Issue Logwatch FTP question

[Inuya5ha]

Hi, I'm getting tons of these items in the logwatch mail. My FTP accounts are working perfectly, and there is no file /etc/ftpusers, so how and why is this file being invoked by brute force login attemps? I want to get rid of this from the logwatch in the most appropriate manner.

pam_listfile(proftpd:auth): Couldn't open /etc/ftpusers
pam_unix(proftpd:auth): authentication failure; logname= uid=0 euid=0 tty=/dev/ftpd3972 ruser=XXXX rhost=222.220.145.235  user=XXXX

In another forum, a user simply suggested to create an empty /etc/ftpusers file, is this the recommended way to fix this? Thanks.

 

[IgorG]

In file /etc/pam.d/proftpd try to comment line

session include system-auth

So, it should be like:

# cat /etc/pam.d/proftpd
#%PAM-1.0
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required pam_shells.so
auth include system-auth
account include system-auth
#session include system-auth
session required pam_loginuid.so

Then restart xinetd service.