Description of problem: vsftpd doesn't kill the session after too many login attempts Version-Release number of selected component (if applicable): 2.0.1-5.EL4.5 How reproducible: 100% Steps to Reproduce: 1.Use rubbish login details 10, 100, 1e81 times 2. 3. Actual results: It doesn't kick you off Expected results: It should kick you off Additional info: Logwatch tells me: (148.243.223.220): john - 2432 Time(s) (148.243.223.220): jeff - 364 Time(s) (148.243.223.220): amanda - 2432 Time(s) I have a firewall config which limits repeated connections from the same IP, so the above couldn't happen if it was caused by multiple connections. I note that vsftpd 2.0.5 has a change to "Kick session after a few login fails. Allows IP blocking solutions to be more immediately effective." - ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/Changelog - so I wonder if this could be added into an update to the RHEL release.
Attach your vsftpd configuration please. Thanks
Created attachment 155306 [details] My vsftpd config Not too far from stock, I think
Created attachment 155307 [details] My pam.d/vsftpd Edited slightly, so users with valid shells CAN'T log in.
Please add "max_login_fails" directive to your vsftpd configuration specifying the number of login failures before the session is killed.
Doing so causes my vsftpd to fail to start, apparently logging nothing at all. I am using vsftpd-2.0.1 in EL4.
I'm sorry. This feature has been added up to 2.0.4 release. If you want to update vsftpd for RHEL 4 to current version (2.0.5), please open new appropriate bug. Thanks