Hello,
I have couple of questions on how to improve security of server...
I've been looking the logs shown inside of ISPConfig, and I noticed under System-Log a bunch of people connecting to my FTP Server trying to figure out password of administrator account..
here is the message i get on the log.

Jun 19 17:46:48 server pure-ftpd: (?@61.152.159.231) [WARNING] Authentication failed for user [Administrator]
Jun 19 17:47:04 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address
Jun 19 17:47:17 server pure-ftpd: (?@61.152.159.231) [INFO] New connection from 61.152.159.231
Jun 19 17:47:17 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address
Jun 19 17:47:24 server pure-ftpd: (?@61.152.159.231) [WARNING] Authentication failed for user [Administrator]
Jun 19 17:47:28 server pure-ftpd: (?@61.152.159.231) [INFO] PAM_RHOST enabled. Getting the peer address

Is there a way I can make it more secure, if somebody tries to authenticate 3 times the system block the connection from that ip adress for a determined amount of time..??

The second question is...
On ISPCOnfig under Mail Warn-Log, looks like spammers a trying to user mail smtp server to send emails.
This is the message show on the log:

Jun 18 09:50:14 server postfix/smtpd[19299]: warning: 76.76.122.116: address not listed for hostname generic.gogax.com
Jun 18 10:07:26 server postfix/smtpd[20894]: warning: 92.255.64.20: hostname otr-gw5.lentel.ru verification failed: No address associated with hostname
Jun 18 11:11:24 server postfix/smtpd[26056]: warning: 93.178.214.124: hostname 124-214-178-93.lviv.farlep.net verification failed: No address associated with hostname
Jun 18 13:06:22 server postfix/smtpd[4212]: warning: 78.164.146.209: hostname dsl78.164-37585.ttnet.net.tr verification failed: No address associated with hostname
Jun 18 13:11:51 server postfix/smtpd[4884]: warning: 88.246.80.137: hostname dsl88-246-20617.ttnet.net.tr verification failed: No address

I know my server is already setup to require authentication before sending emails... is this something I need to worry about?
Can I make my smtp server more secure?

Thank you.

Hi,

maybe you can have a look at OSSEC (http://www.ossec.net/main/downloads/).
Had some good experiences with this.

Also take a look at the fail2ban configuration as fail2ban is part of every ispconfig 3 setup if you followed the perfect server guides for ispconfig 3:

http://www.howtoforge.com/fail2ban_debian_etch

Also take a look at the fail2ban configuration as fail2ban is part of every ispconfig 3 setup if you followed the perfect server guides for ispconfig 3:

http://www.howtoforge.com/fail2ban_debian_etch

Thanks for the reply,
On my fail2ban log inside of ispconfig, it keeps showing this error message:

....
2009-06-19 21:07:28,425 fail2ban.filter : INFO Set findtime = 600
2009-06-19 21:07:28,426 fail2ban.server : ERROR Unexpected communication error
2009-06-19 21:07:28,426 fail2ban.actions: INFO Set banTime = 600
2009-06-19 21:07:28,487 fail2ban.server : ERROR Unexpected communication error
2009-06-19 21:07:28,526 fail2ban.jail : INFO Jail 'ssh' started
2009-06-20 00:40:16,922 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2009-06-20 00:41:01,972 fail2ban.filter : INFO Log rotation detected for /var/log/auth.log
2009-06-20 00:44:50,334 fail2ban.jail : INFO Jail 'ssh' stopped
2009-06-20 00:44:50,347 fail2ban.server : INFO Exiting Fail2ban
2009-06-20 00:45:52,467 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-06-20 00:45:52,474 fail2ban.jail : INFO Creating new jail 'ssh'
2009-06-20 00:45:52,474 fail2ban.jail : INFO Jail 'ssh' uses poller
2009-06-20 00:45:52,531 fail2ban.server : ERROR Unexpected communication error
2009-06-20 00:45:52,592 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2009-06-20 00:45:52,593 fail2ban.server : ERROR Unexpected communication error
2009-06-20 00:45:52,593 fail2ban.filter : INFO Set maxRetry = 6
2009-06-20 00:45:52,595 fail2ban.filter : INFO Set findtime = 600
....
Also, the instructions at the link you gave me does no include instruction how to add pureftpd in it, do you know what are the config lines I have to add for pureftpd?

in the instruction says to create new file named jail.local, my question is, will the system automatically load jail.local instead of jail.conf?

I think I've got it.. I found some information online,

fail2ban already has a filter under filter.d I have added the following lines to jail.local
[pure-ftpd]

enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/auth.log
maxretry = 3

are the configurations above correct?

Thanks

The best way to check this if you simply try to login 3 times with a wrong password and then check the fail2ban.log.

The best way to check this if you simply try to login 3 times with a wrong password and then check the fail2ban.log.

I can't make it work for pure-ftpd, fail2ban is working for everything else, postfix, courier, ssh.. but ftp is not.

here's the message under fail2ban log when i try to logi via ftp.

2009-06-21 07:41:09,052 fail2ban.filter : WARNING Unable to find a corresponding IP address for ::1

it seems like fail2ban is not able to identify the ipaddress of the person trying to connect.. but when i go to system log, i see that pure-ftpd show a ipaddress of the person truing to connect..

What could be wrong?

Please post the content of your /etc/hosts file. Also you can try to disable IPv6 for pureftpd.

Please post the content of your /etc/hosts file. Also you can try to disable IPv6 for pureftpd.

This is my /etc/hosts
127.0.0.1 server.synkrotek.net localhost.localdomain localhost
192.168.10.95 server.synkrotek.net server

# The following lines are desirable for IPv6 capable hosts
::1 localhost ip6-localhost ip6-loopback
fe00::0 ip6-localnet
ff00::0 ip6-mcastprefix
ff02::1 ip6-allnodes
ff02::2 ip6-allrouters
ff02::3 ip6-allhosts

----------------------------------------------------
Ok,
This is what I found out.
The error I was getting on /var/log/fail2ban.log
2009-06-19 21:07:28,487 fail2ban.server : ERROR Unexpected communication error
It's related to the python version, some type o incompatibility with ubuntu 9.04, this is what you have to do to fix this error:
1. Install python2.5 ( sudo aptitude install python2.5 )
2. edit file /usr/bin/fail2ban-server , change the very firs line "#!/usr/bin/python" to "#/usr/bin/python2.5"
3. restart fail2ban

When I connect via FTP with a wrong user/passwd this what I get under /var/log/auth.log
Jun 21 21:03:56 server pure-ftpd: pam_unix_auth(pure-ftpd:auth): check pass; user unknown
Jun 21 21:03:56 server pure-ftpd: pam_unix_auth(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=admin rhost=
*** where rhost= should show the ip address of the host. (This is connecting from a computer on my Network **

But, if I go and open /var/log/message log it shows the hosts ip
Jun 21 22:51:07 server pure-ftpd: (?@192.168.10.100) [INFO] New connection from 192.168.10.100
Jun 21 22:51:11 server pure-ftpd: (?@192.168.10.100) [INFO] PAM_RHOST enabled. Getting the peer address
Jun 21 22:51:17 server pure-ftpd: (?@192.168.10.100) [WARNING] Authentication failed for user [admin]

If I connect from a computer oustide ofmy netwotk, this is what I see inside of /var/log/auth.log
Jun 21 20:20:38 server pure-ftpd: pam_unix_auth(pure-ftpd:auth): check pass; user unknown
Jun 21 20:20:38 server pure-ftpd: pam_unix_auth(pure-ftpd:auth): authentication failure; logname= uid=0 euid=0 tty=pure-ftpd ruser=admin rhost=c-68-32-75-137.hsd1.ga.comcast.net
** Where rhost= is showing ( I dont know what you call full host address like that... ) it should display regular ip address, and I guess fail2ban can not parse this address to iptables because its not a regular ip adrress. Am I correct? **
The same host is shown inside of /var/log/messages displaying full host name.

