| 1 |
I have been working with the gentlemen on the SELinux list to resolve my |
| 2 |
issue with vsftpd. I haven't really gotten anywhere despite a |
| 3 |
tremendous effort on their part. |
| 4 |
|
| 5 |
I'm still getting the same error that I mentioned in my first email. |
| 6 |
|
| 7 |
I have added this line to |
| 8 |
/etc/security/selinux/src/policy/domains/program/ftpd.te |
| 9 |
domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t) |
| 10 |
|
| 11 |
ftp program # ls -Z /usr/sbin/vsftpd |
| 12 |
-rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd |
| 13 |
ftp program # |
| 14 |
|
| 15 |
ftp program # ps -eZ | grep vsftpd |
| 16 |
22497 system_u:system_r:initrc_t /usr/sbin/vsftpd |
| 17 |
/etc/vsftpd/vsftpd.conf |
| 18 |
|
| 19 |
/var/log/messages: |
| 20 |
Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483 |
| 21 |
exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973 |
| 22 |
scontext=root:staff_r:staff_t tcontext=s |
| 23 |
ystem_u:object_r:unlabeled_t tclass=file |
| 24 |
|
| 25 |
Any help would be appreciated, |
| 26 |
Thanks, |
| 27 |
James |
| 28 |
|
| 29 |
-----Original Message----- |
| 30 |
From: James R. Marcus |
| 31 |
Sent: Wednesday, July 07, 2004 7:34 PM |
| 32 |
To: gentoo-hardened@l.g.o |
| 33 |
Subject: [gentoo-hardened] vsftpd problems |
| 34 |
|
| 35 |
I just did my first install of hardened Gentoo with the SELiunx kernel. |
| 36 |
I emerged vsftp and got it running. However when I login I get this |
| 37 |
message: |
| 38 |
230 Login successful. |
| 39 |
ftp> ls |
| 40 |
500 OOPS: capset |
| 41 |
200 PORT command successful. Consider using PASV. |
| 42 |
500 OOPS: vsf_sysutil_recv_peek |
| 43 |
Connection closed by remote host. |
| 44 |
ftp> |
| 45 |
|
| 46 |
|
| 47 |
Here is my vsftpd config: |
| 48 |
ftp init.d # cat /etc/vsftpd/vsftpd.conf | grep -v '#' |
| 49 |
|
| 50 |
anonymous_enable=NO |
| 51 |
local_enable=YES |
| 52 |
write_enable=YES |
| 53 |
dirmessage_enable=YES |
| 54 |
connect_from_port_20=YES |
| 55 |
xferlog_enable=YES |
| 56 |
xferlog_file=/var/log/vsftpd/vsftpd.log |
| 57 |
nopriv_user=nobody |
| 58 |
background=YES |
| 59 |
listen=YES |
| 60 |
|
| 61 |
xinetd.conf: |
| 62 |
ftp init.d # cat /etc/xinetd.conf | grep -v '#' |
| 63 |
|
| 64 |
|
| 65 |
defaults |
| 66 |
{ |
| 67 |
instances = 60 |
| 68 |
log_type = SYSLOG authpriv info |
| 69 |
log_on_success = HOST PID |
| 70 |
log_on_failure = HOST |
| 71 |
cps = 25 30 |
| 72 |
} |
| 73 |
|
| 74 |
includedir /etc/xinetd.d |
| 75 |
|
| 76 |
Any recommendations on how to approach this issue would be great. |
| 77 |
There is nothing in /var/log/messages |
| 78 |
Thanks, |
| 79 |
|
| 80 |
James |
| 81 |
|
| 82 |
-- |
| 83 |
gentoo-hardened@g.o mailing list |
| 84 |
|
| 85 |
|
| 86 |
-- |
| 87 |
gentoo-hardened@g.o mailing list |
Archives