Within a Red Hat Enterprise Linux Server release 7.6 (Maipo) I would like to use the module mod_ban in order to set a ClientConnectRate event. The service is started as: systemctl start proftpd
Service is configured as below:
[root@lclftpcrb001blq ~]# cat /usr/lib/systemd/system/proftpd.service
[Unit]
Description = ProFTPD FTP Server
After = network.target nss-lookup.target local-fs.target remote-fs.target
[Service]
Type = forking
PIDFile = /run/proftpd/proftpd.pid
Environment = PROFTPD_OPTIONS=
EnvironmentFile = -/etc/sysconfig/proftpd
ExecStart = /usr/sbin/proftpd $PROFTPD_OPTIONS
ExecReload = /bin/kill -HUP $MAINPID
[Install]
WantedBy = multi-user.target
So, other than configuring this code in /etc/proftpd.conf:
<IfDefine DYNAMIC_BAN_LISTS>
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent ClientConnectRate 10/00:10:00 00:15:00 "Stop connecting frequently"
BanMessage "Host %a has been banned"
BanControlsACLs all allow user ftpadm
</IfDefine>
I also have /etc/sysconfig/proftpd:
PROFTPD_OPTIONS="-DDYNAMIC_BAN_LISTS"
Despite the configurations, when I start the service the debug tells me:
proftpd[29035]: <IfDefine>: skipping 'DYNAMIC_BAN_LISTS' section at line 85
From my understanding, the IfDefine block is loaded if DYNAMIC_BAN_LISTS is present in /etc/sysconfig/proftpd. So the only thing I can think is that for some reason it's not retrieving the option from /etc/sysconfig/proftpd ...
How can I check this point?
Thanks!
