LinuxQuestions.org
Support LQ: Use code LQ3 and save $3 on Domain Registration
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Software
User Name
Password
Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum.

Notices

Reply
 
Search this Thread
Old 12-14-2006, 01:18 AM   #1
UltraSoul
Member
 
Registered: Dec 2004
Location: Japan
Distribution: REDHAT9.0, Mandrake10.1
Posts: 404

Rep: Reputation: 31
Why my root directory exposed to win2003 server + IE7


I have FC5 installed on my Dell box through vmware.
I also configured vsftp on the FC5 and have chroot to work to deny the unexpected access to my root directory.

(1) I enter the following address in firefox and firefox will bring me to the userID home directory.
because chroot is enabled, I can not access the uppper directory of userID $HOME any more.

ftp://userID:Passwd@server_address

(2) One day, My friend told me that he used the latest IE7 on his windows server 2003 and can access
my root directory. It is unbelievable for me. He took the photo for me. i can see all my root FS in the
IE7 browser by my eye.


I wonder the reason. Have you experienced the trouble?
 
Old 12-14-2006, 06:51 PM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
My friend told me that he used the latest IE7 on his windows server 2003 and can access
my root directory.

Running an OS in Vmware does not limit host OS exposure in any way. You have to harden it separately.
If this thread turns out to be about Wintendo hardening then it should be moved to the General forum.
 
Old 12-15-2006, 02:01 AM   #3
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
Quote:
Originally Posted by UltraSoul
I have FC5 installed on my Dell box through vmware.
I also configured vsftp on the FC5 and have chroot to work to deny the unexpected access to my root directory.

(1) I enter the following address in firefox and firefox will bring me to the userID home directory.
because chroot is enabled, I can not access the uppper directory of userID $HOME any more.

ftp://userID:Passwd@server_address

(2) One day, My friend told me that he used the latest IE7 on his windows server 2003 and can access
my root directory. It is unbelievable for me. He took the photo for me. i can see all my root FS in the
IE7 browser by my eye.


I wonder the reason. Have you experienced the trouble?
Perhaps you have anonymous access enabled with / as the root directory? You didn't mention your friend actually logging into any account, and browsers will use anonymous by default if you just enter ftp://server
 
Old 12-15-2006, 03:26 AM   #4
UltraSoul
Member
 
Registered: Dec 2004
Location: Japan
Distribution: REDHAT9.0, Mandrake10.1
Posts: 404

Original Poster
Rep: Reputation: 31
Hi, chort

=== Start Quote ====
Perhaps you have anonymous access enabled with / as the root directory?
You didn't mention your friend actually logging into any account, and browsers
will use anonymous by default if you just enter ftp://server
==== End Quote ====

I use /var/pub to the anonymous account home direcroty. And I have disable the anony_enable parameter in /etc/vsftp/vsftpd.conf. I access ftp://server_address in my firefox and I will get pub directory which is the
root directory on anonymous site.

My firend used ftp://guest:guest@ftp_server_address and got the root directory on my FC5. But firefox does not have
the same problem. Then, I suspect Win2003 server+IE7 or vmware has some bugs to respond the my problems.


Thanx.
BR
 
Old 12-15-2006, 06:11 AM   #5
robert.wolfe
LQ Newbie
 
Registered: Jul 2006
Distribution: Debian for Sparc, OpenSUSE 11.2, Solaris 9, Debian/x86, Ubuntu Server
Posts: 19

Rep: Reputation: 1
FTP Server Issues

Quote:
Originally Posted by UltraSoul
Hi, chort

I use /var/pub to the anonymous account home direcroty. And I have disable the anony_enable parameter in /etc/vsftp/vsftpd.conf. I access ftp://server_address in my firefox and I will get pub directory which is the
root directory on anonymous site.

My firend used ftp://guest:guest@ftp_server_address and got the root directory on my FC5. But firefox does not have
the same problem. Then, I suspect Win2003 server+IE7 or vmware has some bugs to respond the my problems.


Thanx.
BR
The first thing I have to ask here is do you actually have port 21 on your router actually forwarded to the Linux setup that you have in VMware? I would check that first.

