Author Topic: cannot get Tracing with mod_ifsession to work  (Read 2251 times)

Offline woody

  • New user
  • *
  • Posts: 22
    • View Profile
cannot get Tracing with mod_ifsession to work
« on: March 31, 2014, 03:24:30 pm »
Hello,

I am trying to enable tracing for a single account with IfUser but cannot get it to work. Tracing works if I just trace for all users but I get nothing when using IfUser.  Any suggestions appreciated.

I am running proftpd-1.3.4d
Compile-time Settings:
  Version: 1.3.4d (maint)
  Platform: LINUX [Linux 2.6.32-131.0.15.el6.i686 i686]
  Built: Mon Mar 17 2014 07:47:13 PDT
  Built With:
    configure  '--prefix=/usr/local/proftpd-1.3.4d' '--enable-ctrls' '--enable-openssl' '--enable-nls' '--with-modules=mod_ctrls_admin:mod_sftp:mod_tls:mod_ban:mod_readme:mod_ifsession'

  CFLAGS: -O2 -Wall
  LDFLAGS: -L$(top_srcdir)/lib
  LIBS:  -lssl -lcrypto -lssl -lcrypto -L$(top_srcdir)/lib/libcap -lcap  -lssl  -lcrypto -lsupp -lcrypt -ldl  -ldl -lz

  Files:
    Configuration File:
      /usr/local/proftpd-1.3.4d/etc/proftpd.conf
    Pid File:
      /usr/local/proftpd-1.3.4d/var/proftpd.pid
    Scoreboard File:
      /usr/local/proftpd-1.3.4d/var/proftpd.scoreboard

  Features:
    - Autoshadow support
    + Controls support
    + curses support
    - Developer support
    - DSO support
    + IPv6 support
    + Largefile support
    - Lastlog support
    - Memcache support
    + ncursesw support
    + NLS support
    + OpenSSL support (FIPS enabled)
    - PCRE support
    - POSIX ACL support
    + Shadow file support
    + Sendfile support
    + Trace support

  Tunable Options:
    PR_TUNABLE_BUFFER_SIZE = 1024
    PR_TUNABLE_DEFAULT_RCVBUFSZ = 8192
    PR_TUNABLE_DEFAULT_SNDBUFSZ = 8192
    PR_TUNABLE_GLOBBING_MAX_MATCHES = 100000
    PR_TUNABLE_GLOBBING_MAX_RECURSION = 8
    PR_TUNABLE_HASH_TABLE_SIZE = 40
    PR_TUNABLE_NEW_POOL_SIZE = 512
    PR_TUNABLE_SCOREBOARD_BUFFER_SIZE = 80
    PR_TUNABLE_SCOREBOARD_SCRUB_TIMER = 30
    PR_TUNABLE_SELECT_TIMEOUT = 30
    PR_TUNABLE_TIMEOUTIDENT = 10
    PR_TUNABLE_TIMEOUTIDLE = 600
    PR_TUNABLE_TIMEOUTLINGER = 30
    PR_TUNABLE_TIMEOUTLOGIN = 300
    PR_TUNABLE_TIMEOUTNOXFER = 300
    PR_TUNABLE_TIMEOUTSTALLED = 3600
    PR_TUNABLE_XFER_SCOREBOARD_UPDATES = 10

Conf File:

TraceLog /usr/local/proftpd/log/trace-1.3.4d.log
<IfUser dw8935>
    Trace session default:20 directory:0 fileperms:0 scp:20 sftp:20 ssh2:20 tls:0
</IfUser>

ServerIdent on "FTP Server ready"
ServerType standalone
ServerAdmin ftpadmin
UseReverseDNS off
TimeoutIdle 600
SocketBindTight on
Port 0
PidFile /var/run/proftpd-1.3.4d.pid
ScoreboardFile /var/run/proftpd-1.3.4d.scoreboard
MaxInstances 1000
MaxClients 1000 "The system has reached the max number of allowed connections. Please try again in a few minutes."

