Gentoo Archives: gentoo-hardened

From:	"James R. Marcus" <jmarcus@×××××××.net>
To:	gentoo-hardened@l.g.o
Subject:	RE: [gentoo-hardened] vsftpd problems
Date:	Mon, 23 Aug 2004 19:47:27
Message-Id:	`E6E16A6D4277CD459BBDE6713766033CA514B1@exchange.mvalent.local`

1	I was unable to solve my problem with vsftpd and the 2.6
2	Hardened-dev-sources. Last Thursday I rebuilt the machine and download a
3	kernel from the NSA's site and it seems to be working now.
4
5	I just wanted to say thanks to all the people who spent a considerable
6	amount of time looking at this issue.
7
8	Thanks,
9	James
10
11
12	-----Original Message-----
13	From: Viljem Skornik [mailto:bluesman@××××××.no]
14	Sent: Thursday, August 19, 2004 11:45 AM
15	To: gentoo-hardened@l.g.o
16	Subject: Re: [gentoo-hardened] vsftpd problems
17
18	On Tuesday 17 of August 2004 19:02, James R. Marcus wrote:
19	> I have been working with the gentlemen on the SELinux list to resolve
20	my
21	> issue with vsftpd. I haven't really gotten anywhere despite a
22	> tremendous effort on their part.
23	>
24	> I'm still getting the same error that I mentioned in my first email.
25	>
26	> I have added this line to
27	> /etc/security/selinux/src/policy/domains/program/ftpd.te
28	> domain_auto_trans(initrc_t, ftpd_exec_t, ftpd_t)
29	>
30	> ftp program # ls -Z /usr/sbin/vsftpd
31	> -rwxr-xr-x root root system_u:object_r:ftpd_exec_t /usr/sbin/vsftpd
32	> ftp program #
33	>
34	> ftp program # ps -eZ \| grep vsftpd
35	> 22497 system_u:system_r:initrc_t /usr/sbin/vsftpd
36	> /etc/vsftpd/vsftpd.conf
37	>
38	> /var/log/messages:
39	> Aug 17 12:59:01 ftp avc: denied { getattr } for pid=6483
40	> exe=/bin/bash path=/usr/sbin/vsftpd dev=hda3 ino=438973
41	> scontext=root:staff_r:staff_t tcontext=s
42	> ystem_u:object_r:unlabeled_t tclass=file
43	>
44	> Any help would be appreciated,
45	> Thanks,
46	> James
47	>
48	> -----Original Message-----
49	> From: James R. Marcus
50	> Sent: Wednesday, July 07, 2004 7:34 PM
51	> To: gentoo-hardened@l.g.o
52	> Subject: [gentoo-hardened] vsftpd problems
53	>
54	> I just did my first install of hardened Gentoo with the SELiunx
55	kernel.
56	> I emerged vsftp and got it running. However when I login I get this
57	> message:
58	> 230 Login successful.
59	> ftp> ls
60	> 500 OOPS: capset
61	> 200 PORT command successful. Consider using PASV.
62	> 500 OOPS: vsf_sysutil_recv_peek
63	> Connection closed by remote host.
64	> ftp>
65
66	IIRC, this OOPS: capset looks like something I encountered some time
67	ago.
68	CHeck if you have Default Linux Capatibilites enabled in your kernel
69	(CONFIG_SECURITY_CAPATIBILITIES), I believe that fixed my problem.
70
71	>
72	>
73	> Here is my vsftpd config:
74	> ftp init.d # cat /etc/vsftpd/vsftpd.conf \| grep -v '#'
75	>
76	> anonymous_enable=NO
77	> local_enable=YES
78	> write_enable=YES
79	> dirmessage_enable=YES
80	> connect_from_port_20=YES
81	> xferlog_enable=YES
82	> xferlog_file=/var/log/vsftpd/vsftpd.log
83	> nopriv_user=nobody
84	> background=YES
85	> listen=YES
86	>
87	> xinetd.conf:
88	> ftp init.d # cat /etc/xinetd.conf \| grep -v '#'
89	>
90	>
91	> defaults
92	> {
93	> instances = 60
94	> log_type = SYSLOG authpriv info
95	> log_on_success = HOST PID
96	> log_on_failure = HOST
97	> cps = 25 30
98	> }
99	>
100	> includedir /etc/xinetd.d
101	>
102	> Any recommendations on how to approach this issue would be great.
103	> There is nothing in /var/log/messages
104	> Thanks,
105	>
106	> James
107	>
108	> --
109	> gentoo-hardened@g.o mailing list
110	>
111	>
112	> --
113	> gentoo-hardened@g.o mailing list
114
115	--
116	gentoo-hardened@g.o mailing list
117
118
119
120	--
121	gentoo-hardened@g.o mailing list

Replies

Subject	Author
Re: [gentoo-hardened] vsftpd problems	"David A. Cafaro" <dcafaro@××××××.com>

Report Message

Find on MARC Find on Google Groups