Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Thios is probably a stupid question but I shutdown my server to upgrade the RAM in it. Everything was working great before I shut it down. I didn't have Proftpd set to start on boot (I was getting to it but just kept forgetting to turn that on).
The server came back up fine and I was very pleased at the increase in performance after the RAM upgrade. I wanted to start my ftp server so I did:
Code:
service proftpd start
Cannot find proftpd service
Usage: service -[Rfshv] SERVICE ARGUMENTS
-f|--full-restart: Do a fullrestart of the service.
-R|--full-restart-all: Do a fullrestart of all services currently running.
-s|--status-all: Print a status of all services.
-d|--debug: Launch with debug.
-h|--help: This help.
-v|--version: Print version.
version 1.12
So then tried to start the service through the Webmin service module and got:
Code:
Executing /etc/rc.d/init.d/proftpd start ..
/bin/sh: line 1: /etc/rc.d/init.d/proftpd: Permission denied
How can a server just vanish?
Last edited by AudioMechanic; 05-24-2005 at 07:09 PM.
I tried displaying a list of all known services and got this:
Code:
# service -s
portmap (pid 968) is running...
master is stopped
prelude (pid 1323) is running...
1322 (pid 1320) is running...
prelude_report (pid 1321) is running...
1309 (pid ) is running...
/sbin/service: line 118: /etc/init.d/proftpd: Permission denied
The random data source exists
routed is stopped
rwhod (pid 1238) is running...
1237 (pid ) is running...
saslauthd is stopped
How can the permision be denied if I'm the root user? I thought the root user had permsion of all.
Is there a way that I can change the permisions of this server so I can start/stop/get status of it? I don't know how the permisions changed in the first place. Crazy.
Ok, check it out. I found the execution script for proftpd (I know, what took me so long) and tried to execute it from a shell. I tried a couple different commands and got this:
Code:
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd start
Starting proftpd: [ OK ]
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd restart
Shutting down proftpd: [FAILED]
Starting proftpd: [ OK ]
[root@cpe-xx-xx-xx-xx admin]# /etc/init.d/proftpd status
proftpd dead but subsys locked
[root@cpe-xx-xx-xx-xx admin]#
Proftpd DEAD?!?!?! What does that mean?
Hee's the startup script for your viewing pleasure:
Code:
#!/bin/sh
#
# Startup script for ProFTPd
#
# chkconfig: 345 85 15
# description: ProFTPD is an enhanced FTP server with \
# a focus toward simplicity, security, and ease of configuration. \
# It features a very Apache-like configuration syntax, \
# and a highly customizable server infrastructure, \
# including support for multiple 'virtual' FTP servers, \
# anonymous FTP, and permission-based directory visibility.
# processname: proftpd
# config: /etc/proftpd.conf
#
# By: Osman Elliyasa <osman@Cable.EU.org>
# $Id: proftpd.init.d,v 1.2 2001/01/26 23:10:55 flood Exp $
# modified by vdanen@mandrakesoft.com
# Source function library.
. /etc/rc.d/init.d/functions
# Get config.
. /etc/sysconfig/network
# Check that networking is up.
if [ ${NETWORKING} = "no" ]
then
exit 0
fi
[ -x /usr/sbin/proftpd ] || exit 0
FTPSHUT=/usr/sbin/ftpshut
RETVAL=0
# See how we were called.
case "$1" in
start)
gprintf "Starting proftpd: "
daemon proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
;;
stop)
gprintf "Shutting down proftpd: "
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
;;
status)
status proftpd
RETVAL=$?
;;
restart)
$0 stop
$0 start
RETVAL=$?
;;
reload)
gprintf "Re-reading proftpd config: "
killproc proftpd -HUP
RETVAL=$?
echo
;;
suspend)
if [ -f $FTPSHUT ]; then
if [ $# -gt 1 ]; then
shift
gprintf "Suspending proftpd with '$*' "
$FTPSHUT $*
else
gprintf "Suspending proftpd NOW "
$FTPSHUT now "Maintanance in progress"
fi
else
gprintf "No way to suspend, shutting down instead "
fi
killproc proftpd
RETVAL=$?
echo
[ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
;;
resume)
if [ -f /etc/shutmsg ]; then
gprintf "Allowing proftpd sessions again "
rm -f /etc/shutmsg
else
gprintf "Starting proftpd; was not suspended "
fi
daemon proftpd
echo
[ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
;;
*)
gprintf "Usage: %s {start|stop|status|restart|reload|resume" "$0"
if [ "$FTPSHUT" = "" ]; then
gprintf "}\n"
else
gprintf "|suspend}\n"
gprintf "suspend accepts additional arguments which are passed to ftpshut(8)\n"
fi
exit 1
esac
if [ $# -gt 1 ]; then
shift
$0 $*
fi
exit $RETVAL
and the config file:
Code:
# This is a basic ProFTPD configuration file (rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Allow FTP resuming.
# Remember to set to off if you have an incoming ftp for upload.
AllowStoreRestart on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022
# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User admin
Group admin
# Normally, we want files to be overwriteable.
<Directory /ftp>
AllowOverwrite on
AllowRetrieveRestart on
AllowStoreRestart on
DeleteAbortedStores on
HiddenStor on
HideNoAccess on
<limit DELE>
DenyAll
</limit>
HideGroup adm
</Directory>
# Needed for NIS.
PersistentPasswd off
# Default root can be used to put users in a chroot environment.
# As an example if you have a user foo and you want to put foo in /home/foo
# chroot environment you would do this:
#
# DefaultRoot /home/foo foo
<Global>
AllowForeignAddress on
AllowRetrieveRestart on
AllowStoreRestart on
DeferWelcome on
IdentLookups on
MaxClients 10 "Check this out, too many people are gang bangin my server, yo. Check back when there"
MaxClientsPerHost 20
ServerIdent on "Welcome! You sick freak you."
tcpNoDelay on
DeleteAbortedStores on
HiddenStor on
ShowSymlinks off
DirFakeGroup on
DirFakeUser on
ShowDotFiles on
LoginPasswordPrompt off
AccessDenyMsg "Try again, fumblefingers."
