Início / ubuntu / Perguntas / 1498826
Accepted
joebird
Asked: 2024-01-03 12:32:59 +0800 CST

vsftpd falha no comando LIST mesmo quando o firewall está desligado e ligado localhost

  • 772

Instalei o vsftpd e estou usando o ufw como meu firewall. Posso me conectar ao servidor FTP, fazer login e alterar diretórios, mas qualquer tentativa de usar um comando LIST expira tanto no host externo quanto no local. Ao ler outras respostas, sou levado a acreditar que isso se deve ao fato de minhas portas passivas não terem sido abertas corretamente. No entanto, pelo que sei, as portas estão abertas no ufw. Além disso, quando executo ufw disablee tento novamente, o problema ainda ocorre. O fato de isso acontecer no mesmo host do servidor me leva a acreditar que algo está errado no meu sistema.

registro vsftpd (/var/log/vsftpd)

Tue Jan  2 21:22:03 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:03 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:03 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:03 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:03 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PWD"
Tue Jan  2 21:22:03 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "257 "/" is the current directory"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:08 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /nonefolder"
Tue Jan  2 21:22:16 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "550 Failed to change directory."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,111)."
Tue Jan  2 21:22:19 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:27 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:27 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:27 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:27 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:27 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,112)."
Tue Jan  2 21:22:27 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"
Tue Jan  2 21:22:42 2024 [pid 2] CONNECT: Client "127.0.0.1"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "220 (vsFTPd 3.0.3)"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "FEAT"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211-Features:"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPRT??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " EPSV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " MDTM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " PASV??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " REST STREAM??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " SIZE??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " TVFS??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", " UTF8??"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "211 End"
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "OPTS UTF8 ON"
Tue Jan  2 21:22:42 2024 [pid 2] FTP response: Client "127.0.0.1", "200 Always in UTF8 mode."
Tue Jan  2 21:22:42 2024 [pid 2] FTP command: Client "127.0.0.1", "USER anonymous"
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP response: Client "127.0.0.1", "331 Please specify the password."
Tue Jan  2 21:22:42 2024 [pid 2] [anonymous] FTP command: Client "127.0.0.1", "PASS <password>"
Tue Jan  2 21:22:42 2024 [pid 1] [ftp] OK LOGIN: Client "127.0.0.1", anon password "lftp@"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "230 Login successful."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "CWD /tv"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "250 Directory successfully changed."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "PASV"
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP response: Client "127.0.0.1", "227 Entering Passive Mode (127,0,0,1,39,106)."
Tue Jan  2 21:22:42 2024 [pid 3] [ftp] FTP command: Client "127.0.0.1", "LIST"

registro lftp

[root@ladybug ~]# lftp
lftp :~> open 127.0.0.1
lftp 127.0.0.1:~> cd
cd ok, cwd=/
lftp 127.0.0.1:/> cd tv
cd ok, cwd=/tv
lftp 127.0.0.1:/tv> cd ..
lftp 127.0.0.1:/> cd nonefolder
cd: Access failed: 550 Failed to change directory. (/nonefolder)
lftp 127.0.0.1:/> ls
ls: Fatal error: 500 OOPS:           
lftp 127.0.0.1:/> cd tv
lftp 127.0.0.1:/tv> ls
ls: Fatal error: 500 OOPS:                 
lftp 127.0.0.1:/tv>

Log do Filezilla (execução diferente das duas acima)

Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,110).
Command:    LIST
Error:  Could not read from transfer socket: ECONNRESET - Connection reset by peer
Error:  Connection closed by server
Error:  Failed to retrieve directory listing
Status: Disconnected from server
Status: Connecting to 192.168.1.12:21...
Status: Connection established, waiting for welcome message...
Status: Insecure server, it does not support FTP over TLS.
Status: Logged in
Status: Retrieving directory listing...
Command:    PWD
Response:   257 "/" is the current directory
Command:    TYPE I
Response:   200 Switching to Binary mode.
Command:    PASV
Response:   227 Entering Passive Mode (192,168,1,12,39,114).
Command:    LIST
Error:  Connection closed by server
Error:  Failed to retrieve directory listing

