| 1 |
James, |
| 2 |
|
| 3 |
Sorry I didn't hear about this earlier (just recently joined this list), |
| 4 |
but did you still want to try to get this working? I just recently got |
| 5 |
vsftpd up and running on 2.6.7-hardened-r4, I might be able to help. |
| 6 |
I've only been testing with anonymous uploads/downloads though. |
| 7 |
|
| 8 |
-David |
| 9 |
|
| 10 |
James R. Marcus wrote: |
| 11 |
|
| 12 |
> I was unable to solve my problem with vsftpd and the 2.6 |
| 13 |
> Hardened-dev-sources. Last Thursday I rebuilt the machine and download a |
| 14 |
> kernel from the NSA's site and it seems to be working now. |
| 15 |
> |
| 16 |
> I just wanted to say thanks to all the people who spent a considerable |
| 17 |
> amount of time looking at this issue. |
| 18 |
> |
| 19 |
> Thanks, |
| 20 |
> James |
| 21 |
> |
| 22 |
> |
| 23 |
> -----Original Message----- |
| 24 |
> From: Viljem Skornik [mailto:bluesman@××××××.no] |
| 25 |
> Sent: Thursday, August 19, 2004 11:45 AM |
| 26 |
> To: gentoo-hardened@l.g.o |
| 27 |
> Subject: Re: [gentoo-hardened] vsftpd problems |
| 28 |
> |
| 29 |
> On Tuesday 17 of August 2004 19:02, James R. Marcus wrote: |
| 30 |
> |
| 31 |
>>I have been working with the gentlemen on the SELinux list to resolve |
| 32 |
> |
| 33 |
> my |
| 34 |
> |
| 35 |
>>issue with vsftpd. I haven't really gotten anywhere despite a |
| 36 |
>>tremendous effort on their part. |
| 37 |
>> |
| 38 |
>>I'm still getting the same error that I mentioned in my first email. |
| 39 |
>> |
| 40 |
>>I have added this line to |
| 41 |
>>/etc/security/selinux/src/policy/domains/program/ftpd.te |
| 42 |
>>domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t) |
| 43 |
>> |
| 44 |
>>ftp program # ls -Z /usr/sbin/vsftpd |
| 45 |
>>-rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd |
| 46 |
>>ftp program # |
| 47 |
>> |
| 48 |
>>ftp program # ps -eZ | grep vsftpd |
| 49 |
>>22497 system_u:system_r:initrc_t /usr/sbin/vsftpd |
| 50 |
>>/etc/vsftpd/vsftpd.conf |
| 51 |
>> |
| 52 |
>>/var/log/messages: |
| 53 |
>>Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483 |
| 54 |
>>exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973 |
| 55 |
>>scontext=root:staff_r:staff_t tcontext=s |
| 56 |
>>ystem_u:object_r:unlabeled_t tclass=file |
| 57 |
>> |
| 58 |
>>Any help would be appreciated, |
| 59 |
>>Thanks, |
| 60 |
>>James |
| 61 |
>> |
| 62 |
>>-----Original Message----- |
| 63 |
>>From: James R. Marcus |
| 64 |
>>Sent: Wednesday, July 07, 2004 7:34 PM |
| 65 |
>>To: gentoo-hardened@l.g.o |
| 66 |
>>Subject: [gentoo-hardened] vsftpd problems |
| 67 |
>> |
| 68 |
>>I just did my first install of hardened Gentoo with the SELiunx |
| 69 |
> |
| 70 |
> kernel. |
| 71 |
> |
| 72 |
>>I emerged vsftp and got it running. However when I login I get this |
| 73 |
>>message: |
| 74 |
>>230 Login successful. |
| 75 |
>>ftp> ls |
| 76 |
>>500 OOPS: capset |
| 77 |
>>200 PORT command successful. Consider using PASV. |
| 78 |
>>500 OOPS: vsf_sysutil_recv_peek |
| 79 |
>>Connection closed by remote host. |
| 80 |
>>ftp> |
| 81 |
> |
| 82 |
> |
| 83 |
> IIRC, this OOPS: capset looks like something I encountered some time |
| 84 |
> ago. |
| 85 |
> CHeck if you have Default Linux Capatibilites enabled in your kernel |
| 86 |
> (CONFIG_SECURITY_CAPATIBILITIES), I believe that fixed my problem. |
| 87 |
> |
| 88 |
> |
| 89 |
>> |
| 90 |
>>Here is my vsftpd config: |
| 91 |
>>ftp init.d # cat /etc/vsftpd/vsftpd.conf | grep -v '#' |
| 92 |
>> |
| 93 |
>>anonymous_enable=NO |
| 94 |
>>local_enable=YES |
| 95 |
>>write_enable=YES |
| 96 |
>>dirmessage_enable=YES |
| 97 |
>>connect_from_port_20=YES |
| 98 |
>>xferlog_enable=YES |
| 99 |
>>xferlog_file=/var/log/vsftpd/vsftpd.log |
| 100 |
>>nopriv_user=nobody |
| 101 |
>>background=YES |
| 102 |
>>listen=YES |
| 103 |
>> |
| 104 |
>>xinetd.conf: |
| 105 |
>>ftp init.d # cat /etc/xinetd.conf | grep -v '#' |
| 106 |
>> |
| 107 |
>> |
| 108 |
>>defaults |
| 109 |
>>{ |
| 110 |
>> instances = 60 |
| 111 |
>> log_type = SYSLOG authpriv info |
| 112 |
>> log_on_success = HOST PID |
| 113 |
>> log_on_failure = HOST |
| 114 |
>> cps = 25 30 |
| 115 |
>>} |
| 116 |
>> |
| 117 |
>>includedir /etc/xinetd.d |
| 118 |
>> |
| 119 |
>>Any recommendations on how to approach this issue would be great. |
| 120 |
>>There is nothing in /var/log/messages |
| 121 |
>>Thanks, |
| 122 |
>> |
| 123 |
>>James |
| 124 |
>> |
| 125 |
>> |
| 126 |
|
| 127 |
|
| 128 |
-- |
| 129 |
gentoo-hardened@g.o mailing list |
Archives