# Define ftp logging formats
SystemLog /usr/local/proftpd/log/messages-1.3.4d
LogFormat global "%{%b %d %H:%M:%S}t proftpd[%P] %L (%h[%a]): %u \"%r\" %s"

# Define Global directives here. Can be over-ridden in VirtualServer configs
<Global>
    User ftpadmin
    Group ftp
    MaxLoginAttempts 3
    IdentLookups off
    TransferLog /usr/local/proftpd/log/xferlog-1.3.4d
    ExtendedLog /usr/local/proftpd/log/messages-1.3.4d  ALL global
    DenyFilter "%"
    UseFtpUsers off
    Umask 0022 0002
    PathDenyFilter "(\.ftpaccess)|(\.htaccess)"
    DefaultRoot ~ !norootjail
    <Directory /*>
        AllowOverwrite on
    </Directory>
    TimesGMT    off
</Global>

<IfModule mod_sftp.c>
    <VirtualHost X.X.X.X>
        ServerName "Vulcan Prod SFTP"
        ServerIdent on "SFTP Server ready"
        AccessGrantMsg "Welcome %u to the SFTP Server"
        SFTPEngine on
        Port 223
        SFTPLog /usr/local/proftpd/log/sftp-1.3.4d.log
        <Limit LOGIN>
            AllowGroup sftpusers
            DenyAll
        </Limit>
        SFTPHostKey /etc/ssh/host_rsa
        SFTPHostKey /etc/ssh/host_dsa
        SFTPAuthorizedUserKeys file:~/.ssh/authorized_keys
        SFTPCompression delayed
        MaxLoginAttempts 6
    </VirtualHost>
</IfModule>

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: cannot get Tracing with mod_ifsession to work
« Reply #1 on: April 08, 2014, 02:08:58 pm »
The Trace directive is not currently supported in <IfUser> or <IfGroup> sections; only <IfClass>

Offline woody

  • New user
  • *
  • Posts: 22
    • View Profile
Re: cannot get Tracing with mod_ifsession to work
« Reply #2 on: April 16, 2014, 09:21:34 pm »
Thank you for the reply.  I was going off what is documented in the mini-howto at http://www.proftpd.org/docs/howto/Tracing.  I have tried setting it up using IfClass by putting this at the beginning of my proftpd.conf file

TraceLog /ftp2/proftpd/log/trace.log.ftp9lxv
<Class trace>
    From 172.20.165.2
</Class>
<IfClass trace>
    Trace default:0 directory:0 fileperms:0 scp:20 sftp:20 ssh2:20 tls:0
</IfClass>

but it still shows all sessions in the trace log.  If I change it to

Trace session default:0 directory:0 fileperms:0 scp:20 sftp:20 ssh2:20 tls:0

I do not get anything in the trace log.  Suggestions?

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: cannot get Tracing with mod_ifsession to work
« Reply #3 on: April 17, 2014, 01:17:55 am »
What does the proftpd debug logging show, at debug level 10, for sessions from that client?

Offline woody

  • New user
  • *
  • Posts: 22
    • View Profile
Re: cannot get Tracing with mod_ifsession to work
« Reply #4 on: April 17, 2014, 02:09:33 pm »
Thanks.  Here is the debug log for session from 172.20.165.2 with conf:

TraceLog /ftp2/proftpd/log/trace.log.ftp9lxv
<Class trace>
    From 172.20.165.2
</Class>
<IfClass trace>
    Trace session default:10 directory:10 fileperms:10 scp:10 sftp:10 ssh2:10 tls:0
</IfClass>

Offline castaglia

  • Administrator
  • Support Hero
  • *****
  • Posts: 5336
    • View Profile
    • http://www.castaglia.org/
Re: cannot get Tracing with mod_ifsession to work
« Reply #5 on: May 01, 2014, 05:03:58 am »
OK, so in the logs, I see:

  ftp9lxv.mitchell.com proftpd[26729] 10.0.54.70 (172.20.165.2[172.20.165.2]): session requested from client in 'trace' class

which shows that proftpd correctly identified the client as belonging to the 'trace' class.  Interestingly, though, I don't see the log messages showing mod_ifsession merging in the <IfClass> changes, or them being picked up.  Hrm.  I'll see if I can reproduce this locally.