You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
I installed proftpd from epel on a RedHat 8.7 system.
I tried a Login and got a login denied.
I checked the logs:
Apr 18 15:24:05 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from search access on the directory /etc/selinux/targeted/logins. For complete SELinux messages run: sealert -l 09baf57a-81e2-49cb-adb2-600eb78bbdb1
Apr 18 15:24:05 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from search access on the directory /etc/selinux/targeted/logins.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that proftpd should be allowed search access on the logins directory by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'proftpd' --raw | audit2allow -M my-proftpd#012# semodule -X 300 -i my-proftpd.pp#012
Apr 18 15:24:06 server-app05 proftpd[2609235]: session[2609235] 172.16.2.5 (10.254.0.163[10.254.0.163]): mod_sftp_pam/0.3: PAM authentication error (7) for user 'mynamehere': Authentication failure
Apr 18 15:24:06 server-app05 proftpd[2609235]: session[2609235] 172.16.2.5 (10.254.0.163[10.254.0.163]): SSH2 session closed.
Apr 18 15:24:07 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from read access on the file /etc/selinux/targeted/contexts/default_contexts. For complete SELinux messages run: sealert -l 1fed035e-a0b6-4ed0-bd5e-79f279d36a59
Apr 18 15:24:07 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from read access on the file /etc/selinux/targeted/contexts/default_contexts.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that proftpd should be allowed read access on the default_contexts file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'proftpd' --raw | audit2allow -M my-proftpd#012# semodule -X 300 -i my-proftpd.pp#012
Apr 18 15:24:07 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from read access on the file /etc/selinux/targeted/contexts/failsafe_context. For complete SELinux messages run: sealert -l 1fed035e-a0b6-4ed0-bd5e-79f279d36a59
Apr 18 15:24:07 server-app05 setroubleshoot[2609252]: SELinux is preventing /usr/sbin/proftpd from read access on the file /etc/selinux/targeted/contexts/failsafe_context.#012#012***** Plugin catchall (100. confidence) suggests **************************#012#012If you believe that proftpd should be allowed read access on the failsafe_context file by default.#012Then you should report this as a bug.#012You can generate a local policy module to allow this access.#012Do#012allow this access for now by executing:#012# ausearch -c 'proftpd' --raw | audit2allow -M my-proftpd#012# semodule -X 300 -i my-proftpd.pp#012
What I Expected/Wanted
I want to login to the server
ProFTPD Version and Configuration
ProFTPD Version 1.3.6e
One special thing:
The server is joined with sssd to a windows domain controller and the user (which I use to log in) is not local, it is a domain user.
I installed proftpd from epel
dnf install proftpd
After that, I enabled sftp:
sed -ir 's/\#[[:space:]]*LoadModule mod_sftp_pam.c/LoadModule mod_sftp_pam.c/g' /etc/proftpd/modules.conf
sed -ir 's/\#[[:space:]]*LoadModule mod_sftp.c/LoadModule mod_sftp.c/g' /etc/proftpd/modules.conf
The text was updated successfully, but these errors were encountered:
Mordecaine
changed the title
SeLinux preventing /usr/sbin/proftpd to
SeLinux preventing /usr/sbin/proftpd access to /etc/selinux/targeted/logins
Apr 21, 2023
Since the ProFTPD project doesn't ship with any packages, or rules for SELinux, I'm assuming this issue is specific to some RPM. @pghmcfc would you happen to know more about this?
What I Did
I installed proftpd from epel on a RedHat 8.7 system.
I tried a Login and got a login denied.
I checked the logs:
What I Expected/Wanted
I want to login to the server
ProFTPD Version and Configuration
ProFTPD Version 1.3.6e
One special thing:
The server is joined with sssd to a windows domain controller and the user (which I use to log in) is not local, it is a domain user.
I installed proftpd from epel
After that, I enabled sftp:
I converted the ssh key to the PEM format:
cp ssh_host_rsa_key /etc/proftpd/ cd /etc/proftpd/ chmod 600 ssh_host_rsa_key ssh-keygen -p -f /etc/proftpd/ssh_host_rsa_key -m PEM
I create a sftp conf file:
The text was updated successfully, but these errors were encountered: