Okay, some updates as I figured out what is going on.
PureFTPd on FreeBSD needs some extra attention after installing it via custombuild. By default, custombuild creates the startup file /usr/local/etc/rc.d/pure-ftpd and starts up the daemon with the following options:
Code:
LOG=/var/log/pureftpd.log
DB=/etc/pureftpd.pdb
OPTIONS="-B -A -C 4 -E -H -k 95 -L 2000:8 -O stats:${LOG} -l puredb:${DB} -p 35000:35999 -u 100 -U 133:022 -w -Z"
OPTIONS="${OPTIONS} -Y 1 -J HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3"
Basic statistics (that is transfers) will get logged to /var/log/pureftpd.log as one would suspect (see "-O stats:")... but what about authentication errors? If you check your current pureftpd.log, there won't be a single error, such as:
Code:
Jan 13 22:58:15 server pure-ftpd: ([email protected]) [WARNING] Authentication failed for user [anonymous]
A bit of digging around, I found out through
PureFTPd's FAQ page that the logging is sent to
syslogd. On a default FreeBSD installation, these authentication logs are kept under /var/log/xferlog. I know this because I checked it under /etc/syslog.conf. You will see an entry like so:
Code:
ftp.info /var/log/xferlog
And everything else will get sent to /var/log/messages, which simply clutter up crucial information.
I changed it to:
Code:
ftp.* /var/log/pureftpd.org
And then restarted syslogd like so:
And voilà, logs are now combined under /var/log/pureftpd.log.
However, this won't solve the issue with BFM not parsing the logs for firewall protection. As a quick fix, I have added
PureFTPd to fail2ban, and would recommend everyone else to do so until BFM takes into account this issue.