Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
12-12-2006, 03:10 AM
|
#1
|
Member
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364
Rep:
|
FTP Server
I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>
Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?
Thanks.
|
|
|
12-12-2006, 08:42 PM
|
#2
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Quote:
when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
|
I'm not sure how to trigger that using ftpd software (and in fact you didn't mention which you were using).
As an alternative, you might consider running a clamscan every hour using cron. (This scanner is included with the clamav software.) If your directories / files are too large for this to be practical, I'd suggest a more complex cronjob where you check to see if each directory differs from the last time you checked. If it does, you scan it for viruses.
Last edited by anomie; 12-12-2006 at 08:44 PM.
|
|
|
12-13-2006, 10:16 AM
|
#3
|
Member
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364
Original Poster
Rep:
|
Thanks for your reply. I am using VS FTP.
|
|
|
12-13-2006, 10:22 AM
|
#4
|
Senior Member
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora
Posts: 3,935
Rep:
|
Ok, vsftpd - nice software.
Hopefully one of the two suggestions I made will work out for you.
|
|
|
12-13-2006, 10:54 AM
|
#5
|
Member
Registered: Jul 2004
Location: VIC, Australia
Distribution: RHEL, CentOS, Ubuntu Server, Ubuntu
Posts: 364
Original Poster
Rep:
|
Hmm...ok...thanks.
|
|
|
12-14-2006, 12:42 AM
|
#6
|
Member
Registered: Aug 2004
Location: India
Distribution: Redhat 9.0,FC3,FC5,FC10
Posts: 257
Rep:
|
Hey,
I believe vsftpd has a feature which you can block files of specific content. As in if someone uploads an exe file on the FTP server Vsftpd can block the file off itself.
I quote from http://vsftpd.beasts.org/vsftpd_conf.html
deny_file
This option can be used to set a pattern for filenames (and directory names etc.) which should not be accessible in any way. The affected items are not hidden, but any attempt to do anything to them (download, change into directory, affect something within directory etc.) will be denied. This option is very simple, and should not be used for serious access control - the filesystem's permissions should be used in preference. However, this option may be useful in certain virtual user setups. In particular aware that if a filename is accessible by a variety of names (perhaps due to symbolic links or hard links), then care must be taken to deny access to all the names. Access will be denied to items if their name contains the string given by hide_file, or if they match the regular expression specified by hide_file. Note that vsftpd's regular expression matching code is a simple implementation which is a subset of full regular expression functionality. Because of this, you will need to carefully and exhaustively test any application of this option. And you are recommended to use filesystem permissions for any important security policies due to their greater reliability. Example: deny_file={*.mp3,*.mov,.private}
Default: (none)
Hope this helps...
Cheers
Arvind
|
|
|
12-14-2006, 07:48 AM
|
#7
|
Member
Registered: Jan 2005
Location: Cork Ireland
Distribution: Debian
Posts: 384
Rep:
|
usually people do this thanks to a filtering proxy...
google proposed frox: http://frox.sourceforge.net/
which you should be able to use with clamav.
hope this helps!
|
|
|
12-20-2006, 07:05 PM
|
#8
|
LQ Newbie
Registered: Dec 2006
Posts: 8
Rep:
|
Using anti-virus software , such as kaspersky or f-secure for linux , but both of them are not free.
Quote:
Originally Posted by the_gripmaster
I have a FTP server running on Red Hat Enterprise Linux 4. Every user, when logs in, is chroot-ed to their his/her directory, the path of which is /home/<username>
Now, what I want is, when users upload files to their home directory, a virus scanner would automatically scan the files for malicious content and delete those which contains any such content.
Could anyone please direct me how can I do it? And any good virus scanner as a recommendation?
Thanks.
|
|
|
|
All times are GMT -5. The time now is 04:31 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|