|
anonymous proftpd
I'm running an anonymous proftpd on a debian sarge 3.1 2.6.I would like anonymous ftp users to provide a valid email address and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse and blablabla ... ciao!
|
I would like anonymous ftp users to provide a valid email address
As far as I know you can't force anonymous ftp users to provide a valid email address. and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse Any self-respecting FTP daemon uses banners. |
There must be a metod for doing it.If i was a prgrammer i would do a program that force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed ...
|
force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed
You're reasoning the other way around. There is no necessity for a valid email address because it's anonymous FTP (else kindly show me the where it sez otherwise). Now if you have compelling reasons to waste CPU cycles on sending email no one will probably read you need to use account-based FTP or a web-based frontend for FTP that needs users to sign in (search Freshmeat or Sourceforge). |
why do you want to do this? If all you want to do is greet them then just put it in the banner.
|
Because it is a free entry for everyone and it is possible people do bad things i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable staff but sometimes can give you an idea if something weerd happens.The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!!
|
it is possible people do bad things
Take the necessary precautions like hardening the box, regularly auditing it, chrooting users and NOT allowing users to write data. i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable stuff but sometimes can give you an idea if something weerd happens. Take the precautions... The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!! There's nothing security-enhancing in providing a valid email address. |
Ok !Ok!Just ideas and feedback from more expert hope.Anyway i will list some of my actual directives.I'm using ftp $HOME dir as chroot:
ServerType standalone DeferWelcome off ServerIdent off ShowSymlinks on MultilineRFC2228 on ListOptions "-F" TransferLog On SyslogLevel debug LogFormat "0.0.0.0 UNKNOWN %u %t \"%r\" %s %b" Port 21 UseReverseDNS off IdentLookups off MaxInstances 5 User nobody Group nogroup DefaultRoot ~ Umask 117 007 <Anonymous ~ftp> User ftp Group ftp ExtendedLog /var/log/proftpd.log UserAlias anonymous ftp RequireValidShell off <Directory *> <Limit WRITE> DenyAll </Limit> <Limit SITE_CHMOD> DenyAll </Limit> </Directory> <Directory pub/*> <Limit READ> AllowAll </Limit> <Limit WRITE> DenyAll </Limit> </Directory> <Directory incoming/*> <Limit WRITE> AllowAll </Limit> <Limit READ> DenyAll </Limit> <Limit STORE> AllowAll </Limit> </Directory> </Anonymous> My idea is to keep a log just to see how much traffic my ftp is on and i would allow writing just in the incoming dir and just download(not write)from the pub,any other suggestion from a security point of view ???? |
| All times are GMT -5. The time now is 04:38 AM. |