Secondly, as was stated earlier in this thread, Windows and ANY OS running in VMWare need to be "hardened" separately. Just because Windows may be protected does not necessarily mean that the guest OS you are running under VMWare is.

Robert Wolfe
net261 Communications
Buffalo, New York
 
Old 12-15-2006, 08:33 AM   #6
UltraSoul
Member
 
Registered: Dec 2004
Location: Japan
Distribution: REDHAT9.0, Mandrake10.1
Posts: 404

Original Poster
Rep: Reputation: 31
=== Start Quote ===
The first thing I have to ask here is do you actually have port 21 on your router actually forwarded to the Linux setup that you have in VMware? I would check that first.
=== End Quote ====
Anwser:
Yes, it's really on the port 21. Then, I can access the ftp server
over WAN.

=== Start Quote ===
Secondly, as was stated earlier in this thread, Windows and ANY OS running in VMWare need to be "hardened" separately. Just because Windows may be protected does not necessarily mean that the guest OS you are running under VMWare is.
=== End Quote ====
Question:
I wonder how to harden it? Do you mean I should install the FC5 as a host OS in my windows box?
 
Old 12-15-2006, 12:23 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
I wonder how to harden it? Do you mean I should install the FC5 as a host OS in my windows box?
If you do not have specific reasons for requiring W2K3S as host OS and if you will able to harden, manage and maintain FC5 qualitatively better compared to W2K3S, then by all means do so. Please note Windows host hardening questions should not be covered in this forum.
 
Old 12-18-2006, 12:39 PM   #8
robert.wolfe
LQ Newbie
 
Registered: Jul 2006
Distribution: Debian for Sparc, OpenSUSE 11.2, Solaris 9, Debian/x86, Ubuntu Server
Posts: 19

Rep: Reputation: 1
Quote:
Originally Posted by UltraSoul
Question:
I wonder how to harden it? Do you mean I should install the FC5 as a host OS in my windows box?
By "hardening" I mean make sure file and directory access permissions are set correctly on your FTP server as this appears to be part of your problem with your FTP server (to the moderator: noticed how I stayed away from Windows "hardening" <G>)
 
Old 12-18-2006, 07:02 PM   #9
unSpawn
Moderator
 
Registered: May 2001
Posts: 27,264
Blog Entries: 54

Rep: Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852Reputation: 2852
Yeah, I noticed.

But why? If you got more Wintendo hardening basics to share, why not? It's just this thread will end up in another forum, that's all... Heh. Maybe it would be cool to do *one* Wintendo hardening thread just for the fun of it.
 
Old 12-18-2006, 07:53 PM   #10
chort
Senior Member
 
Registered: Jul 2003
Location: Silicon Valley, USA
Distribution: OpenBSD 4.6, OS X 10.6.2, CentOS 4 & 5
Posts: 3,660

Rep: Reputation: 69
If they can log in with guest:guest that means you have the "guest" account enabled in your OS. Why would you think it's a VMware bug? All VMware is doing is providing a virtualized view of the system hardware. It doesn't fiddle with access to the directories on your various file systems.

I don't think you understand what VMware does. Running a "guest" OS doesn't allow that OS to take over your system and automatically hijack all incoming network connections. It's like a separate machine (hence "virtual machine"). There are two ways to get traffic from the network to your virtual machine: Port forwarding from VMware network settings, or using a bridge network (not the default) and giving the guest OS it's own IP address. Note that if you do port-forwarding you need to make sure that the host OS isn't running a service on the port that you forward, and that Windows firewall needs to allow incoming traffic to that port.
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
unable to connect printer from win2003 server to linux bhajan.verma Linux - Networking 2 09-11-2006 04:03 AM
Integrating Active Directory Win2003 and Linux user database ?? ps.nepali Linux - Networking 3 03-17-2006 01:00 AM
can't print properly to win2003 server printer with suse 9.3 kanuuker Linux - Hardware 0 08-15-2005 11:04 AM
Mounting a win2003 directory on linux msound Linux - Networking 3 06-08-2005 01:43 PM
question about your opinion for win2003 server against Linux filosofos Linux - General 2 05-10-2005 06:51 PM


All times are GMT -5. The time now is 11:05 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration