Latest LQ Deal: Latest LQ Deals
Go Back > Forums > Linux Forums > Linux - Newbie
User Name
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!


  Search this Thread
Old 01-04-2010, 08:32 PM   #1
Registered: Nov 2009
Posts: 30

Rep: Reputation: 15
Create ftpusers Files (CIS)

Hi all, while i am reading the CIS guide for RHEL, i came across this section, which is on "Create ftpusers Files".

The code:

if [ -f /etc/ftpaccess ]; then
for NAME in `cut -d: -f1 /etc/passwd`; do
if [ `id -u $NAME` -lt 500 ]; then
echo $NAME >> /etc/ftpusers
chown root:root /etc/ftpusers
chmod 0600 /etc/ftpusers
echo "diff /etc/ftpusers-preCIS /etc/ftpusers"
diff /etc/ftpusers-preCIS /etc/ftpusers
if [ -e $VSFTP_CONF ] && ! grep -q "^userlist_deny=NO" $VSFTP_CONF; then
/bin/cp -fp /etc/ftpusers /etc/vsftpd.ftpusers
chown root:root /etc/vsftpd/vsftpd.conf
chgrp 0600 /etc/vsftpd/vsftpd.conf
[ -e /etc/vsftpd.ftpusers-preCIS ] && echo "diff /etc/vsftpd.ftpusers-preCIS /etc/vsftpd.ftpusers"
[ -e /etc/vsftpd.ftpusers-preCIS ] && diff /etc/vsftpd.ftpusers-preCIS /etc/vsftpd.ftpusers
echo "OK - No /etc/ftpaccess to tailor."

But, i don't really know what the code is actually doing. Can anyone care to explain this to me? Thanks.
Old 01-05-2010, 01:44 PM   #2
Senior Member
Registered: Dec 2008
Location: Louisville, OH
Distribution: Debian, CentOS, Slackware, RHEL, Gentoo
Posts: 1,833

Rep: Reputation: 167Reputation: 167
Originally Posted by wjs1990 View Post
But, i don't really know what the code is actually doing. Can anyone care to explain this to me? Thanks.
First, try to use [ code ] [ /code ] (sans spaces) tags around code, it makes it a lot easier to read.

The short answer is:

Tests to see if /etc/ftpaccess exists, if so it loops through the password file entries and tests each if its a system account (ie: under 500), if so it adds them to the ftpusers file. Modifies the owner and permissions, does a diff to screen, and verifies that userlist_deny isn't set and copies the ftpusers file to the vsftpd specific file and fixes owner and permissions on that it then shows the differences between the vsftpd specific files and and the precis versions.

Last edited by rweaver; 01-05-2010 at 01:46 PM.
Old 01-05-2010, 01:47 PM   #3
Registered: Apr 2007
Location: Athens, Georgia, USA
Distribution: kubuntu 12.04, centos 6.3
Posts: 31

Rep: Reputation: 16
Well, basically,

If there is no /etc/ftpaccess file, do nothing (the last else).
Otherwise, concatenate each system account (uid less than 500) name onto the list in /etc/ftpusers. That prevents any ftp access using those names . Then, tighten up the ownership and permissions on /etc/ftpusers. If you have very safe ftp (vsftp) installed, apply the same changes there. Send a diff report to the terminal of what account names got added .


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off

Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Linux matches across CIS LXer Syndicated Linux News 0 12-31-2007 01:40 PM
Solaris 10 x86 CIS security scan ghouliajoolia Solaris / OpenSolaris 5 02-11-2005 10:02 AM
Linux, Create Dirs=no, Create files=yes. Possible? tisource Linux - General 4 01-12-2004 10:05 PM
Edimax Cardbus CIS problem debjan Linux - Networking 0 08-17-2003 06:54 AM
Edimax Carcbus CIS problem debjan Linux - Laptop and Netbook 0 08-17-2003 06:53 AM > Forums > Linux Forums > Linux - Newbie

All times are GMT -5. The time now is 02:16 AM.

Main Menu
Write for LQ is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration