FTP clear text authentication issues and PCI Compliance

Dumb NOOB of the week award goes to.... ME

One thing that I forgot to mention in all of this was when I followed the instructions for setting up Secure FTP in proftpd was that while the master user accounts would work for sftp login the ftp accounts themselves would NOT work

for example

customer would would work but [email protected] would NOT work
 
This is the latest based on some instructions

I know I am missing something somewhere, but what is it?

Code: 
1) Check if it's compiled in:
 
/usr/sbin/proftpd -l
 
we're looking for mod_tls.c


[root@cp ~]# /usr/sbin/proftpd -l
Compiled-in modules:
  mod_core.c
  mod_xfer.c
  mod_auth_unix.c
  mod_auth_file.c
  mod_auth.c
  mod_ls.c
  mod_log.c
  mod_site.c
  mod_delay.c
  mod_facts.c
  mod_ident.c
  mod_ratio.c
  mod_readme.c
  mod_sftp.c
  mod_tls.c
  mod_cap.c
  mod_lang.c

2) Check:
/etc/proftpd.conf
 
and compare with:
/usr/local/directadmin/data/templates/proftpd.conf
 
eg:
diff /etc/proftpd.conf /usr/local/directadmin/data/templates/proftpd.conf
 
(ignore the |SERVER_IP| token difference, but ensure you use the TLSProtocl change we discussed)

[root@cp ~]# diff /etc/proftpd.conf /usr/local/directadmin/data/templates/proftpd.conf
21,22c21,22
< LogFormat             userlog "%u %b"
< #ExtendedLog          /var/log/proftpd/74.124.206.98.bytes WRITE,READ userlog
---
> LogFormat             userlog "%u %b %m %a"
> ExtendedLog           /var/log/proftpd/|SERVER_IP|.bytes WRITE,READ userlog
25a26
> AuthOrder mod_auth_file.c
39a41,42
>
>       TLSCipherSuite HIGH:MEDIUM:+TLSv1:!SSLv2:+SSLv3
42a46
>       PassivePorts            35000 35999
72a77,82
>       <IfModule mod_tls.c>
>               TLSEngine on
>               TLSLog /var/log/proftpd/proftpd.tls.log
>               TLSRSACertificateFile /etc/exim.cert
>               TLSRSACertificateKeyFile /etc/exim.key
>       </IfModule>
76,78d85
<
<
<

3) check /var/log/proftpd/proftpd.tls.log for more clues.

[root@cp ~]# tail -n 40 /var/log/proftpd/proftpd.tls.log
Jun 07 18:15:04 mod_tls/2.4.2[436]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:15:04 mod_tls/2.4.2[439]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:25:04 mod_tls/2.4.2[734]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:25:04 mod_tls/2.4.2[735]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:35:03 mod_tls/2.4.2[1016]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:35:03 mod_tls/2.4.2[1018]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:45:11 mod_tls/2.4.2[1341]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:45:12 mod_tls/2.4.2[1338]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:55:04 mod_tls/2.4.2[1583]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 18:55:04 mod_tls/2.4.2[1585]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:05:04 mod_tls/2.4.2[1828]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:05:04 mod_tls/2.4.2[1831]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:15:04 mod_tls/2.4.2[2150]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:15:04 mod_tls/2.4.2[2153]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:25:06 mod_tls/2.4.2[2470]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:25:06 mod_tls/2.4.2[2472]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:31:11 mod_tls/2.4.2[2672]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:32:07 mod_tls/2.4.2[2685]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:32:07 mod_tls/2.4.2[2684]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:35:04 mod_tls/2.4.2[2793]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:35:04 mod_tls/2.4.2[2796]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:45:05 mod_tls/2.4.2[3177]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:45:05 mod_tls/2.4.2[3175]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:55:04 mod_tls/2.4.2[3510]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 19:55:04 mod_tls/2.4.2[3511]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:05:03 mod_tls/2.4.2[3786]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:05:03 mod_tls/2.4.2[3787]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:13:49 mod_tls/2.4.2[4101]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:13:49 mod_tls/2.4.2[4103]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:15:05 mod_tls/2.4.2[4232]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:15:05 mod_tls/2.4.2[4234]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:25:11 mod_tls/2.4.2[4544]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:25:11 mod_tls/2.4.2[4545]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:33:28 mod_tls/2.4.2[4805]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:35:04 mod_tls/2.4.2[4888]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:35:04 mod_tls/2.4.2[4885]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:45:06 mod_tls/2.4.2[5187]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:45:06 mod_tls/2.4.2[5189]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:55:03 mod_tls/2.4.2[5462]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
Jun 07 20:55:03 mod_tls/2.4.2[5461]: using default OpenSSL verification locations (see $SSL_CERT_DIR environment variable)
 
i suggests to delete the bin of proftpd for be sure its the new one..


rm /usr/sbin/proftpd

and retry install proftpd from custombuild..
 
customer would would work but [email protected] would NOT work
Click to expand...

I'm curiously, what error do you have in your FTP client? And what is there in FTP access and auth logs?

With SFTP you might want to enable SFTPLog or even TraceLog:

Put in /etc/proftpd.conf the following lines

Code: 
##--
TraceLog        /var/log/proftpd/sftp-trace.log
Trace           scp:20 sftp:20 ssh2:20
##--

just BEFORE

Code: 
<Global>


save it, and restart ftp daemon.

This will help you to determine the problem, if default logs say nothing useful.
 
I noticed you had 2 proftpd.conf files...you might have multiple installations of proftpd.

Code: 
rpm -e --nodeps `rpm -aq | grep -i proftpd`
mv /etc/proftpd.conf /etc/proftpd.conf.bak
mv /usr/local/etc/proftpd.conf /usr/local/etc/proftpd.conf.bak
cd /usr/local/directadmin/custombuild
./build update
./build clean
./build proftpd d
 
You must log in or register to reply here.
Back
Top