When I connect from localhost, auth.log shows rhost=server.synkrotek.net

Although, people with regular ip address trying to hack my system had regular ip address, and /var/log/messages display their ip, but not under auth.log (rhost)

Why is fail2ban pure-ftpd is able to get full hostname and not their ip address? what do I have to do?

Not all IP adresses have a reverse dns record, so you often do not get a hostname for an IP, thats absolutely normal. If there is an reverse record like in your test case, then the hostname and not IP is logged. If you wont only IP addresses in the log, then enable the DontResolve option in your pureftpd configuration.

Not all IP adresses have a reverse dns record, so you often do not get a hostname for an IP, thats absolutely normal. If there is an reverse record like in your test case, then the hostname and not IP is logged. If you wont only IP addresses in the log, then enable the DontResolve option in your pureftpd configuration.

I have enabled this DontResolve, and the problem persist under auth.log no ip address at all is showing for "rhost"
now, under /var/log/messages, used to shows dns name as well, and now is showing the ip addres.

So, pure-ftpd is able to post the ip address under log messages, but not under auth.log
Why?

I Finnaly found out what was wrong with it...
My server is based on this howto:
The Perfect Server - Ubuntu 9.04 [ISPConfig 3]
http://www.howtoforge.com/perfect-server-ubuntu-9.04-ispconfig-3

I don't know why, but all the information I found online to make pure-ftpd work with fail2ban tells to read log /var/log/auth.log I dont know if other distributions uses auth.log... but after analyzing /etc/fail2ban/filter.d/pure-ftpd.conf and log files... auth.log is not the right file.. I switch to /var/log/messages
its working now..
so my jail.local pure-ftpd looks like this..
...
[pure-ftpd]

enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 3
....

Also had to enable DontResolve to get IP only no DNS, under /etc/pure-ftpd/conf/
Create a file called DontResolve, edit it, and type yes on the first line.

Thanks fot all you help Till.

I hate to bring up an old topic... but I'm having a similar issue with fail2ban and pure-ftpd.

I set up my server following the directions here (The Perfect Server - Fedora 10) (http://www.howtoforge.com/perfect-server-fedora-10-ispconfig-3) only on Fedora 11.

I have been searching for a way to get fail2ban to work with pure-ftpd, and every solution is not working. I've edited my jail.conf file to include

[pure-ftpd]
enabled = true
port = ftp,ftp-data,ftps,ftps-data
filter = pure-ftpd
logpath = /var/log/syslog
maxretry = 3

and when I try to restart fail2ban, it fails to start. However, it starts just fine when I comment out the pure-ftpd settings. I've tried everything I could think of to get it to work, yet I'm not able to find anything to get it going.

Any help would be great!

Is there a pure-ftpd filter in /etc/fail2ban/filter.d/?

I'm having a little hard time configuring fail2ban to work with PureFTPd myself,

Everything seems to be configured just like in this thread.

/etc/fail2ban/jail.local
...
[pure-ftpd]

enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 3
...

/etc/fail2ban/filter.d/pure-ftpd.conf (without comments)
__errmsg = (?:Authentication failed for user|Erreur d'authentification pour l'utilisateur)
failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$
ignoreregex =

/var/log/messages
Sep 7 08:07:45 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] New connection from 93.172.249.100
Sep 7 08:07:46 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] PAM_RHOST enabled. Getting the peer address
Sep 7 08:07:48 ispconfig pure-ftpd: (?@93.172.249.100) [WARNING] Authentication failed for user [admin]
Sep 7 08:07:48 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] New connection from 93.172.249.100
Sep 7 08:07:48 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] PAM_RHOST enabled. Getting the peer address
Sep 7 08:07:51 ispconfig pure-ftpd: (?@93.172.249.100) [WARNING] Authentication failed for user [admin]
Sep 7 08:07:51 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] New connection from 93.172.249.100
Sep 7 08:07:51 ispconfig pure-ftpd: (?@93.172.249.100) [INFO] PAM_RHOST enabled. Getting the peer address


