topic Re: FTP Server in Operating System - Linux

FTP Server

Yuval_1 — Sun, 16 Nov 2003 04:53:57 GMT

Right, so I need to install an FTP server.
To this date my (own, personal) FTP server (FTP DAEMON) was running from a windows 98, running behind a linux proxy.
I'm not some kind of a computer hotshot, but I do excellent user manual reading. still, I noticed some unauthorized access to my FTP. I don't carry anything worth protecting (Music, Graphics, ASP code script drafts for my site so my budds can help me ) , but I would like to get those occurances to a minimum anyway.

I figured I'd use the Linux proxy I have as my FTP server. Which program should I use? What precautions should I take?

Re: FTP Server

Alexander Chuzhoy — Sun, 16 Nov 2003 05:14:08 GMT

You didn't say what version of Linux you run...
Anyway You can install the wu-ftpd but since FTP is not secured (yes you can secure it) unauthorized access still can be found.
to install it - locate the RPMS folder on one of your installation CDs.
Then rpm -Uvh /path/filename
I suggest you to start use the sftp which comes as part of open-sll.
From linux station it's use very simple:
sftp ip_address

and on microsoft machine you need to install third party utility-download it from here:
http://www.softpedia.com/public/cat/10/2/10-2-35.shtml

Re: FTP Server

Jerome Henry — Sun, 16 Nov 2003 05:45:02 GMT

Switching your ftp server from m$ to Linux shouldn't solve the unauthorized access problem...
Maybe could you explain who you explicitely want to allow and who to deny (not quoting any real IP if you prefer), along with your Linux version, we'll advise you more precisely.

hth

J

Re: FTP Server

Yuval_1 — Sun, 16 Nov 2003 07:01:17 GMT

I use RedHat 7, and I want to allow the general public to access the image folder, and a group of my close friends to access my ASP code development section. I can't use IP adresses cause they login from all over the place.

Re: FTP Server

Jerome Henry — Sun, 16 Nov 2003 08:11:11 GMT

Hi,

RH 7 uses wu-ftpd, version which is considered as weak. I suggest you turn to proftpd a far more secure and easy to set up server.
Get it from here :
http://proftpd.linux.co.uk/
As you are good doc reader, here is what you need to do :
1. Set up a public directory, everybody (anonymous) being able to read from ther, nobody writes (this is important, if you don't want this directory to become a big kazaa deposit in a few days !)
2. Set up another directory, which access is reserved to authorized people, with login and password. In there, have one dir in which people can read, not write. Then set upa nother sub-directory where people can write and execute, not read. So they will be able to upload to your server (being authenticated), but not see what's inside, you'll decide what to keep and to remove.
The main issue for you is authentication : read :
http://proftpd.linux.co.uk/docs/faq/linked/faq-ch7.html
Then basic set up :
http://proftpd.linux.co.uk/docs/example-conf.html
You'll get examples here.

Don't hesitate to posts questions anyway if some things are not clear, seting up and ftp server for the first time is not really easy.

hth

J

Re: FTP Server

Steven E. Protter — Sun, 16 Nov 2003 10:05:34 GMT

I'm a happy user of wu-ftpd. It is pretty easy to lock down. proftp is good I hear. Red Hat has gone with vsftp, a total re-write that is supposdely very scalable. As Mr. Scoot on the Entperprise liked to say, "The right tool for the right job."

The fastest way to secure wu-ftpd is to install and run Bastille, which helps you do it by answering a series of questions. I've found its easier to secure wu-ftpd than to learn a new server and replace it.

http://www.bastillelinux.org

If you are controlling who accesses the server, then you can think about not using ftp at all. ftp does clear text authentication. openssh http://www.openssh.org uses encrypted authentication.

SEP

Re: FTP Server

Martin P.J. Zinser — Sun, 16 Nov 2003 10:26:57 GMT

Given the scenario you spell out you do want to
setup an anonymous account for access to the
image directory and one or more personal accounts for access to the ASP stuff.

Now, given your description it seems you really only want to give read access to your data. In that case my suggestion is to setup a webserver. Secure the area with the ASP stuff and disable scripting on the server. The advantage of this is that by default a webserver only allows read access to your system while a FTP server allows read and write (and will be used that way if you do not secure it otherwise...)