dennis1309
New member
- Joined
- Jan 25, 2011
- Messages
- 2
We have installed the CSF/LFD plugin on a lot of our Directadmin hosting servers. I've configured
the paths for LFD and they point to the ftp and ssh logs. For example:
# Log files
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/proftpd/auth.log"
Example of the auth.log:
Jan 28 10:59:56 server sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.41.234.93 user=root
Jan 28 10:59:57 server sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.41.234.93 user=root
I think that this should be enough info for LFD, but it does not block anything yet.
What do we do wrong?
With regards,
Dennis
the paths for LFD and they point to the ftp and ssh logs. For example:
# Log files
HTACCESS_LOG = "/var/log/httpd/error_log"
MODSEC_LOG = "/var/log/httpd/error_log"
SSHD_LOG = "/var/log/auth.log"
SU_LOG = "/var/log/secure"
FTPD_LOG = "/var/log/proftpd/auth.log"
Example of the auth.log:
Jan 28 10:59:56 server sshd[13053]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.41.234.93 user=root
Jan 28 10:59:57 server sshd[13080]: pam_unix(sshd:auth): authentication failure; logname= uid=0 euid=0 tty=ssh ruser= rhost=117.41.234.93 user=root
I think that this should be enough info for LFD, but it does not block anything yet.
What do we do wrong?
With regards,
Dennis
