Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
04-18-2006, 08:42 PM
|
#1
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Rep:
|
anonymous proftpd
I'm running an anonymous proftpd on a debian sarge 3.1 2.6.I would like anonymous ftp users to provide a valid email address and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse and blablabla ... ciao!
|
|
|
04-19-2006, 11:30 AM
|
#2
|
Moderator
Registered: May 2001
Posts: 29,415
|
I would like anonymous ftp users to provide a valid email address
As far as I know you can't force anonymous ftp users to provide a valid email address.
and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse
Any self-respecting FTP daemon uses banners.
|
|
|
04-20-2006, 01:49 AM
|
#3
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
There must be a metod for doing it.If i was a prgrammer i would do a program that force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed ...
|
|
|
04-20-2006, 06:54 AM
|
#4
|
Moderator
Registered: May 2001
Posts: 29,415
|
force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed
You're reasoning the other way around. There is no necessity for a valid email address because it's anonymous FTP (else kindly show me the where it sez otherwise). Now if you have compelling reasons to waste CPU cycles on sending email no one will probably read you need to use account-based FTP or a web-based frontend for FTP that needs users to sign in (search Freshmeat or Sourceforge).
|
|
|
04-20-2006, 09:50 AM
|
#5
|
Member
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156
Rep:
|
why do you want to do this? If all you want to do is greet them then just put it in the banner.
|
|
|
04-20-2006, 04:04 PM
|
#6
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
Because it is a free entry for everyone and it is possible people do bad things i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable staff but sometimes can give you an idea if something weerd happens.The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!!
|
|
|
04-20-2006, 05:35 PM
|
#7
|
Moderator
Registered: May 2001
Posts: 29,415
|
it is possible people do bad things
Take the necessary precautions like hardening the box, regularly auditing it, chrooting users and NOT allowing users to write data.
i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable stuff but sometimes can give you an idea if something weerd happens.
Take the precautions...
The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!!
There's nothing security-enhancing in providing a valid email address.
|
|
|
04-25-2006, 08:57 PM
|
#8
|
Member
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567
Original Poster
Rep:
|
Ok !Ok!Just ideas and feedback from more expert hope.Anyway i will list some of my actual directives.I'm using ftp $HOME dir as chroot:
ServerType standalone
DeferWelcome off
ServerIdent off
ShowSymlinks on
MultilineRFC2228 on
ListOptions "-F"
TransferLog On
SyslogLevel debug
LogFormat "0.0.0.0 UNKNOWN %u %t \"%r\" %s %b"
Port 21
UseReverseDNS off
IdentLookups off
MaxInstances 5
User nobody
Group nogroup
DefaultRoot ~
Umask 117 007
<Anonymous ~ftp>
User ftp
Group ftp
ExtendedLog /var/log/proftpd.log
UserAlias anonymous ftp
RequireValidShell off
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
<Limit SITE_CHMOD>
DenyAll
</Limit>
</Directory>
<Directory pub/*>
<Limit READ>
AllowAll
</Limit>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory incoming/*>
<Limit WRITE>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
<Limit STORE>
AllowAll
</Limit>
</Directory>
</Anonymous>
My idea is to keep a log just to see how much traffic my ftp is on and i would allow writing just in the incoming dir and just download(not write)from the pub,any other suggestion from a security point of view ????
|
|
|
All times are GMT -5. The time now is 05:43 AM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|