Can any one explain quickly how redhat configures its FTP server. I want to allow a user called ftpuser to ftp in but it wont let me. What do I need to edit?
Thanks
D
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Hi David.
Redhat comes with wu-ftpd which is notoriously insecure and not particularly good. I'd recommend uninstalling it (rpm -e wu-ftpd) and installing proftpd which is much better and less of a security risk. Have got the tarball if you need it. We recently had one of our boxes hacked via a wu-ftpd "site" exploit and it meant a trip down to telehouse with disks in hand for a full rebuild of the machine. Not recommended!
FWIW.
Mark.
----- Original Message ----- From: "David Freeman" david_freeman@rocketmail.com To: alug@stu.uea.ac.uk Sent: Thursday, June 07, 2001 9:59 AM Subject: [Alug] Deadrat Transfers
Can any one explain quickly how redhat configures its FTP server. I want to allow a user called ftpuser to ftp in but it wont let me. What do I need to edit?
Thanks
D
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
_______________________________________________ alug, the Anglian Linux User Group list Send list replies to alug@stu.uea.ac.uk http://www.anglian.lug.org.uk/ http://rabbit.stu.uea.ac.uk/cgi-bin/listinfo/alug See the website for instructions on digest or unsub!
OK, heres a good show stopper.
two machines called a and b
ftp from a to b doesn't work ftp from b to a works
configuration for both machine is identical a==b
So although some HW may differ, all the relevant settings are identicle.
Problems I can handle, inconsistant errors and problems I get annoyed at.
Thanks
D
--- Mark Wilkinson mark@wiggis.com wrote:
Hi David.
Redhat comes with wu-ftpd which is notoriously insecure and not particularly good. I'd recommend uninstalling it (rpm -e wu-ftpd) and installing proftpd which is much better and less of a security risk. Have got the tarball if you need it. We recently had one of our boxes hacked via a wu-ftpd "site" exploit and it meant a trip down to telehouse with disks in hand for a full rebuild of the machine. Not recommended!
FWIW.
Mark.
----- Original Message ----- From: "David Freeman" david_freeman@rocketmail.com To: alug@stu.uea.ac.uk Sent: Thursday, June 07, 2001 9:59 AM Subject: [Alug] Deadrat Transfers
Can any one explain quickly how redhat configures its FTP server. I want to allow a user called ftpuser to ftp in but it wont let me. What do I need to edit?
Thanks
D
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Problem solved.
The ftpusers file in /etc/ is a list of people we don't want loging in, not as I thought, people I do want logging in.
D'oh
Thanks
D
--- David Freeman david_freeman@rocketmail.com wrote:
OK, heres a good show stopper.
two machines called a and b
ftp from a to b doesn't work ftp from b to a works
configuration for both machine is identical a==b
So although some HW may differ, all the relevant settings are identicle.
Problems I can handle, inconsistant errors and problems I get annoyed at.
Thanks
D
--- Mark Wilkinson mark@wiggis.com wrote:
Hi David.
Redhat comes with wu-ftpd which is notoriously insecure and not particularly good. I'd recommend uninstalling it (rpm -e wu-ftpd) and installing proftpd which is much better and less of a security risk. Have got the tarball if you need it. We recently had one of our boxes hacked via a wu-ftpd "site" exploit and it meant a trip down to telehouse with disks in hand
for
a full rebuild of the machine. Not recommended!
FWIW.
Mark.
----- Original Message ----- From: "David Freeman" david_freeman@rocketmail.com
__________________________________________________ Do You Yahoo!? Get personalized email addresses from Yahoo! Mail - only $35 a year! http://personal.mail.yahoo.com/
Mark Wilkinson wrote:
Hi David.
Redhat comes with wu-ftpd which is notoriously insecure and not particularly good.
yes redhat does come with wu-ftp, it has been insecure in the past.. but so have a lot of things (sendmail/apache/bind)... it seems stable(ish) now ;)..
I'd recommend uninstalling it (rpm -e wu-ftpd) and installing proftpd which is much better and less of a security risk.
yup, I'd go with that, proftpd is 'better' in my view (easier to configure etc...) although I would not like to say wether it is less of a security risk...
Have got the tarball if you need it. We recently had one of our boxes hacked via a wu-ftpd "site" exploit and it meant a trip down to telehouse with disks in hand for a full rebuild of the machine. Not recommended!
did you keep the machine upto date with the security patches ;)..
Neill
FWIW.
Mark.