1 |
I was unable to solve my problem with vsftpd and the 2.6 |
2 |
Hardened-dev-sources. Last Thursday I rebuilt the machine and download a |
3 |
kernel from the NSA's site and it seems to be working now. |
4 |
|
5 |
I just wanted to say thanks to all the people who spent a considerable |
6 |
amount of time looking at this issue. |
7 |
|
8 |
Thanks, |
9 |
James |
10 |
|
11 |
|
12 |
-----Original Message----- |
13 |
From: Viljem Skornik [mailto:bluesman@××××××.no] |
14 |
Sent: Thursday, August 19, 2004 11:45 AM |
15 |
To: gentoo-hardened@l.g.o |
16 |
Subject: Re: [gentoo-hardened] vsftpd problems |
17 |
|
18 |
On Tuesday 17 of August 2004 19:02, James R. Marcus wrote: |
19 |
> I have been working with the gentlemen on the SELinux list to resolve |
20 |
my |
21 |
> issue with vsftpd. I haven't really gotten anywhere despite a |
22 |
> tremendous effort on their part. |
23 |
> |
24 |
> I'm still getting the same error that I mentioned in my first email. |
25 |
> |
26 |
> I have added this line to |
27 |
> /etc/security/selinux/src/policy/domains/program/ftpd.te |
28 |
> domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t) |
29 |
> |
30 |
> ftp program # ls -Z /usr/sbin/vsftpd |
31 |
> -rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd |
32 |
> ftp program # |
33 |
> |
34 |
> ftp program # ps -eZ | grep vsftpd |
35 |
> 22497 system_u:system_r:initrc_t /usr/sbin/vsftpd |
36 |
> /etc/vsftpd/vsftpd.conf |
37 |
> |
38 |
> /var/log/messages: |
39 |
> Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483 |
40 |
> exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973 |
41 |
> scontext=root:staff_r:staff_t tcontext=s |
42 |
> ystem_u:object_r:unlabeled_t tclass=file |
43 |
> |
44 |
> Any help would be appreciated, |
45 |
> Thanks, |
46 |
> James |
47 |
> |
48 |
> -----Original Message----- |
49 |
> From: James R. Marcus |
50 |
> Sent: Wednesday, July 07, 2004 7:34 PM |
51 |
> To: gentoo-hardened@l.g.o |
52 |
> Subject: [gentoo-hardened] vsftpd problems |
53 |
> |
54 |
> I just did my first install of hardened Gentoo with the SELiunx |
55 |
kernel. |
56 |
> I emerged vsftp and got it running. However when I login I get this |
57 |
> message: |
58 |
> 230 Login successful. |
59 |
> ftp> ls |
60 |
> 500 OOPS: capset |
61 |
> 200 PORT command successful. Consider using PASV. |
62 |
> 500 OOPS: vsf_sysutil_recv_peek |
63 |
> Connection closed by remote host. |
64 |
> ftp> |
65 |
|
66 |
IIRC, this OOPS: capset looks like something I encountered some time |
67 |
ago. |
68 |
CHeck if you have Default Linux Capatibilites enabled in your kernel |
69 |
(CONFIG_SECURITY_CAPATIBILITIES), I believe that fixed my problem. |
70 |
|
71 |
> |
72 |
> |
73 |
> Here is my vsftpd config: |
74 |
> ftp init.d # cat /etc/vsftpd/vsftpd.conf | grep -v '#' |
75 |
> |
76 |
> anonymous_enable=NO |
77 |
> local_enable=YES |
78 |
> write_enable=YES |
79 |
> dirmessage_enable=YES |
80 |
> connect_from_port_20=YES |
81 |
> xferlog_enable=YES |
82 |
> xferlog_file=/var/log/vsftpd/vsftpd.log |
83 |
> nopriv_user=nobody |
84 |
> background=YES |
85 |
> listen=YES |
86 |
> |
87 |
> xinetd.conf: |
88 |
> ftp init.d # cat /etc/xinetd.conf | grep -v '#' |
89 |
> |
90 |
> |
91 |
> defaults |
92 |
> { |
93 |
> instances = 60 |
94 |
> log_type = SYSLOG authpriv info |
95 |
> log_on_success = HOST PID |
96 |
> log_on_failure = HOST |
97 |
> cps = 25 30 |
98 |
> } |
99 |
> |
100 |
> includedir /etc/xinetd.d |
101 |
> |
102 |
> Any recommendations on how to approach this issue would be great. |
103 |
> There is nothing in /var/log/messages |
104 |
> Thanks, |
105 |
> |
106 |
> James |
107 |
> |
108 |
> -- |
109 |
> gentoo-hardened@g.o mailing list |
110 |
> |
111 |
> |
112 |
> -- |
113 |
> gentoo-hardened@g.o mailing list |
114 |
|
115 |
-- |
116 |
gentoo-hardened@g.o mailing list |
117 |
|
118 |
|
119 |
|
120 |
-- |
121 |
gentoo-hardened@g.o mailing list |