/var/log/fail2ban.log
2009-09-07 08:06:47,777 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.3
2009-09-07 08:06:47,798 fail2ban.jail : INFO Creating new jail 'pure-ftpd'
2009-09-07 08:06:47,798 fail2ban.jail : INFO Jail 'pure-ftpd' uses poller
2009-09-07 08:06:47,870 fail2ban.filter : INFO Added logfile = /var/log/messages
2009-09-07 08:06:47,871 fail2ban.filter : INFO Set maxRetry = 3
2009-09-07 08:06:47,872 fail2ban.filter : INFO Set findtime = 600
2009-09-07 08:06:47,873 fail2ban.actions: INFO Set banTime = 600
2009-09-07 08:06:47,881 fail2ban.jail : INFO Creating new jail 'ssh'
2009-09-07 08:06:47,882 fail2ban.jail : INFO Jail 'ssh' uses poller
2009-09-07 08:06:47,887 fail2ban.filter : INFO Added logfile = /var/log/auth.log
2009-09-07 08:06:47,887 fail2ban.filter : INFO Set maxRetry = 3
2009-09-07 08:06:47,889 fail2ban.filter : INFO Set findtime = 600
2009-09-07 08:06:47,889 fail2ban.actions: INFO Set banTime = 600
2009-09-07 08:06:47,963 fail2ban.jail : INFO Jail 'pure-ftpd' started
2009-09-07 08:06:48,081 fail2ban.jail : INFO Jail 'ssh' started


iptables -L output:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-ssh tcp -- anywhere anywhere multiport dports ssh
fail2ban-pure-ftpd tcp -- anywhere anywhere multiport dports ftp

Chain FORWARD (policy ACCEPT)
target prot opt source destination

Chain OUTPUT (policy ACCEPT)
target prot opt source destination

Chain fail2ban-pure-ftpd (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere

Chain fail2ban-ssh (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere


Overall - fail2ban bans SSH but not FTP connection attempts... Bummer :(

Yes, there is a pure-ftpd in filter.d and it's set up just like the previous post has it.

I don't get any errors in my error log to show, since fail2ban will not even start when I try using the pure-ftpd filter.

Can you post your full /etc/fail2ban/jail.local?

Here is how I managed to make this work.
Debian Lenny, ISPConfig3

If I understood correct there was an error in Debian's pure-ftpd filter. Correct line in /etc/fail2ban/filter.d/pure-ftpd.conf should be:
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$

Here is my jail.conf lines for pure-ftpd:

[pure-ftpd]
enabled = true
port = ftp
filter = pure-ftpd
logpath = /var/log/messages
maxretry = 2

Hope this helps !

jysse

Thank you so much, jysse!

I've change my original line from -
failregex = pure-ftpd(?:\[\d+\])?: (.+?@<HOST>) \[WARNING\] %(__errmsg)s \[.+\]$

to yours -
failregex = pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]$

Works like a charm =D

2009-09-09 06:01:33,551 fail2ban.actions: WARNING [pure-ftpd] Ban XX.XXX.249.100

Hello, everyone,

I'm running ISPConfig 3.0.4.1, on Ubuntu 10.04, with pure-ftpd-mysql.

My goal is to render fail2ban effective for FTP, sFTP (over SSH), and FTPs (over SSL or TLS).

It seems that the "ssh" fail2ban jail will handle sFTP, but that pure-ftpd-mysql must handle FTP and FTPs (both over port 21).

fail2ban comes with a pure-ftpd jail, but I haven't been using it because up until recently, I thought that pure-ftpd-mysql was logging failed authentication attempts to /var/log/auth.log (which it wasn't -- at least not directly), so I created my own jail and filter that were -mysql-specific. (More on this in a moment.)

It bears mention that pure-ftpd-mysql is a bit different from the standard pure-ftpd implementation because it uses virtual user mapping via MySQL. Most individuals who have followed the "Perfect Server" tutorials for Ubuntu and Debian (and possibly other OSs) will have this variation of pureFTPd.

In particular, the primary difference I've noticed with pure-ftpd-mysql vs. a "stock" pureFTPd configuration is that pure-ftpd-mysql does not log failed authentication attempts (or anything else, it would seem) to /var/log/messages. I don't know whether I failed to enable a given setting or if this behavior is by design.

pure-ftpd-mysql does, however, log authentication failures to /var/log/syslog.

The secondary difference I've noticed is that this version of pureFTPd stores its configuration options in individual files within the /etc/pure-ftpd/conf directory. Virtually all of the documentation on pureFTPd states that configuration options must be passed as command-line arguments, or an equivalent wrapper must be used with configuration files. So, I assume that there is a wrapper for these configuration files.

I've read through this thread (any many others like it) in an effort to configure fail2ban to respond to a certain type of attack in which the hostname does not resolve to a valid IP address. I have described the details of such attacks in the fail2ban mailing list archives: http://sourceforge.net/mailarchive/forum.php?thread_name=4F033DC6.4070908%40indietorr ent.org&forum_name=fail2ban-users

After seeing my logs flooded with


fail2ban.filter : WARNING Unable to find a corresponding IP address for
example.com


I thought, "Well, that's easy. I'll just force pure-ftpd-mysql to log IP addresses only and not hostnames." Of course, I was looking in /var/log/auth.log because I had seen pure-ftpd-mysql messages there before. As it turns-out, the messages in this log seem to be generated by PAM, during the pure-ftpd-mysql's authentication process, and so the presence of /etc/pure-ftpd/conf/DontResolve was having no effect on these log entries. (However, this directive was affecting the log entries in /var/log/syslog, but I didn't realize that at the time.)

To bring this full-circle, it seems that the ideal solution is to use the pure-ftpd jail that comes with fail2ban, and point it to /var/log/syslog. The problem here is that the provided regex (which has been corrected since the comments just before mine in this thread were made) does not seem to match the entries in /var/log/syslog.

To demonstrate, we can use fail2ban's regex facility. The log entries look like this:


Jan 4 17:34:29 localhost pure-ftpd: (?@1.2.3.4) [INFO] New connection from 1.2.3.4
Jan 4 17:34:29 localhost pure-ftpd: (?@1.2.3.4) [INFO] PAM_RHOST enabled. Getting the peer address
Jan 4 17:34:36 localhost pure-ftpd: (?@1.2.3.4) [WARNING] Authentication failed for user [test]
Jan 4 17:34:36 localhost pure-ftpd: (?@1.2.3.4) [INFO] Logout.


and the regex that is included with fail2ban looks like this:


pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(__errmsg)s \[.+\]\s*$


It seems that we'd need to replace the __errmsg variable with the string that's assigned to it in /etc/fail2ban/filter.d/pure-ftpd.conf, and reduce the 4-line log entry to a single line, before running the arguments through fail2ban-regex, e.g.:


root@localhost:~# fail2ban-regex "Jan 4 17:34:29 localhost pure-ftpd: (?@1.2.4.3) [INFO] New connection from 1.2.4.3 Jan 4 17:34:29 localhost pure-ftpd: (?@1.2.4.3) [INFO] PAM_RHOST enabled. Getting the peer address Jan 4 17:34:36 localhost pure-ftpd: (?@1.2.4.3) [WARNING] Authentication failed for user [test] Jan 4 17:34:36 localhost pure-ftpd: (?@1.2.4.3) [INFO] Logout." "pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(Authentication failed for user)s \[.+\]\s*$"


Unfortunately, this yields no matches:


Running tests
=============

Use regex line : pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] ...
Use single line: Jan 4 17:34:29 localhost pure-ftpd: (?@1.2.4.3) [...


