241008 – Too many login attempts allowed by vsftpd

Bug 241008 - Too many login attempts allowed by vsftpd

Summary: Too many login attempts allowed by vsftpd

Status:	CLOSED NOTABUG
Alias:	None
Product:	Red Hat Enterprise Linux 4
Classification:	Red Hat
Component:	vsftpd
Sub Component:	(Show other bugs)
Version:	4.5
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Target Release:	---
Assignee:	Maros Barabas
QA Contact:
Docs Contact:
URL:
Whiteboard:
Keywords:	Reopened
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2007-05-23 16:32 UTC by John Robinson
Modified:	2007-11-17 01:14 UTC (History)
CC List:	0 users
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:
Story Points:	---
Clone Of:
Environment:
Last Closed:	2007-05-28 08:12:50 UTC
Type:	---
Regression:	---
Mount Type:	---
Documentation:	---
CRM:
Verified Versions:
Category:	---
oVirt Team:	---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---

Attachments	(Terms of Use)
My vsftpd config (4.10 KB, text/plain) 2007-05-23 23:22 UTC, John Robinson	no flags	Details
My pam.d/vsftpd (452 bytes, text/plain) 2007-05-23 23:25 UTC, John Robinson	no flags	Details
Add an attachment (proposed patch, testcase, etc.)

Description John Robinson 2007-05-23 16:32:55 UTC

Description of problem:
vsftpd doesn't kill the session after too many login attempts

Version-Release number of selected component (if applicable):
2.0.1-5.EL4.5

How reproducible:
100%

Steps to Reproduce:
1.Use rubbish login details 10, 100, 1e81 times
2.
3.
  
Actual results:
It doesn't kick you off

Expected results:
It should kick you off

Additional info:
Logwatch tells me:
 (148.243.223.220): john - 2432 Time(s)
 (148.243.223.220): jeff - 364 Time(s)
 (148.243.223.220): amanda - 2432 Time(s)
I have a firewall config which limits repeated connections from the same IP, so
the above couldn't happen if it was caused by multiple connections.

I note that vsftpd 2.0.5 has a change to "Kick session after a few login fails.
Allows IP blocking solutions to be more immediately effective." -
ftp://vsftpd.beasts.org/users/cevans/untar/vsftpd-2.0.5/Changelog - so I wonder
if this could be added into an update to the RHEL release.

Comment 1 Maros Barabas 2007-05-23 21:40:15 UTC

Attach your vsftpd configuration please. Thanks

Comment 2 John Robinson 2007-05-23 23:22:58 UTC

Created attachment 155306 [details]
My vsftpd config

Not too far from stock, I think

Comment 3 John Robinson 2007-05-23 23:25:59 UTC

Created attachment 155307 [details]
My pam.d/vsftpd

Edited slightly, so users with valid shells CAN'T log in.

Comment 4 Maros Barabas 2007-05-24 08:14:04 UTC

Please add "max_login_fails" directive to your vsftpd configuration specifying
the number of login failures before the session is killed.

Comment 5 John Robinson 2007-05-24 09:53:25 UTC

Doing so causes my vsftpd to fail to start, apparently logging nothing at all. I
am using vsftpd-2.0.1 in EL4.

Comment 6 Maros Barabas 2007-05-28 08:12:50 UTC

I'm sorry. This feature has been added up to 2.0.4 release. If you want to
update vsftpd for RHEL 4 to current version (2.0.5), please open new appropriate
bug. Thanks

Note You need to log in before you can comment on or make changes to this bug.