I can’t have fail2ban working with propftpd.
The reason is the strange date format in proftpd.log, for instance:
nov. 13 14:40:33 sd-25139 proftpd XXX.YYY.ZZZ (sd-24052.dedibox.fr[::ffff:188.8.131.52]): SECURITY VIOLATION: root login attempted.
The dot in nov. is guilty.
Is it any way to correct-it?
It should be using the “Nov 13” format by default.
ProFTPd typically logs directly to /var/log/proftpd.log, rather than going through syslog – so you may want to review your ProFTPd config file to see if there’s something in there that’s causing the problem you’re seeing.
That would be located in /etc/proftpd/proftpd.conf.
I have changed Default by auth in Webmin/ProFTPD Server/Logging Options/System log facility combobox and now the format date is OK.
The problem remains, any time proftpd restarts, it uses the weird defauft log format, for instance this morning (an unattended restart, logrotate??):
Dec 01 06:25:03 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD killed (signal 15)
Dec 01 06:25:03 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD 1.3.3a standalone mode SHUTDOWN
dÃ©c. 01 06:25:04 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD 1.3.3a (maint) (built Sun Nov 13 2011 22:40:44 UTC) standalone mode STARTUP
I am oblige to restart it from Webmin to restore a correct log format
dÃ©c. 01 09:39:24 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD killed (signal 15)
dÃ©c. 01 09:39:24 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD 1.3.3a standalone mode SHUTDOWN
Dec 01 09:39:25 sd-25139 proftpd sd-25139.dedibox.fr: ProFTPD 1.3.3a (maint) (built Sun Nov 13 2011 22:40:44 UTC) standalone mode STARTUP
Which config proftpd uses it when it restarts?
/etc/proftpd/proftpd.conf ends with:
Yeah, it should use "/etc/proftpd/proftpd.conf " by default.
If you run “ps auxw | grep proftp”, if you don’t see it running with a -c parameter specifying a non-default config file, it should use the default.
Then, you can run “proftpd -V” to verify what config file it’s hard-coded to use.
It was a locale issue, proftpd/Default has some problem with fr_FR.UTF-8
The solution I have found:
I have added en_US.UTF-8 to my server
I have added the line: