Proftpd stops and general install question

[JaJunk]

First off, many thanks to Till, Falko and everyone else who made such a great program. I've installed ISPConfig on so many computers to replace MS servers and couldn't be happier. One installation question, I've used almost every Linux OS to install and am favoring SuSE for the small network install cd size and YaST's online updates. Which distro has the smallest hd footprint when completely installed w/ ISPConfig? Any comparable updaters on the other OS's, I know Debian is very slow with releasing the newer packages.
Second question: Proftpd stops responding/listening on a SuSE 10.0 system. I look at the ps tree and see proftpd accepting connections, but clients cannot connect. Try /etc/init.d/proftpd restart and still nothing. Only after rebooting the system does it come back up. I've looked in /var/log/ at warn and error but see nothing proftp related. Where are the logs and how should I start troubleshooting this one.
Thanks again guys.

[till]

Quote:

Which distro has the smallest hd footprint when completely installed w/ ISPConfig?

Debian.

Quote:

Any comparable updaters on the other OS's, I know Debian is very slow with releasing the newer packages.

You must differentiate between security updates and new software. Debian is very fast with security updates, maybe even faster then SuSE. The packages in debian are more conservative, but thats good for a server and the latest debian 4.0 has equal relaese numbers of the packages then SuSE. By the way, SuSE is not releaseing any new pacakges for their distribution adter it is initially released, SuSE releases only bugfixes too.

Quote:

Try /etc/init.d/proftpd restart and still nothing. Only after rebooting the system does it come back up. I've looked in /var/log/ at warn and error but see nothing proftp related. Where are the logs and how should I start troubleshooting this one.
Thanks again guys.

Have a look at the proftpd.log or xferlog.

[JaJunk]

Could not find file proftpd.log and xferlog is empty. Checked /etc/proftpd.conf and didn't see any lines about a log file, is that why it's not logging?

[falko]

These logs are used only for file transfers, so Proftpd must be working. Are there any errors in your other logs? Is AppArmor disabled?

[JaJunk]

I don't think AppArmor is on, I never installed it and SuSE says it was not included until 10.1. I did notice some connections in netstat with ftp that seemed to be stuck on closing, but I rebooted before copying those lines, when it happens again I'll print the output for you. Also noticed hijack attempt via ftp with someone trying very hard to login as root, (about 5 attempts per second) does proftp stop itself to prevent such actions?

[falko]

Quote:

Originally Posted by JaJunk

Also noticed hijack attempt via ftp with someone trying very hard to login as root, (about 5 attempts per second) does proftp stop itself to prevent such actions?

Usually root FTP logins are not permitted, but that depends on your Proftpd configuration.

[JaJunk]

The root ftp logins were blocked, the problem seems to have been script kiddos in AU trying about 5 times a second to login. So in case anyone else was having this problem here you go:
The ftp logs are going to /var/log/messages (at least the connections anyway)
Download fail2ban, get the noarch rpm for your distro and install.
Edit /etc/fail2ban/jail.conf to suit your needs.
DO NOT try starting and stopping fail2ban with the init.d script, use fail2ban-client to control the server.
Install whois if you want details in the emails
After all that the log files stay manageable and the services are working like they're supposed to.
Thanks again Till and Falko.