Author Topic: Several Questions  (Read 1145 times)

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Several Questions
« Reply #15 on: 27 September 2002, 04:29 »
well... "ftp" is just a program to access ftp servers and isnt an ftp server. If you really wanted to run an FTP server you would have to download and install something like ProFTPD or isntall SSH and use sftp. You can also use something like sslftp which utilizes SSL through FTP.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Several Questions
« Reply #16 on: 27 September 2002, 04:36 »
i recommend that if you really want FTP just run SSH and uncomment this line in /etc/ssh/sshd_config:
# subsystem-sftp       sftp-server

if you do that than anyone else with ssh installed can run "sftp" to ftp to your server. Of course they must ahve a user account at your server.

The User acounts for ftp (or sftp) users are jsut like any other users on your system. They will (should) not be able to change any configuration files and can only run certain commands through sftp. This should be relatively safe. You would have to add users manually with the "useradd" command and then make sure that they have strong passwords.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Several Questions
« Reply #17 on: 27 September 2002, 06:19 »
I would and do use FTP for the purposes of what you are trying to do. You can do this with wu-ftpd or with proftpd. I would suggest proftpd as it uses an Apache like configuration file. You would set up semi-anonymous user accounts where the users can only access one specific directory or a specific subdirectory under each of the home directories depending on how you want to configure it. They will not be able to see anything above those directory levels that you give them access too. See http://www.proftpd.org/ for more info.

As far as virus scanners. Most of the major virus vendors have Linux versions of their software specifically for this purpose. You could have it scan each file that is uploaded. Once you get proftpd working let me know if you need more help on the virus part and I will help you.

ssl stands for "Secure Socket Layer". It's just a method for encrypting many common tcp/ip services. For example it turns "http" (unencrypted) into https (encrypted) and imap (unencrypted) into imaps (encrypted).

Linux has outstanding firewall capabilities. Of course a firewall does you no good if the services that you advertise are exploitable. It is key to make sure you keep any software that is exposed to the internet up to date with any security patches, and to have those services securely configured. Apache, openssl, PHP, ftpd, or any other service you expose need to be monitored and kept up to date.

The number of connections is not limited by bandwidth directly. The number of connections would be determined by what type of connections they are and the power/memory capabilities of your server. A single connection could consume your entire bandwidth depending on what type of connection you are referring to. Yet 1000 connections may only consume a fraction of the bandwidth.

[ September 26, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Several Questions
« Reply #18 on: 27 September 2002, 08:00 »
I am running ProFTP on my Slackware machine.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

fuckoffmicrosoft

  • Member
  • **
  • Posts: 73
  • Kudos: 0
    • http://jeujeu.ath.cx
Several Questions
« Reply #19 on: 27 September 2002, 18:53 »
wow just found a good tutorial on this but man talk about outdated, but im goin to try it anyway
thanx for the input

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Several Questions
« Reply #20 on: 27 September 2002, 20:16 »
All of your questions about restricting a user to a specific directory in proftpd is in the FAQ. It really is stupid simple. It is more secure to give them an FTP-only account and not let them have shell access if at all possible.

See question #12 and/or #13:
http://www.proftpd.org/docs/faq/linked/faq-ch5.html

[ September 27, 2002: Message edited by: void main ]

Someone please remove this account. Thanks...

fuckoffmicrosoft

  • Member
  • **
  • Posts: 73
  • Kudos: 0
    • http://jeujeu.ath.cx
Several Questions
« Reply #21 on: 27 September 2002, 20:49 »
whoop whoop  :D

Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Several Questions
« Reply #22 on: 28 September 2002, 00:28 »
quote:
Originally posted by void main:
It is more secure to give them an FTP-only account and not let them have shell access if at all possible.
[ September 27, 2002: Message edited by: void main ]


as long as you make sure to not allow certain users on ftp (such as root, uucp, mail, etc) in your /etc/ftpusers file.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'

HPC GUY

  • Member
  • **
  • Posts: 275
  • Kudos: 101
Several Questions
« Reply #23 on: 28 September 2002, 03:07 »
there are several anti virus scanners for linux
"if i destroyed you, i would only be perpetuating your legacy" - Me

voidmain

  • VIP
  • Member
  • ***
  • Posts: 5,605
  • Kudos: 184
    • http://voidmain.is-a-geek.net/
Several Questions
« Reply #24 on: 28 September 2002, 06:17 »
quote:
Originally posted by HPC GUY:
there are several anti virus scanners for linux


To be more specific they are anti-virus scanners for Windows that run under Linux. So you can scan windows files if you are using your Linux machine as a Windows file server. Virus scanners for Linux viruses would no doubt be a money losing application.
Someone please remove this account. Thanks...

Fett101

  • VIP
  • Member
  • ***
  • Posts: 1,581
  • Kudos: 85
    • http://fgmma.com
Several Questions
« Reply #25 on: 28 September 2002, 10:24 »
quote:
Originally posted by The Master of Reality / Bob:
there is NO "virus" for Linux. therefore there is no "virus" scanner.


Such arrogance can lead to ones downfall.

McAfee finds first known Linux virus  2/10/97

Redhat Virus

"Lax security measures have been blamed for the rash of infections. The three loopholes that the Redhat worm exploits have been known about for months and patches for them have been available for almost as long. Redhat itself issued a patch in September last year."

Better safe then sorry, I'd think

[ September 28, 2002: Message edited by: fett101 ]


Master of Reality

  • VIP
  • Member
  • ***
  • Posts: 4,249
  • Kudos: 177
    • http://www.bobhub.tk
Several Questions
« Reply #26 on: 28 September 2002, 18:03 »
quote:
Originally posted by fett101:
[QB]McAfee finds first known Linux virus  2/10/97
[/QB

I dont understand how this would cause much destruction unless it is ran as root and if it can be run as root by itself then there must be a serious flaw somewhere in Linux.

 
quote:
http://news.bbc.co.uk/2/hi/sci/tech/1123827.stm

there is a difference between worms, viru, and trojans.
Disorder | Rating
Paranoid: Moderate
Schizoid: Moderate
Linux User #283518
'It takes more than a self-inflicted gunshot wound to the head to stop Bob'