| 1 |
On Tuesday 17 of August 2004 19:02, James R. Marcus wrote: |
| 2 |
> I have been working with the gentlemen on the SELinux list to resolve my |
| 3 |
> issue with vsftpd. I haven't really gotten anywhere despite a |
| 4 |
> tremendous effort on their part. |
| 5 |
> |
| 6 |
> I'm still getting the same error that I mentioned in my first email. |
| 7 |
> |
| 8 |
> I have added this line to |
| 9 |
> /etc/security/selinux/src/policy/domains/program/ftpd.te |
| 10 |
> domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t) |
| 11 |
> |
| 12 |
> ftp program # ls -Z /usr/sbin/vsftpd |
| 13 |
> -rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd |
| 14 |
> ftp program # |
| 15 |
> |
| 16 |
> ftp program # ps -eZ | grep vsftpd |
| 17 |
> 22497 system_u:system_r:initrc_t /usr/sbin/vsftpd |
| 18 |
> /etc/vsftpd/vsftpd.conf |
| 19 |
> |
| 20 |
> /var/log/messages: |
| 21 |
> Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483 |
| 22 |
> exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973 |
| 23 |
> scontext=root:staff_r:staff_t tcontext=s |
| 24 |
> ystem_u:object_r:unlabeled_t tclass=file |
| 25 |
> |
| 26 |
> Any help would be appreciated, |
| 27 |
> Thanks, |
| 28 |
> James |
| 29 |
> |
| 30 |
> -----Original Message----- |
| 31 |
> From: James R. Marcus |
| 32 |
> Sent: Wednesday, July 07, 2004 7:34 PM |
| 33 |
> To: gentoo-hardened@l.g.o |
| 34 |
> Subject: [gentoo-hardened] vsftpd problems |
| 35 |
> |
| 36 |
> I just did my first install of hardened Gentoo with the SELiunx kernel. |
| 37 |
> I emerged vsftp and got it running. However when I login I get this |
| 38 |
> message: |
| 39 |
> 230 Login successful. |
| 40 |
> ftp> ls |
| 41 |
> 500 OOPS: capset |
| 42 |
> 200 PORT command successful. Consider using PASV. |
| 43 |
> 500 OOPS: vsf_sysutil_recv_peek |
| 44 |
> Connection closed by remote host. |
| 45 |
> ftp> |
| 46 |
|
| 47 |
IIRC, this OOPS: capset looks like something I encountered some time ago. |
| 48 |
CHeck if you have Default Linux Capatibilites enabled in your kernel |
| 49 |
(CONFIG_SECURITY_CAPATIBILITIES), I believe that fixed my problem. |
| 50 |
|
| 51 |
> |
| 52 |
> |
| 53 |
> Here is my vsftpd config: |
| 54 |
> ftp init.d # cat /etc/vsftpd/vsftpd.conf | grep -v '#' |
| 55 |
> |
| 56 |
> anonymous_enable=NO |
| 57 |
> local_enable=YES |
| 58 |
> write_enable=YES |
| 59 |
> dirmessage_enable=YES |
| 60 |
> connect_from_port_20=YES |
| 61 |
> xferlog_enable=YES |
| 62 |
> xferlog_file=/var/log/vsftpd/vsftpd.log |
| 63 |
> nopriv_user=nobody |
| 64 |
> background=YES |
| 65 |
> listen=YES |
| 66 |
> |
| 67 |
> xinetd.conf: |
| 68 |
> ftp init.d # cat /etc/xinetd.conf | grep -v '#' |
| 69 |
> |
| 70 |
> |
| 71 |
> defaults |
| 72 |
> { |
| 73 |
> instances = 60 |
| 74 |
> log_type = SYSLOG authpriv info |
| 75 |
> log_on_success = HOST PID |
| 76 |
> log_on_failure = HOST |
| 77 |
> cps = 25 30 |
| 78 |
> } |
| 79 |
> |
| 80 |
> includedir /etc/xinetd.d |
| 81 |
> |
| 82 |
> Any recommendations on how to approach this issue would be great. |
| 83 |
> There is nothing in /var/log/messages |
| 84 |
> Thanks, |
| 85 |
> |
| 86 |
> James |
| 87 |
> |
| 88 |
> -- |
| 89 |
> gentoo-hardened@g.o mailing list |
| 90 |
> |
| 91 |
> |
| 92 |
> -- |
| 93 |
> gentoo-hardened@g.o mailing list |
| 94 |
|
| 95 |
-- |
| 96 |
gentoo-hardened@g.o mailing list |
Archives