FSRM in linux
Team,
Do we have any tool in Linux which works like FSRM in windows? We need to do file screening on Linux box and i don't know how to do it. Please suggest. Regards, Sathya.R |
Quote:
You provide no details to let anyone help you; we need version/distro of Linux, what you're trying to accomplish, what you're using currently, etc. You say 'file screening', but don't say what you're using now to GET these files onto a system to be screened. The solutions for Samba are far different than if you're using FTP, RSYNC, SCP, or even a custom script. If you're using Samba services, I'd suggest you start by reading the man pages, and pay particular attention to the "vetofiles" directive: https://www.samba.org/samba/docs/man...html#VETOFILES |
Thanks for the guidelines and sorry for not giving proper information,Vetofile wont work because, we have users who access RHEL 6.6 box via sftp to upload files. sftp access provided to that user lands him to a specific folder (/tmp/sftpfolder) using chroot on sshd config, now when a user is trying to upload a file with an extension .exe or mp3, it should be blocked.
Is there any possibility in doing this on a RHEL 6.6 box ? |
Quote:
You can't do what you're after using SFTP on ANY system, Windows or Linux, but you do have options. The first (and easiest), is to write a script to look at the upload directory, and simply delete any files matching the pattern. Very simple, and easy to implement. The second is harder, but much more robust. OpenSSH lets you use an external process for an sftp server, via the Subsystem directive in sshd_config. You could implement your own sftp server, using whatever script/program you wish. The Net::SFTP:SftpServer perl module has a working example. It has a configurable callback function for file transfer events, which would allow you to inspect the file name. Enable this globally in sshd_config with Subsystem sftp <whatever your program/script is>. And since you're using RHEL 6.6, have you contacted RHEL support for any advice/guidance they may have? You are PAYING for RHEL, right? |
Hi,
Thanks for replying, I have already taken this issue to REDHAT and they say, there is no option available with REDHAT, rather asking us to get some 3 rd party tool to have this issue addressed. ( 3rd party tool not mentioned by the support). |
Quote:
|
Hello Sathya
this thread was created long time ago, but i have same need , and i 'm interesting about solution you chose ? thks |
Quote:
|
In addition, check the filetype, not (just) the extension.
Changing or adding to the extension is the oldest trick in the book to get around this sort of restriction. Look at the 'file' cmd https://linux.die.net/man/1/file as a starting point. |
Quote:
deny_file={*.php,*.exe,*.sh,*.rb,*.py,*.dll,*.js} Good luck! |
All times are GMT -5. The time now is 02:55 AM. |