similar to: ProFTPD SFTP with SELinux

I generated a new host key for one of our systems using: ssh-keygen -t rsa -b 4096 -f ssh_host_rsa_key_4096 I then ran 'ls -Z on the keys' ll -Z *key* -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key -rw-r--r--. root root system_u:object_r:sshd_key_t:s0 ssh_host_dsa_key.pub -rw-------. root root system_u:object_r:sshd_key_t:s0 ssh_host_key -rw-r--r--. root

> If I understand well, I could add a type to another type?!?!?! No. The default targeted policy is mostly about Type Enforcement. Quote from the manual: "All files and processes are labeled with a type: types define a SELinux domain for processes and a SELinux type for files. SELinux policy rules define how types access each other, whether it be a domain accessing a type, or a

I have a requirement to allow our security officer to regularly view and analyze the logging and auditing results of one of the machines in our lab. He comes from the Microsoft Windows world and is not a *nix trained person. I know I can configure logwatch. I can also create a script containing various 'aureport' runs into a cron job. Any recommendations for a GUI-based tool that would

> On Feb 9, 2015, at 12:27 PM, Robert Nichols <rnicholsNOSPAM at comcast.net> wrote: > > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> So, I decided to run restorecon -v to >> ... >> restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context >> unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 >> ... >> There is no

On Tue, February 10, 2015 04:18, Andrew Holway wrote: > On 10 February 2015 at 06:32, Mark Tinberg <mark.tinberg at wisc.edu> > wrote: > >> >> > On Feb 9, 2015, at 12:27 PM, Robert Nichols >> <rnicholsNOSPAM at comcast.net> >> wrote: >> > >> > On 02/09/2015 11:14 AM, James B. Byrne wrote: >> >> So, I decided to run

Hi folks, I can't seem to log into my system via vsftpd. All other services using PAM are fine...Am I missing something simple? ftp> user (username) user 331 Please specify the password. Password: 530 Login incorrect. # getenforce Permissive here is the event in /var/log/audit/audit.log: type=USER_AUTH msg=audit(1247235151.569:9781): user pid=21052 uid=0 auid=0

Package: logcheck-database Version: 1.2.61 Severity: wishlist File: /etc/logcheck/ignore.d.server/proftpd Two weeks ago, I got a rush of these: Sep 8 12:37:07 goretex proftpd: PAM-listfile: Refused user news for service proftpd (Apparently, fail2ban managed to miss those.) This is triggered by pam_listfile, which is used by proftpd (and other FTP daemons) to block users listed in

I am using proftpd with my first Centos 5 box. Although it appears to be working, I see the following errors in my logwatch reports. Deprecated pam_stack module called from service "proftpd" pam_unix(proftpd:session): session opened for user steve by (uid=0) Deprecated pam_stack module called from service "proftpd" Deprecated pam_stack module called from service

I can access /depot/tftp from a tftp client but unable to do it from a Windows client as long as SELinux is enforced. If SELinux is permissive I can access it then I know Samba is properly configured. # getenforce Enforcing # ls -dZ /depot/tftp/ drwxrwxrwx. root root system_u:object_r:tftpdir_rw_t:s0 /depot/tftp/ And if I do it the other way around, give the directory a type samba_share_t then

i installed proftpd on a fully updated centos 4.3 server. the servers sits on a private lan (192.168.1.*) when trying to acces the ftp (both from inside the lan and from outside trough a nat router) i cannot login port forwarding is ok as i can enteer both username and password error : 530 login incorrect any ideas? thanks

I'm setting up a ftp server. I need to be able to have people have a non interactive login through a web browser into a chrooted directory i.e. ftp://somewhere.com. I also need to have a URL that will auto login a user to a chrooted directory. These chrooted directories will be RO for all anonymous access. That said I also need to have a staff account that has upload rights to these

Below is a cut and past from my log files that are sent to me. This is from the last day that proftpd worked correctly. I'm not sure why proftpd was restarted as the log states: ################### LogWatch 5.2.2 (06/23/04) #################### Processing Initiated: Sun Feb 19 09:02:02 2006 Date Range Processed: yesterday Detail Level of Output: 0 Logfiles

Recent proftpd security vulnerability release FYI. Ports has latest patched proftpd distribution. -- Jez http://www.munk.nu/ -------------- next part -------------- An embedded message was scrubbed... From: Dave Ahmad <da@securityfocus.com> Subject: ISS Security Brief: ProFTPD ASCII File Remote Compromise Vulnerability (fwd) Date: Tue, 23 Sep 2003 10:25:54 -0600 (MDT) Size: 4588 Url:

????????? ???????? ????? 2016-07-05 19:58: >> I need to have the tftpdir_rw_t and samba_share_t SELinux context >> on >> the same directory. >> >> How can we do this? Is it feasible to have more than one SELinux >> context? > > I don't think it's possible/feasible. > You'd probably need to add a new type and necessary rules to your

Hi list, im having a problem with proftpd access when my firewall is running. Im using centos 4.3 with proftpd-1.2.10-10.2.el4.rf i haven't done any modification from my proftpd i just run the server. my iptables ruleset is very simple i use stateful routing. iptables -A INPUT -i ! $WAN -j ACCEPT iptables -A INPUT -i $WAN -m state --state NEW -p tcp --dport 21 -j ACCEPT -- Regards,

On 02/09/2015 11:14 AM, James B. Byrne wrote: > So, I decided to run restorecon -v to > presumably set the SELinux user correctly for the new keys: But that > is not what happened: > > restorecon -v * > > restorecon reset /etc/ssh/ssh_host_rsa_key_4096 context > unconfined_u:object_r:sshd_key_t:s0->unconfined_u:object_r:etc_t:s0 > > restorecon reset

Hi, My ftpd is being abused. Maximum login attempts exceeded from hosts: ::ffff:64.251.22.142[::ffff:64.251.22.142] : 24197 Time(s) I had came across an article stating that proftpd with mod wrap can actually block these IP using denyhosts. I had googled but I did not see any proftpd rpm with mod wrap. Is there anyone with a copy would like to share? Or can someone share a spec file, so I

Hai can anyone help me configuring the proftpd for a new user. i have already googled for this one and have found a lot of documents and tried almost all, but none looks to be working. so if anyone have a known way help me out. Chaitanya -------------- next part -------------- An HTML attachment was scrubbed... URL:

I have installed proftpd on a new x86_64 server: [root at ftp ~]# uname -a Linux ftp.csdsinc.com 2.6.9-22.0.1.ELsmp #1 SMP Thu Oct 27 14:49:37 CDT 2005 x86_64 x86_64 x86_64 GNU/Linux CentOS release 4.2 (Final) Proftpd Ver: [root at ftp ~]# rpm -q proftpd proftpd-1.2.10-8.2.el4.rf Selinux is disabled Modified debug file excerpt: xxx.xxxxx.com - ProFTPD 1.2.10 (stable) (built Fri Feb 18

Hi Peoples, I'm still beating my head with the Proftpd although I have solved my orininal issue. That turned out to be an iptables issue and I'm beginning to wonder if iptables is playing with me again. I have an FTP server that allows anonymous downloads and with specific accounts able to upload to the anonymous directory. The problem is, those users cannot upload. I have