[sclug] ultimate ftp security

Leon Ward leon.ward at added-dimension.co.uk
Sat Oct 25 09:05:54 UTC 2003 

RH 9 eh?

	IIRC RH9 uses xinetd, a more secure replacement for inetd, as you
mention upgrade, maybe this is installed on your system now.

Take a look in /etc/xinetd.d/<daemonname> 
Where daemonname is the name of the ftpd you use.
The default action with insecure daemons (like ftpd + telnetd) is to add
them to xinetd disabled.

--example--
[nard at leo nard]$ cat /etc/xinetd.d/vsftpd
# default: off
# description: The vsftpd FTP server serves FTP connections. It uses \
#       normal, unencrypted usernames and passwords for authentication.
service ftp
{
        disable = yes    <---- This line.
        socket_type             = stream
        wait                    = no
        user                    = root
        server                  = /usr/sbin/vsftpd
        nice                    = 10
}
[nard at leo nard]$

restart / reload xinetd after making a change
#/etc/init.d/xinetd restart


On another point, take a look at ssh, scp and sftp as replacements for ftp
and telnet. The are far more secure and versatile replacements.

-Leon



-----Original Message-----
From: Derek M Jones [mailto:derek at knosof.co.uk]
Sent: 24 September 2003 03:55
To: sclug at sclug.org.uk
Subject: [sclug] ultimate ftp security


All,

Clever me created the ultimate in ftp server security
a while ago.
Trouble is I now want to ftp to the machine that does not
appear to be accepting ftp connections.

I have checked the obvious host deny (telnet works anyway)
and /etc/inetd.conf entries.  They all seem to be in order.

I seem to recall Linux (may be RedHat specific) having some other
configuration file that enabled all incoming traffic to be switched
off; which is what I recall clever me using (which makes me wonder
why I can telnet to the box, but I did upgrade to RedHat 9 some months
ago).

Any suggestions, obvious or otherwise, on how I might get some
ftp server support back would be most welcome.

derek

--
Derek M Jones                                           tel: +44 (0) 1252
520 667
Knowledge Software Ltd                            mailto:derek at knosof.co.uk
Applications Standards Conformance Testing   http://www.knosof.co.uk


_______________________________________________
sclug mailing list
sclug at sclug.org.uk
http://www.sclug.org.uk/mailman/listinfo/sclug

This E-mail and its attachments have been scanned for viruses before
delivery.
For more information contact postmaster at added-dimension.co.uk.

This E-mail and its attachments have been scanned for viruses before delivery.
We recommend that all attachments are also checked by recipients before being viewed.
For more information contact postmaster at added-dimension.co.uk.

More information about the Sclug mailing list