Assistance with VSFTP

[Herculeon]

correct, below is exactly what the file looks like now. I was getting lazy with the internal documentation before, that is why it looks like it does now. The old statement of I need to know what i did before is starting to come into effect and biting me now LOL.

#%PAM-1.0
#auth requisite pam_unix.so

#stuff from the vsftp
#session optional pam_keyinit.so force revoke
#auth required pam_listfile.so item=user sense=deny file=/etc/#vsftpd/ftpusers onerr=succeed
#auth required pam_shells.so
#auth include password-auth
#account include password-auth
#session required pam_loginuid.so
#session include password-auth

#stuff from Rexilion at linuxforums.org
auth required pam_permit.so
account required pam_permit.so
password required pam_permit.so
session required pam_permit.so

[Rexilion]

This (reverse_lookup_enable option) could explain what we are seeing. Since you already run Fedora / RedHat which are supposedly the authors of this patch you could enable it. I don't know more about it, since the original bug is shielded from people without an account.

Try enabling the option, and thus disabling the feature:

reverse_lookup_enable=NO

If vsftpd restarts without erroring out, you have patched version (lucky you...). Then try again.

[Rexilion]

The old statement of I need to know what i did before is starting to come into effect and biting me now LOL.

How is it biting you? You have a copy of all the lines right? You could also purge/reinstall vsftpd . Besides, I assume you just kept vsftpd as PAM file and added these 4 new lines while commenting out the original ones right? (just checking).

[Herculeon]

no, it errored out with "job failed. see system journel and 'systemctl status' for details"

As to the documentation thing, I added and subtracted lines to the vsftpd-2 file and did not annotate what was what, which is why I rebuilt it before.

[Rexilion]

Okay... one more last attempt before we pull out the big guns:

Code:

su -c 'cp /etc/resolv.conf /etc/resolv.conf.bak'
su -c 'echo nameserver\ 208.67.222.222 > /etc/resolv.conf'

Try again, see if the problem goes away.

Code:

su -c 'cp /etc/resolv.conf.bak /etc/resolv.conf'

If the above fails, then do this:

Code:

su -c 'yum install tcpdump'
su -c 'tcpdump -i <vsftpdinterface>'

The last command will start spitting out data (make sure to replace <vsftpdinterface> with eth0, eth1 or wlan0 or whatever you are using for vsftpd). Reproduce the problem, make a connect see it hang and then disconnect.

Stop the last command with CTRL+C and post the output it provided here or on pastebin.com. Make sure you censor any public ip's if you care.

[Herculeon]

it created a 16 meg file in that small time frame. I am trying to edit the 121000 plus lines down to what is necessary. It will take me a few .

[Herculeon]

I can zip the file to a 1.2 meg file. Is there any way I can get that to you or is there a way to limit what the dump grabs? There is to much stuff in file for me to edit out because I am sure that I will remove something that you need to see.

[Rexilion]

I can zip the file to a 1.2 meg file. Is there any way I can get that to you or is there a way to limit what the dump grabs? There is to much stuff in file for me to edit out because I am sure that I will remove something that you need to see.

You can paste it at Pastebin.com - #1 paste tool since 2002! and provide a link here. If you create one more post, you are allowed to paste URL's on this board. Thanks to my fruitless effort to help you you already gained 13 posts lol...

[Herculeon]

no matter what I try, pastebin will not allow me to paste more then 500 k. The complete data file is 16 meg. That data can compress to 1.2 meg. Can I rerun the dump to gather less data or specific data that you want or something? If not, we are at an impasse for the data transmission. Do you want for me to create a garbage HTML file and set that up for you to view at a public location? I can be lazy and make word create it for me or I can write the actual html. Do you want for me to make many small posts or pastes?

[Rexilion]

I would prefer you filter out traffic we can rule out rather than including only traffic we require.

What is filling your logs? You could exclude port 80 and 443 maybe? Will that help? If you run a gameserver, you could exclude it's source port with protocol.

Something like e.g.:

Code:

tcpdump -i eth0 not udp src port 445 and not dst port 80 and not port 8082

Rule out as many stuff you are sure about that does not relate to auth/vsftpd/dns and exclude them like above. Stuff like WWW browsing, HTTPS, games, radio, p2p whatever... you name it.