/etc/vsftpd.conf

log_ftp_protocol=YES
xferlog_enable=YES
pasv_enable=YES
pasv_max_port=10100
pasv_min_port=10090
local_umask=022
anon_umask=022
anonymous_enable=YES
anon_upload_enable=YES
anon_root=/mnt/hdd-8tb/home/ftpd/
anon_mkdir_write_enable=YES
anon_other_write_enable=YES
chown_uploads=YES
chown_username=ftpd
listen=YES
pam_service_name=vsftpd

regras ufw (quando ativas)

To                         Action      From
--                         ------      ----
20/tcp                     ALLOW       Anywhere                  
21/tcp                     ALLOW       Anywhere                  
10090:10100/tcp            ALLOW       Anywhere                  
20/tcp (v6)                ALLOW       Anywhere (v6)             
21/tcp (v6)                ALLOW       Anywhere (v6)             
10090:10100/tcp (v6)       ALLOW       Anywhere (v6)

permissões de root ftp

ftpd@ladybug:/mnt/hdd-8tb/home/ftpd$ ls -la
total 52
dr-xr-xr-x  9 ftpd ftpd 4096 Jan  1 18:47 .
drwxr-xr-x 14 root root 4096 Jan  1 18:39 ..
-rw-rw-r--  1 ftpd ftpd 3339 Jan  2 21:20 .bash_history
-rw-rw-r--  1 ftpd ftpd  220 Jan 28  2023 .bash_logout
-rw-rw-r--  1 ftpd ftpd 3771 Jan 28  2023 .bashrc
drwxr-xr-x  9 ftpd ftpd 4096 Jul 29 21:46 books
drwxr-xr-x  5 ftpd ftpd 4096 Apr 13  2023 comics
drwxr-xr-x 10 ftpd ftpd 4096 Dec 31 18:44 games
drwxr-xr-x  7 ftpd ftpd 4096 Aug 25 21:20 movies
drwxr-xr-x 16 ftpd ftpd 4096 Apr 13  2023 music
-rw-rw-r--  1 ftpd ftpd  807 Jan 28  2023 .profile
drwxr-xr-x 16 ftpd ftpd 4096 Nov 12 20:49 tv
drwxr-xr-x  2 ftpd ftpd 4096 Jan  1 18:47 util

Não sei mais o que tentar. Parece que o vsftpd simplesmente não está aceitando conexões nessas portas, embora eu as tenha especificado. Disposto a tentar qualquer coisa neste momento.

firewall

1 respostas

  1. Best Answer

    Depois de fazer uma pesquisa literalmente exaustiva no Google, encontrei a resposta relacionada à eliminação dos comandos LIST.

    Do wiki do archlinux :

    4.7 VSFTPD reset connect via LIST command

  > seccomp_sandbox=NO

into the vsftpd.conf file fixes this issue

    Parece que surgiram respostas semelhantes aqui e aqui , com sintomas diferentes, mas com a mesma solução. Nenhum deles mencionou o problema com LIST, e acho que foi por isso que não os encontrei inicialmente. Por que adicionar isso ao arquivo conf corrige alguma coisa? Este sinalizador não está documentado na página de manual vsftpd.conf, no site ou em qualquer wiki que eu possa encontrar. Baixar a fonte revela que é uma opção válida em parseconf.c

    parseconf.c:  { "seccomp_sandbox", &tunable_seccomp_sandbox },

    E parece que o padrão, pelo menos na versão mais recente do vsftpd, está desabilitado.

    tunables.c:  tunable_seccomp_sandbox = 0;

    Não tenho ideia de por que ele está habilitado em minha versão, por que esse recurso com bugs não está documentado nos documentos públicos ou por que a mensagem de erro não ajuda a apontar para a solução. Realmente frustrante. De qualquer forma, espero que este tópico ajude a contextualizar caso alguém tenha o mesmo problema.

    • 0

relate perguntas