CSF not detecting pureftp brute force but BFM does

justjosh

New member
Joined
Oct 13, 2019
Messages
18
Having a bit of a predicament with CSF. Getting brute forced on FTP but it's not getting logged to /var/log/secure but to /var/log/messages. BFM picks this up but CSF does not.

Log entries as follows:

Oct 17 18:07:05 da1 pure-ftpd: (?@x.x.x.x) [INFO] New connection from x.x.x.x
Oct 17 18:07:10 da1 pure-ftpd: (?@x.x.x.x) [WARNING] Authentication failed for user [root]

Somehow this doesn't get picked up with CSF.

LF_FTPD = "5"
LF_FTPD_PERM = "1"
FTPD_LOG = "/var/log/secure"

I even tried to make it look at /var/log/messages with a custom log but nothing changes.

CUSTOM1_LOG = "/var/log/messages"
 

justjosh

New member
Joined
Oct 13, 2019
Messages
18
Tinkering around I found the fix:

Change

FTPD_LOG = "/var/log/secure"

to

FTPD_LOG = "/var/log/messages"
 
Top