vsftpd (ftp server) setup questions
I am trying to set up an FTP server.
I'll describe how I want to use it first. I have about 6 windows vista machines with a program set to auto backup. I want to use a scheduled windows task (running a script) to connect to my linux server and upload the backup files via ftp. So first I think I have figured out how to setup the ftp script (maybe) but thats secondary to my first issue. I have downloaded vsftpd and installed through yum (running RHEL). I am trying to set up the ftp so that it only allows uploads, only allows valid users, and if possible to allow no other actions other than actually deposit a file on the server. I am trying to be security conscious and prevent people from doing bad things to our server if they capture the ftp password. I followed directions found herehttp://wjholden.com/vsftpd-help.html and set up the uploader user. to test I used putty and SSH'd in under uploades and it shows -bash-3.2$ instead of user@servername$ What does that mean? also does it matter that rhel doesn't have the command rc-update mentioned as the last step for creating the users? last part of the question, is there more I can do to make this ftp safe? so far, set to upload only and no anonymous users. |
I am not familiar with that specific ftp software. but do have a few suggestions. in your hosts.allow file set ftp to only allow connections from either your internal network or just the IP'S of the client box's...this will keep you nice and safe. also another possibility for what you are trying to accommodate is using rsync. or maybe try using existing backup software with your server config...sorry can't be much more help with the config you have...good luck...oh and it doesn't sound like the user has bash shell as default as appose to another shell you can fix that by typing bash and for good you will have to research but I THINK in RHEL it is chsh so just man chsh and it should give u the answer you need.
|
Quote:
Code:
chroot_list_enable Code:
chroot_local_user Quote:
rc-update is a tool for configuring your runlevels. In RHEL you use "chkconfig" (to change runlevels) or "service" (to start, restart, ... daemons) Quote:
|
Quote:
Quote:
I'm going to look up rsync and see what possibilities it has. Thanks for the info about chroot I overlooked that when I looked at the vsftp stuff originally, I've got it turned on now. And I set up the hosts.allow and hosts.deny with vsftpd: (my IP) :allow and vsftpd:ALL respectively, is this correct? Also, I really appreciate the responses and I'm sorry it took so long to get back to this, I've been really busy with finishing up this semester at school the past few weeks and haven't had time to come into work |
Quote:
I would think about sftp, scp, or everything else in an encrypted ssl tunnel :) Quote:
As an extra security messure you could use the chown_uploads and chown_username in combination with anon_umask. This way you can make the uploads invisible and inaccessible for download again. Quote:
Quote:
|
Quote:
Quote:
if using rsync should i use chown and other security measures as well? |
As an ssh tunnel is encrypted this is indeed more secure.
I do not have experience with rsync so I can't really help you with specifics. You have to think about if you trust the client that is backup up to your server. Can he get a shell through ssh? How can you prevent this, ...? |
All times are GMT -5. The time now is 04:06 AM. |