FSRM in linux
 

Team,

Do we have any tool in Linux which works like FSRM in windows?

We need to do file screening on Linux box and i don't know how to do it.

Please suggest.

Regards,
Sathya.R

A good suggestion is to try to do some research on your own first. Also, we aren't members of your 'team', but volunteers on this site. Also, we will suggest you read the "Question Guidelines" link in my posting signature.

You provide no details to let anyone help you; we need version/distro of Linux, what you're trying to accomplish, what you're using currently, etc. You say 'file screening', but don't say what you're using now to GET these files onto a system to be screened. The solutions for Samba are far different than if you're using FTP, RSYNC, SCP, or even a custom script.

If you're using Samba services, I'd suggest you start by reading the man pages, and pay particular attention to the "vetofiles" directive:
https://www.samba.org/samba/docs/man...html#VETOFILES

Thanks for the guidelines and sorry for not giving proper information,Vetofile wont work because, we have users who access RHEL 6.6 box via sftp to upload files. sftp access provided to that user lands him to a specific folder (/tmp/sftpfolder) using chroot on sshd config, now when a user is trying to upload a file with an extension .exe or mp3, it should be blocked.

Is there any possibility in doing this on a RHEL 6.6 box ?

Again, vetofile was suggested, because you didn't provide any details up front. Had you mentioned that you wanted to do this on a directory where users were putting files via sftp, the suggestion would be different.

You can't do what you're after using SFTP on ANY system, Windows or Linux, but you do have options. The first (and easiest), is to write a script to look at the upload directory, and simply delete any files matching the pattern. Very simple, and easy to implement.

The second is harder, but much more robust. OpenSSH lets you use an external process for an sftp server, via the Subsystem directive in sshd_config. You could implement your own sftp server, using whatever script/program you wish. The Net::SFTP:SftpServer perl module has a working example. It has a configurable callback function for file transfer events, which would allow you to inspect the file name. Enable this globally in sshd_config with Subsystem sftp <whatever your program/script is>.

And since you're using RHEL 6.6, have you contacted RHEL support for any advice/guidance they may have? You are PAYING for RHEL, right?

Hi,

Thanks for replying, I have already taken this issue to REDHAT and they say, there is no option available with REDHAT, rather asking us to get some 3 rd party tool to have this issue addressed. ( 3rd party tool not mentioned by the support).

Ok, so you're back to either writing a simple script to do this, or by using an external sftp process as mentioned. The CPAN/Perl route is fairly robust, and will let you do exactly what you're after.

Hello Sathya

this thread was created long time ago, but i have same need , and i 'm interesting about solution you chose ?

thks

The solution remains the same as was given to the OP; write a script, or use the aforementioned options in SSH.

In addition, check the filetype, not (just) the extension.
Changing or adding to the extension is the oldest trick in the book to get around this sort of restriction.
Look at the 'file' cmd https://linux.die.net/man/1/file as a starting point.

This can be set depending on the FTP platform you are using, for example vsftpd can be set with the line below and it will blocked those extensions that are define within the curly braces.

deny_file={*.php,*.exe,*.sh,*.rb,*.py,*.dll,*.js}

Good luck!