I saw the ASL update but decided to run it in a few days when I had the time to test fully/handle any issues. However, some of the components auto-updated last night - even though yum is not set to auto update (?):
May 11 04:02:44 Updated: ossec-hids-2.4.1-4.el5.art.x86_64
May 11 04:02:45 Updated: 1:asl-2.2.6-1.el5.art.x86_64
May 11 04:03:00 Updated: ossec-hids-server-2.4.1-4.el5.art.x86_64
May 11 05:01:21 Updated: psa-proftpd-1.3.3-2.el5.art.x86_64
Cannot FTP to any sites, programs (Coda/Transmit) reports:
Could not retrieve file listing for “/httpdocs”.
Server said: Unable to build data connection: Operation not permitted
Error -130: remote directory listing failed
PHP FTP Reports:
PHP Warning: ftp_put() function.ftp-put: Opening BINARY (also tried ASCII) mode data connection for /httpdocs/etc/etc/
ASL GUI shows the following:
11May 11:03:42 3 5501 SERVER proftpd: pam_unix(proftpd:session): session opened for user XYZ by (uid=0)
11May 11:03:42 3 11205 SERVER proftpd: 127.0.0.1 (MYIP[MYIP]) - USER XYZ: Login successful.
11May 11:03:47 3 5502 SERVER proftpd: pam_unix(proftpd:session): session closed for user XYZ
So the login looks successful. Decided the partial (auto) update was the cause, so ran:
yum upgrade asl asl-web
asl -s -f
No better! Still cannot FTP. All /etc/proftpd.* includes are intact and seem to have the correct entries.
So took a look at CLAM
/var/clamav /var/log/clamav /var/run/clamav are all root owned
Should it be root? or qscand? Would this stop FTP from working? E-mail etc is working and I don't want to fiddle with this and restart clamd if it makes everything a whole lot worse and e-mail breaks. Can anyone else confirm their settings?
I don't (really) want to get into kernel updates/dazuko modules/server reboot in the middle of the day - it also seems optional from the above notes?