/proftpd: (acce
debian:~#


PHPmyAdmin sagt übrigens, dass die Datenbank mit der Tabelle vorhanden aber leer ist. Es wird einfach nichts hineingeschrieben, obwohl hier

cat /var/log/proftpd/xferlog
alles richtig erfasst wird.


Meine Conf-Datei habe ich ansonsten nicht angefasst:

#
# /etc/proftpd/proftpd.conf -- This is a basic ProFTPD configuration file.
# To really apply changes reload proftpd after modifications.
#

# Includes DSO modules
Include /etc/proftpd/modules.conf

# Set off to disable IPv6 support which is annoying on IPv4 only boxes.
UseIPv6 no

ServerName "Debian"
ServerType standalone
DeferWelcome off

MultilineRFC2228 on
DefaultServer on
ShowSymlinks on

TimeoutNoTransfer 600
TimeoutStalled 600
TimeoutIdle 1200

DisplayLogin welcome.msg
DisplayFirstChdir .message
ListOptions "-l"

DenyFilter \*.*/

# Port 21 is the standard FTP port.
Port 21

# In some cases you have to specify passive ports range to by-pass
# firewall limitations. Ephemeral ports can be used for that, but
# feel free to use a more narrow range.
# PassivePorts 49152 65534

# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30

# Set the user and group that the server normally runs at.
User proftpd
Group nogroup

# Umask 022 is a good standard umask to prevent new files and dirs
# (second parm) from being group and world writable.
Umask 022 022
# Normally, we want files to be overwriteable.
AllowOverwrite on

# Uncomment this if you are using NIS or LDAP to retrieve passwords:
# PersistentPasswd off

# Be warned: use of this directive impacts CPU average load!
#
# Uncomment this if you like to see progress and transfer rate with ftpwho
# in downloads. That is not needed for uploads rates.
# UseSendFile off

TransferLog /var/log/proftpd/xferlog
SystemLog /var/log/proftpd/proftpd.log

<IfModule mod_tls.c>
TLSEngine off
</IfModule>

<IfModule mod_quota.c>
QuotaEngine on
</IfModule>

<IfModule mod_ratio.c>
Ratios on
</IfModule>


# Delay engine reduces impact of the so-called Timing Attack described in
# http://security.lss.hr/index.php?page=details&ID=LSS-2004-10-02
# It is on by default.
<IfModule mod_delay.c>
DelayEngine on
</IfModule>

<IfModule mod_ctrls.c>
ControlsEngine on
ControlsMaxClients 2
ControlsLog /var/log/proftpd/controls.log
ControlsInterval 5
ControlsSocket /var/run/proftpd/proftpd.sock
</IfModule>

<IfModule mod_ctrls_admin.c>
AdminControlsEngine on
</IfModule>

# A basic anonymous configuration, no upload directories.

# <Anonymous ~ftp>
# User ftp
# Group nogroup
# # We want clients to be able to login with "anonymous" as well as "ftp"
# UserAlias anonymous ftp
# # Cosmetic changes, all files belongs to ftp user
# DirFakeUser on ftp
# DirFakeGroup on ftp
#
# RequireValidShell off
#
# # Limit the maximum number of anonymous logins
# MaxClients 10
#
# # We want 'welcome.msg' displayed at login, and '.message' displayed
# # in each newly chdired directory.
# DisplayLogin welcome.msg
# DisplayFirstChdir .message
#
# # Limit WRITE everywhere in the anonymous chroot
# <Directory *>
# <Limit WRITE>
# DenyAll
# </Limit>
# </Directory>
#
# # Uncomment this if you're brave.
# # <Directory incoming>
# # # Umask 022 is a good standard umask to prevent new files and dirs
# # # (second parm) from being group and world writable.
# # Umask 022 022
# # <Limit READ WRITE>
# # DenyAll
# # </Limit>
# # <Limit STOR>
# # AllowAll
# # </Limit>
# # </Directory>
#
# </Anonymous>

SQLConnectInfo xferlog@localhost root 123

# xfer log in mysql
SQLLog RETR,STOR transfer1
SQLNamedQuery transfer1 INSERT "NULL, '%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), '1'" ftpxferlog

SQLLOG ERR_RETR,ERR_STOR transfer2
SQLNamedQuery transfer2 INSERT "NULL, '%u', '%f', '%b', '%h', '%a', '%m', '%T', now(), '0'" ftpxferlog

piccus

marce
04.06.08, 17:22
Eigentlich sollte etwas aussagekräftiges in /var/log/proftpd/proftpd.log stehen...

piccus
04.06.08, 17:56
Using username "root".
root@10.88.88.88's password:
debian:~# cat /var/log/proftpd/proftpd.log
May 13 16:25:18 debian proftpd[2388] debian.domain.de: error setting IPV6_V6ONLY: Protocol not available
May 13 16:25:18 debian proftpd[2388] debian.domain.de: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 13 16:28:59 debian proftpd[2388] debian.domain.de: ProFTPD killed (signal 15)
May 13 16:28:59 debian proftpd[2388] debian.domain.de: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 13 16:29:01 debian proftpd[2422] debian.domain.de: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 13 16:41:32 debian proftpd[3720] debian.domain.de (localhost[127.0.0.1]): FTP session opened.
May 13 16:41:37 debian proftpd[3720] debian.domain.de (localhost[127.0.0.1]): USER stiffmeister: Login successful.
May 13 16:41:41 debian proftpd[3720] debian.domain.de (localhost[127.0.0.1]): FTP session closed.
May 13 16:41:54 debian proftpd[2422] debian.domain.de: ProFTPD killed (signal 15)
May 13 16:41:54 debian proftpd[2422] debian.domain.de: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 13 16:41:56 debian proftpd[3746] debian.domain.de: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 13 16:41:58 debian proftpd[3752] debian.domain.de (localhost[127.0.0.1]): FTP session opened.
May 13 16:42:08 debian proftpd[3752] debian.domain.de (localhost[127.0.0.1]): USER stiffmeister: Login successful.
May 13 16:42:18 debian proftpd[3752] debian.domain.de (localhost[127.0.0.1]): FTP session closed.
May 13 16:42:25 debian proftpd[3756] debian.domain.de (localhost[127.0.0.1]): FTP session opened.
May 13 16:42:31 debian proftpd[3756] debian.domain.de (localhost[127.0.0.1]): USER stiffmeister: Login successful.
May 13 16:42:47 debian proftpd[3756] debian.domain.de (localhost[127.0.0.1]): FTP session closed.
May 13 16:44:52 debian proftpd[3746] debian.domain.de: ProFTPD killed (signal 15)
May 13 16:44:52 debian proftpd[3746] debian.domain.de: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 13 16:44:54 debian proftpd[3771] debian.domain.de: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
May 13 16:44:57 debian proftpd[3777] debian.domain.de (localhost[127.0.0.1]): FTP session closed.
May 13 17:52:33 debian proftpd[3814] debian.domain.de (localhost[127.0.0.1]): FTP session closed.
May 13 17:53:52 debian proftpd[3771] debian.domain.de: ProFTPD killed (signal 15)
May 13 17:53:52 debian proftpd[3771] debian.domain.de: ProFTPD 1.3.0 standalone mode SHUTDOWN
May 13 17:53:54 debian proftpd[3850] debian.domain.de: ProFTPD 1.3.0 (stable) (built mar gen 2 10:57:47 CET 2007) standalone mode STARTUP
debian:~#