LinuxQuestions.org
Did you know LQ has a Linux Hardware Compatibility List?
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

Reply
 
Search this Thread
Old 10-31-2003, 08:48 PM   #1
jsbush
LQ Newbie
 
Registered: Oct 2003
Posts: 22

Rep: Reputation: 15
vsftpd, and premoicuous. Is it secure?


In order to get vsftpd to allow site to site transfers I had to enalbe these two options:

pasv_promiscuous=YES
port_promiscuous=YES

Is my linux box secure with these to options on. It said in the man file that this disalbes passive security and port security.
 
Old 11-02-2003, 07:01 PM   #2
jsbush
LQ Newbie
 
Registered: Oct 2003
Posts: 22

Original Poster
Rep: Reputation: 15
anyone?
 
Old 11-04-2003, 01:16 PM   #3
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,564
Blog Entries: 54

Rep: Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928Reputation: 2928
Is my linux box secure with these to options on.
What are you actually asking? Could you be more specific what you how "secure" is defined in this case?

Both directives allow anyone who has access to your FTP server to control your FTP server to send any data to any remote port on remote server, which is, from a "Bad" Thing from an admin point of view because it makes transactions opaque in the sense that your box volunteers to be an intermediate for any transaction.

General restrictions, without addressing the necessity of site-to-site or FXP transfers could be blocking traffic originating from "non-routables" and rate limiting in/outbound traffic.
More specific restrictions depend on auditing your server capabilities for allowing something along the lines of an ftp bounce attack and if you need to provide access: to any remote server or a finite and determinable group of FTP/FXP servers, for anon users or a determinable group of users and maybe if you need to allow bi-directional FXP or "one way" (but then I don't use FXP so I don't know if that's feasable, OK).
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
vsftpd.conf/chroot/vsftpd.chroot_list issue Jerman Linux - Security 2 06-01-2007 08:24 PM
VSFTPD with secure & non-secure logins Ricci Graham Linux - Software 5 04-07-2005 05:12 PM
Secure email (SSL vs. secure authentication) jrdioko Linux - Newbie 2 11-28-2004 02:39 PM
vsftpd very very secure, so secure i can't use it... baronsam Linux - Networking 4 10-06-2003 07:12 PM
Vsftpd Folder ownerships - Is this secure? Korff Linux - Security 2 06-06-2003 02:05 PM


All times are GMT -5. The time now is 04:09 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration