HPE Community
Operating System - HP-UX
1847585 Members
2961 Online
110265 Solutions
New Discussion

FTP

 
Jessie Jackson
Occasional Contributor

‎12-13-2001 01:36 PM

‎12-13-2001 01:36 PM

FTP

I am running 11.0 and need to set up FTP access for a certain user that will be dropping files into my system for processing. Does someone have a checklist or procedures that I can use to do this as painless and securely as possible?????
0 Kudos
Reply
4 REPLIES 4
Craig Rants
Honored Contributor

‎12-13-2001 02:31 PM

‎12-13-2001 02:31 PM

Re: FTP

If you are going to use anonymous ftp I have a little security checklist:

How to Know if your Anonymous FTP Server is secure

This section is intended for the administrator to go down a small check
list of things to make sure his server is not easily compromised.

a) Check to make sure your ftp server does not have SITE EXEC command by
telneting to port 21 and typing SITE EXEC. If your ftp daemon has SITE EXEC
make sure it is the most current version (ie, Wu-FTP 2.4). In older versions
this allows anyone to gain shell via port 21.

b) Check to make sure no one can log in and make files or directories in the
main directory. If anyone can log in as anonymous FTP and make files such as
.rhosts and .forward, instant access is granted to any intruder.

c) Check to make sure the main directory is NOT owned by ftp. If it is
owned by FTP, an intruder could SITE CHMOD 777 the main directory and then
plant files to give him instant access. SITE CHMOD command should be removed
because anonymous users do not need any extra priviledges.

d) Check to make sure NO files or directories are owned by ftp. If they are,
it is possible an intruder could replace them with his own trojan versions.

e) There were several bugs in old daemons, so it is very important to make
sure you are running the most current ftp daemons.


GL,
C
"In theory, there is no difference between theory and practice. But, in practice, there is. " Jan L.A. van de Snepscheut
0 Kudos
Reply
Michael Tully
Honored Contributor

‎12-13-2001 02:37 PM

‎12-13-2001 02:37 PM

Re: FTP

Hi,

The easiest way is to set up an account that
does 'ftp' only for that user.

An example of how this user look in /etc/passwd
as below

ftpuser:hhsInUGG0TZ0c,A/rN:105:20:FTP:/home/FTP:/usr/bin/false

Add an entry to /etc/shells file

/usr/bin/false

HTH
-Michael
Anyone for a Mutiny ?
0 Kudos
Reply
Dave La Mar
Honored Contributor

‎12-19-2001 11:54 AM

‎12-19-2001 11:54 AM

Re: FTP

For an ftp only user, I used the following two docs -
A5651654
NR0801KBRC00007714
Simple, straight forward.
Even a dummy like me could follow this.
dl
(search by document)
"I'm not dumb. I just have a command of thoroughly useless information."
0 Kudos
Reply
Sanjay_6
Honored Contributor

‎12-19-2001 11:58 AM

‎12-19-2001 11:58 AM

Re: FTP

Hi Jessie,

Try this link to create a restricted ftp user,

http://us-support2.external.hp.com/cki/bin/doc.pl/sid=125935fb0fb42fb91e/screen=ckiDisplayDocument?docId=200000057370859

Ans this to log all user activities when using ftp,

http://us-support2.external.hp.com/cki/bin/doc.pl/sid=125935fb0fb42fb91e/screen=ckiDisplayDocument?docId=200000015093169

Hope this helps.

Regds
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.