LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 04-18-2006, 08:42 PM   #1
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Rep: Reputation: 30
Talking anonymous proftpd


I'm running an anonymous proftpd on a debian sarge 3.1 2.6.I would like anonymous ftp users to provide a valid email address and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse and blablabla ... ciao!
 
Old 04-19-2006, 11:30 AM   #2
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
I would like anonymous ftp users to provide a valid email address
As far as I know you can't force anonymous ftp users to provide a valid email address.


and automatically send them a mail saying that their ip instead has been logged plus a welcome offcourse
Any self-respecting FTP daemon uses banners.
 
Old 04-20-2006, 01:49 AM   #3
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
There must be a metod for doing it.If i was a prgrammer i would do a program that force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed ...
 
Old 04-20-2006, 06:54 AM   #4
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
force users to give a valid email address otherways the welcome mail would not been sent and the login wold not be allowed
You're reasoning the other way around. There is no necessity for a valid email address because it's anonymous FTP (else kindly show me the where it sez otherwise). Now if you have compelling reasons to waste CPU cycles on sending email no one will probably read you need to use account-based FTP or a web-based frontend for FTP that needs users to sign in (search Freshmeat or Sourceforge).
 
Old 04-20-2006, 09:50 AM   #5
NNP
Member
 
Registered: Nov 2004
Distribution: Debian/Ubuntu
Posts: 156

Rep: Reputation: 30
why do you want to do this? If all you want to do is greet them then just put it in the banner.
 
Old 04-20-2006, 04:04 PM   #6
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
Because it is a free entry for everyone and it is possible people do bad things i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable staff but sometimes can give you an idea if something weerd happens.The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!!
 
Old 04-20-2006, 05:35 PM   #7
unSpawn
Moderator
 
Registered: May 2001
Posts: 29,415
Blog Entries: 55

Rep: Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603Reputation: 3603
it is possible people do bad things
Take the necessary precautions like hardening the box, regularly auditing it, chrooting users and NOT allowing users to write data.


i was wondering i could have something more than just an ip and anyway i have got still nothing in my hands because is all spoofable stuff but sometimes can give you an idea if something weerd happens.
Take the precautions...


The greet mail is just an another idea to test mail validity that once reached destination allow anonymous login,just a security layer more ... still wondering !!!
There's nothing security-enhancing in providing a valid email address.
 
Old 04-25-2006, 08:57 PM   #8
gabsik
Member
 
Registered: Dec 2005
Location: This planet
Distribution: Debian,Xubuntu
Posts: 567

Original Poster
Rep: Reputation: 30
Ok !Ok!Just ideas and feedback from more expert hope.Anyway i will list some of my actual directives.I'm using ftp $HOME dir as chroot:
ServerType standalone
DeferWelcome off
ServerIdent off
ShowSymlinks on
MultilineRFC2228 on
ListOptions "-F"
TransferLog On
SyslogLevel debug
LogFormat "0.0.0.0 UNKNOWN %u %t \"%r\" %s %b"
Port 21
UseReverseDNS off
IdentLookups off
MaxInstances 5
User nobody
Group nogroup
DefaultRoot ~
Umask 117 007
<Anonymous ~ftp>
User ftp
Group ftp
ExtendedLog /var/log/proftpd.log
UserAlias anonymous ftp
RequireValidShell off
<Directory *>
<Limit WRITE>
DenyAll
</Limit>
<Limit SITE_CHMOD>
DenyAll
</Limit>
</Directory>
<Directory pub/*>
<Limit READ>
AllowAll
</Limit>
<Limit WRITE>
DenyAll
</Limit>
</Directory>
<Directory incoming/*>
<Limit WRITE>
AllowAll
</Limit>
<Limit READ>
DenyAll
</Limit>
<Limit STORE>
AllowAll
</Limit>
</Directory>

</Anonymous>
My idea is to keep a log just to see how much traffic my ftp is on and i would allow writing just in the incoming dir and just download(not write)from the pub,any other suggestion from a security point of view ????
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Proftpd Anonymous Users zaicheke Linux - Networking 1 08-20-2004 11:03 PM
Anonymous SFTP in proftpd vrillusions Linux - Software 1 04-09-2004 03:21 AM
Proftpd and anonymous logins Wynd Linux - Software 5 11-12-2003 11:05 PM
Proftpd Anonymous login sxp03m Red Hat 0 10-28-2003 07:55 AM
Anonymous ProFTPd access tisource Linux - Networking 2 03-04-2003 10:13 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 05:43 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration