cancel
Showing results for 
Search instead for 
Did you mean: 

restrict ftp services

unixadmin_1
Frequent Advisor

restrict ftp services

The FTP service was active on the system. If powerful useraccounts are allowed to log on via FTP, the system resources and information are unnecessarily exposed to unauthorised access, tampering and damage. Passwords transmitted via FTP are sent in clear text, which increases the possibility of these passwords being intercepted and logged by “sniffer” software. The information thus obtained could then be used to gain unauthorised access to the system via other, less restrictive services.
6 REPLIES
Pete Randall
Outstanding Contributor

Re: restrict ftp services

If you have a question(s), would you please ask it (or them)? Re-stating accepted security practices doesn't really seem to accomplish much.


Pete

Pete
Ganesan R
Honored Contributor

Re: restrict ftp services

Hi,

This case you should go far ssh with sftp and chroot configuration.
Best wishes,

Ganesh.
yulianto piyut
Valued Contributor

Re: restrict ftp services

to restrcit ftp access, u can use tcpwrapper. just mention the ip address allowed to make ftp to your server in /etc/hosts.allow and /etc/hosts.deny. to secure, disable ftp service in /etc/inetd.conf and ask user to use sftp service.
unixadmin_1
Frequent Advisor

Re: restrict ftp services

is there any procedure or command for restricting services for unauthorised access to the system...Thank you
Johnson Punniyalingam
Honored Contributor

Re: restrict ftp services

>>is there any procedure or command for restricting services for unauthorised access to the system...Thank you<<

That's why people now days do not use "ftp' service anymore, Due to securety issues,

All Organisation adviced to use only "sftp" secured sftp service, by disabling the ftp and enabling "sftp" services.

>>restricting services for unauthorised <<

You follow with many ways.

1. Creating "anoynums" ftp access only
2. creating ftp.allow.file and ftp.deny.file
3. blocking the ips by specify the ip address range in the /var/adm/inetd.sec
Example:-
ftp allow 192.168.1.1
ftp deny 192.168.1.2

(Most Recommended Action to avoid ftp and use sftp)

Thanks,
Johnson
Problems are common to all, but attitude makes the difference
unixadmin_1
Frequent Advisor

Re: restrict ftp services

Thanks