Results
=======

Failregex
|- Regular expressions:
| [1] pure-ftpd(?:\[\d+\])?: \(.+?@<HOST>\) \[WARNING\] %(Authentication failed for user)s \[.+\]\s*$
|
`- Number of matches:
[1] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.


I'm no expert in PCRE, so if anyone knows what I might be missing here, please chime-in!

I think that covers everything. My mention of this problem on the fail2ban mailing list has generated a longer discussion as to whether or not fail2ban should perform any hostname lookups; the argument goes that doing so provides a potential attack vector. So, this seems to be a problem worthy of everyone's attention who uses pure-ftpd-mysql and fail2ban.

Thanks in advance!

I tested the fail2ban setup that is described in the perfect setup guide for debian 6 on my test server here and it blocked the pure-ftpd-mysql login attemps correctly in my tests:

http://www.howtoforge.com/perfect-server-debian-squeeze-with-bind-and-dovecot-ispconfig-3-p5

Maybe you enabled debugging in pure-ftpd which changes the log style or something similar?

I wish I had seen that link earlier ;). Thanks for pointing me in the right direction, Till.

The cited tutorial contains the correct information regarding the log location (/var/log/syslog), which is good to see.

However, when I change my fail2ban configuration to match that in the tutorial, I'm never banned in my tests.

I have not changed the pure-ftpd configuration or logging options, for what that's worth.

I tried passing the sample log line and regex from the tutorial to fail2ban-regex, and a match is found, so I'm not sure why I'm never banned. I have made sure that my IP address is not white-listed in the fail2ban configuration.

With fail2ban's loglevel = 3, nothing is logged when I repeatedly fail authentication. The maxretry threshold is set to 3, and I've tried dozens of times -- still nothing.

If I set fail2ban's loglevel = 4, there is simply too much output for me to sort-out the log entries.

Is this a question for the fail2ban mailing list?

Unfortunately, I've introduced another issue while attempting to troubleshoot this one.

I forced a log rotation for all logs when I meant to force a rotation only for /var/log/auth.log. (I wanted to force a rotation because this file was some 400MB in size, and parsing it with fail2ban-regex was taking too long.) Now, nothing is being written to /var/log/auth.log. If I tail the file, and for example, log-in via SSH, nothing is written to the log. After a day or so, the log is still empty. Why might rotating the log cause this behavior? :confused:

The files look like this:


-rw-r----- 1 syslog adm 0 Jan 4 09:49 auth.log
-rw-r----- 1 syslog adm 376M Jan 5 08:32 auth.log.1


EDIT: Now that I look at these dates, I realize that the auth.log.1 file is the one being modified, not auth.log.

I should add that auth.log was never being rotated (which is why it was 376MB in size), so I created the file /etc/logrotate.d/auth and populated it with the following contents:


/var/log/auth.log {
weekly
rotate 12
}


I forced the log rotation after creating this file, if I recall correctly.

The relevant entry in /etc/syslog.conf looks correct:


auth,authpriv.* -/var/log/auth.log


Any idea why this would cause the .1 log file to become the primary log? Is there a simple way to fix this?

Okay, all is well, finally. :cool:

When I removed the file I had created at /etc/logrotate.d/auth, the system began logging to /var/log/auth.log again.

Even though the pure-ftpd-mysql jail in fail2ban was not monitoring this file (it was monitoring /var/log/syslog), the fact that /var/log/auth.log was empty seemed to keep fail2ban from banning via the pure-ftpd-mysql jail. This is strange, given that fail2ban continued banning for other jails, such as postfix.

I don't know why /var/log/auth.log is never rotated on this system, because I have other systems that are nearly identical on which that log is rotated every three days.

Once I sort that, I'll be a happy camper!