AccessGrantMsg "Ooo! You pushed all my right buttons!"
AllowOverwrite off
RootLogin on
AuthAliasOnly off
MaxLoginAttempts 3
RequireValidShell off
UseFtpUsers off
AuthPAM on
AuthPAMAuthoritative on
DefaultChdir /ftp
DefaultRoot /ftp admin
DefaultRoot / root
GroupPassword ftp 11ktk1UwLbY2c
UserAlias underground admin
UserAlias root root
UserAlias elizabeth admin
UserPassword admin 11vdYqY/iXMOI
</Global>
MultilineRFC2228 on
SocketBindTight on
TimeoutIdle 600
UseReverseDNS on
AllowForeignAddress on
AllowRetrieveRestart on
DeferWelcome on
IdentLookups on
MaxClients 10 "Check it out, too many people are gang bangin my server. Check back when there"
MaxClientsPerHost 10 "Come on MAN! My bandwidth aint free!"
ServerIdent on "Welcome to the party! Ya herd?"
tcpNoDelay on
LoginPasswordPrompt off
AccessDenyMsg "Try again, fumblefingers."
AllowOverwrite off
Classes on
TimeoutLogin 60
DefaultChdir /ftp
RootLogin off
GroupPassword admin 11ktk1UwLbY2c
MaxLoginAttempts 3
RequireValidShell off
UseFtpUsers off
UserAlias underground admin
DefaultRoot /ftp
UserPassword admin 11vdYqY/iXMOI
Please dear God someone have an answer for me. I will kiss your feet, walk your dog, mow your lawn...just help me! Thank you in advance for ANY replies. I will post as much info as you need.
Well, I checked the daemons log and found about 7 of these lines:
Quote:
May 24 18:54:06 cpe-xx-xx-xx-xx proftpd[16463]: cpe-xx-xx-xx-xx.houston.res.rr.com - Failed binding to xx.xx.xx.xx port 21: Address already in use
May 24 18:54:06 cpe-xx-xx-xx-xx proftpd[16463]: cpe-xx-xx-xx-xx.houston.res.rr.com - Check the ServerType directive to ensure you are configured correctly.
Looks like another program is hogging the port. But I wonder what program that could be. How do I see what programs are using what ports?
I tried a shutdown and restart to get any other programs to release that port but no such luck.
BTW, thank you very much for the reply. I know I've been pestering about this and most likely annoying a lot of people. My apologies for posting in more than one thread and for being a pest.
Last edited by AudioMechanic; 05-25-2005 at 05:07 AM.
Well, according to that netstat you already have something bound and listening to your ftp port.... but it sure doesn't look like it is proftpd.... some of those ps lines got cut off, do any of them look like an ftp daemon or look like they could be running on port 22?
Well, I scanned it over and don't see anything relating to an ftp or anything on port 21 but here is the expanded file in case you see something that I didn't (please excuse the hugeness ):
Here's something else I found peculiar. I was going through the system logs and came across this in my /var/log/secure file:
Quote:
May 23 20:27:09 cpe-67-10-146-38 xinetd[1149]: START: ftp pid=2289 from=10.10.69.204
May 23 20:27:09 cpe-67-10-146-38 xinetd[2289]: FAIL: ftp libwrap from=10.10.69.204
May 23 20:27:09 cpe-67-10-146-38 xinetd[1149]: EXIT: ftp status=0 pid=2289 duration=0(sec)
The date and time mean that this was logged right after I rebooted from installing the RAM. The 10.10.69.204 IP address means that I was manually starting proftpd from my laptop using webmin.
Also, it looks like "sshd" is listening on port 22. I have no idea what's listening on port 21.
Last edited by AudioMechanic; 05-26-2005 at 05:59 PM.
This is definately a port issue. A fishy one at that. I changed the listen port for proftpd from 21 to 10001. Then tried to start proftpd and it started right up. Got into it from my laptop.
For the mean time, I have port 21 blocked from the external interface (eth1) by my firewall. I also have port 10001 blocked as well so proftpd is off limits to the internet.
Wonder how I can figure out what is running on port 21 and if this is an attack or just some mischief, how can I prevent it next time?
Thank you for the help thus far! I'm learning!
Last edited by AudioMechanic; 05-26-2005 at 06:21 PM.
I'm just finding all kinds of stuff (either that or stumbling across things that everyone already knew). The program that is hogging port 21 is "xinetd." I found this out by running "netstat -tanp" which yielded this result:
Question is, what is xinetd, can I disable it, and why is it using port 21?
I hope I'm making progress here. I'm still a n00b.
EDIT: Well, I googled xinetd and it looks like an intrusion detector. Seems to be pretty important. I'll leave it active. New question: can xinetd and proftpd share the same port? If not, can I disable xinetd from port 21 and still keep my ftp safe?
Last edited by AudioMechanic; 05-26-2005 at 08:42 PM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
):
