Stop Microsoft
Operating Systems => Linux and UNIX => Topic started by: fuckoffmicrosoft on 27 September 2002, 00:37
-
Ive read about these questions before posting but to no avail
1. How Do I keep A person From seeing all the folders when they log into account via FTP
2. Whats a good free virus scanner
3. ssl exactly what is it and is it a must for starting out?
4. Should I trust the firewall that comes with linux or get another one?
5. I have a 768/768 connection Vdsl whats the maximum number of connections i can have? <--- just approx. figure
Thanx guys
-
there is NO "virus" for Linux. therefore there is no "virus" scanner.
-
quote:
Originally posted by The Master of Reality / Bob:
there is NO "virus" for Linux. therefore there is no "virus" scanner.
I need for server to make sure no one upload virus and pass it on
-
quote:
Originally posted by fuckoffmicrosoft:
Ive read about these questions before posting but to no avail
1. How Do I keep A person From seeing all the folders when they log into account via FTP
2. Whats a good free virus scanner
3. ssl exactly what is it and is it a must for starting out?
4. Should I trust the firewall that comes with linux or get another one?
5. I have a 768/768 connection Vdsl whats the maximum number of connections i can have? <--- just approx. figure
Thanx guys
1. why do you want FTP? FTP is a probable insecure protocol for sharing files. There is serious risks involved with running FTP. If you are running it only for your network than i suggest using SCP to share file between computer or SFTP if you really want an ftp server. They are SSH tools for secure ftp and cp (copying) across networks or internet.
3. SSL is secure socket layer. It imploys 3 level protection for information going across the internet through a web browser. SSL is a three-tiered method that employs RSA and DES athentication, as well as additional MD5 integretity checking.You must install SSL in your webserver if you want to use it on yer website. At conenction time of a client to the webserver they define and exchange a secret key which is used to encrypt the traffik between them. It is definatley not a must if you are starting a webserver unless you plan to be taking confidential information from people (such as credit card numbers).
4. There is a lot of firewalls you can dl and isntall. I wrote my own firewall using ipchains (i also used iptables to create one). Do "man iptables" and "man ipchains". Also Search for a thread in the linux forum by the name of "Simple ipchains question".
5. are you talking about the ultimate number of connections between it and anything? Or between the internet and a webserver??
-
quote:
Originally posted by fuckoffmicrosoft:
I need for server to make sure no one upload virus and pass it on
i recomend against running an anonymous FTP server on the internet. It is also more likely that script kiddies will store lots of warez on your server than viru and trojans.
-
ftp is for accounts only no anoynomous ftp im starting free hosting to begin with
5. im talking on like webserver basis
-
5. Apache's default is usually good (i'm assuming you use apache). I run my webserver on a 166MHz with 32MB of RAM and apaches default is just fine for it.
If you want an account based ftp than i recomend SFTP which uses ssh technology to encrypt the data flow. FTP account passwords are sent in plaintext and therefore can be easily sniffed. SFTP can be encrypted in many different encryption algorithims such as IDEA, DES, Blowfish, two-fish, RSA and a couple others.
-
5. my setu
900 mz
448 meg ram
60 gig drive
768/768
using linux
so this is good setup, no?
[ September 26, 2002: Message edited by: fuckoffmicrosoft ]
-
thats an excellant webserver.
-
thank you for answers but how do i keep person in a certain directory?
-
I never set up an ftp server in Linux, but from what I remember setting up Bulletproof FTP server in Windows, I assume in lInux too you can assign one or more directories to a particular account.
the account then only has access to the dirs you assign to it.
-
ummmmmmm..... i think you must chroot the person into a certain directory. "man chroot" but it basically makes whatever directory you want be the users "root" directory, so they cannot go any further down than where you chroot them. you might create a directory like /var/www/usrs/bob and chroot bob into that directory.
-
quote:
Originally posted by The Master of Reality / Bob:
ummmmmmm..... i think you must chroot the person into a certain directory. "man chroot" but it basically makes whatever directory you want be the users "root" directory, so they cannot go any further down than where you chroot them. you might create a directory like /var/www/usrs/bob and chroot bob into that directory.
