HPE Community
Operating System - Linux
1829606 Members
1223 Online
109992 Solutions
New Discussion

FTP Server

 
SOLVED
Go to solution
Yuval_1
Occasional Contributor

‎11-15-2003 08:53 PM

‎11-15-2003 08:53 PM

FTP Server

Right, so I need to install an FTP server.
To this date my (own, personal) FTP server (FTP DAEMON) was running from a windows 98, running behind a linux proxy.
I'm not some kind of a computer hotshot, but I do excellent user manual reading. still, I noticed some unauthorized access to my FTP. I don't carry anything worth protecting (Music, Graphics, ASP code script drafts for my site so my budds can help me ) , but I would like to get those occurances to a minimum anyway.

I figured I'd use the Linux proxy I have as my FTP server. Which program should I use? What precautions should I take?
0 Kudos
Reply
6 REPLIES 6
Alexander Chuzhoy
Honored Contributor

‎11-15-2003 09:14 PM

‎11-15-2003 09:14 PM

Solution

Re: FTP Server

You didn't say what version of Linux you run...
Anyway You can install the wu-ftpd but since FTP is not secured (yes you can secure it) unauthorized access still can be found.
to install it - locate the RPMS folder on one of your installation CDs.
Then rpm -Uvh /path/filename
I suggest you to start use the sftp which comes as part of open-sll.
From linux station it's use very simple:
sftp ip_address

and on microsoft machine you need to install third party utility-download it from here:
http://www.softpedia.com/public/cat/10/2/10-2-35.shtml
Reply
Jerome Henry
Honored Contributor

‎11-15-2003 09:45 PM

‎11-15-2003 09:45 PM

Re: FTP Server

Switching your ftp server from m$ to Linux shouldn't solve the unauthorized access problem...
Maybe could you explain who you explicitely want to allow and who to deny (not quoting any real IP if you prefer), along with your Linux version, we'll advise you more precisely.

hth

J
You can lean only on what resists you...
0 Kudos
Reply
Yuval_1
Occasional Contributor

‎11-15-2003 11:01 PM

‎11-15-2003 11:01 PM

Re: FTP Server

I use RedHat 7, and I want to allow the general public to access the image folder, and a group of my close friends to access my ASP code development section. I can't use IP adresses cause they login from all over the place.

0 Kudos
Reply
Jerome Henry
Honored Contributor

‎11-16-2003 12:11 AM

‎11-16-2003 12:11 AM

Re: FTP Server

Hi,

RH 7 uses wu-ftpd, version which is considered as weak. I suggest you turn to proftpd a far more secure and easy to set up server.
Get it from here :
http://proftpd.linux.co.uk/
As you are good doc reader, here is what you need to do :
1. Set up a public directory, everybody (anonymous) being able to read from ther, nobody writes (this is important, if you don't want this directory to become a big kazaa deposit in a few days !)
2. Set up another directory, which access is reserved to authorized people, with login and password. In there, have one dir in which people can read, not write. Then set upa nother sub-directory where people can write and execute, not read. So they will be able to upload to your server (being authenticated), but not see what's inside, you'll decide what to keep and to remove.
The main issue for you is authentication : read :
http://proftpd.linux.co.uk/docs/faq/linked/faq-ch7.html
Then basic set up :
http://proftpd.linux.co.uk/docs/example-conf.html
You'll get examples here.

Don't hesitate to posts questions anyway if some things are not clear, seting up and ftp server for the first time is not really easy.

hth

J
You can lean only on what resists you...
Reply
Steven E. Protter
Exalted Contributor

‎11-16-2003 02:05 AM

‎11-16-2003 02:05 AM

Re: FTP Server

I'm a happy user of wu-ftpd. It is pretty easy to lock down. proftp is good I hear. Red Hat has gone with vsftp, a total re-write that is supposdely very scalable. As Mr. Scoot on the Entperprise liked to say, "The right tool for the right job."

The fastest way to secure wu-ftpd is to install and run Bastille, which helps you do it by answering a series of questions. I've found its easier to secure wu-ftpd than to learn a new server and replace it.

http://www.bastillelinux.org

If you are controlling who accesses the server, then you can think about not using ftp at all. ftp does clear text authentication. openssh http://www.openssh.org uses encrypted authentication.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Martin P.J. Zinser
Honored Contributor

‎11-16-2003 02:26 AM

‎11-16-2003 02:26 AM

Re: FTP Server

Given the scenario you spell out you do want to
setup an anonymous account for access to the
image directory and one or more personal accounts for access to the ASP stuff.

Now, given your description it seems you really only want to give read access to your data. In that case my suggestion is to setup a webserver. Secure the area with the ASP stuff and disable scripting on the server. The advantage of this is that by default a webserver only allows read access to your system while a FTP server allows read and write (and will be used that way if you do not secure it otherwise...)
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.