:confused: do i chroot the dir or the user or both. and the command would be "man chroot blah blah"
-
heres what i got and it did nothing
> dir
bin dev home lib opt root tmp var
boot etc initrd mnt proc sbin usr
> cd /var/www/html
> man chroot insane
CHROOT(1) FSF CHROOT(1)
N�NA�AM�ME�E
chroot - run command or interactive shell with special
root directory
S�SY�YN�NO�OP�PS�SI�IS�S
c�ch�hr�ro�oo�ot�t _�N_�E_�W_�R_�O_�O_�T [_�C_�O_�M_�M_�A_�N_�D...]
c�ch�hr�ro�oo�ot�t _�O_�P_�T_�I_�O_�N
D�DE�ES�SC�CR�RI�IP�PT�TI�IO�ON�N
Run COMMAND with root directory set to NEWROOT.
-�--�-h�he�el�lp�p display this help and exit
-�--�-v�ve�er�rs�si�io�on�n
output version information and exit
If no command is given, run ``${SHELL} -�-i�i'' (default:
/bin/sh).
A�AU�UT�TH�HO�OR�R
Written by Roland McGrath.
R�RE�EP�PO�OR�RT�TI�IN�NG�G B�BU�UG�GS�S
Report bugs to <[email protected]>.
C�CO�OP�PY�YR�RI�IG�GH�HT�T
Copyright
-
well... you may not want to use chroot.
The "man" command will show the manual page for whatever command you put after "man" so "man chroot" will show the manual page for chroot.
You dont want to chroot the directory though or you would have to move any executables that you want the user to run (such as "ls") you would have to put in the directory that is chrooted.
you might want to search google for documentation on FTP servers.
-
well... "ftp" is just a program to access ftp servers and isnt an ftp server. If you really wanted to run an FTP server you would have to download and install something like ProFTPD or isntall SSH and use sftp. You can also use something like sslftp which utilizes SSL through FTP.
-
i recommend that if you really want FTP just run SSH and uncomment this line in /etc/ssh/sshd_config:
# subsystem-sftp sftp-server
if you do that than anyone else with ssh installed can run "sftp" to ftp to your server. Of course they must ahve a user account at your server.
The User acounts for ftp (or sftp) users are jsut like any other users on your system. They will (should) not be able to change any configuration files and can only run certain commands through sftp. This should be relatively safe. You would have to add users manually with the "useradd" command and then make sure that they have strong passwords.
-
I would and do use FTP for the purposes of what you are trying to do. You can do this with wu-ftpd or with proftpd. I would suggest proftpd as it uses an Apache like configuration file. You would set up semi-anonymous user accounts where the users can only access one specific directory or a specific subdirectory under each of the home directories depending on how you want to configure it. They will not be able to see anything above those directory levels that you give them access too. See http://www.proftpd.org/ (http://www.proftpd.org/) for more info.
As far as virus scanners. Most of the major virus vendors have Linux versions of their software specifically for this purpose. You could have it scan each file that is uploaded. Once you get proftpd working let me know if you need more help on the virus part and I will help you.
ssl stands for "Secure Socket Layer". It's just a method for encrypting many common tcp/ip services. For example it turns "http" (unencrypted) into https (encrypted) and imap (unencrypted) into imaps (encrypted).
Linux has outstanding firewall capabilities. Of course a firewall does you no good if the services that you advertise are exploitable. It is key to make sure you keep any software that is exposed to the internet up to date with any security patches, and to have those services securely configured. Apache, openssl, PHP, ftpd, or any other service you expose need to be monitored and kept up to date.
The number of connections is not limited by bandwidth directly. The number of connections would be determined by what type of connections they are and the power/memory capabilities of your server. A single connection could consume your entire bandwidth depending on what type of connection you are referring to. Yet 1000 connections may only consume a fraction of the bandwidth.
[ September 26, 2002: Message edited by: void main ]
-
I am running ProFTP on my Slackware machine.
-
wow just found a good tutorial on this but man talk about outdated, but im goin to try it anyway
thanx for the input
-
All of your questions about restricting a user to a specific directory in proftpd is in the FAQ. It really is stupid simple. It is more secure to give them an FTP-only account and not let them have shell access if at all possible.
See question #12 and/or #13:
http://www.proftpd.org/docs/faq/linked/faq-ch5.html (http://www.proftpd.org/docs/faq/linked/faq-ch5.html)
[ September 27, 2002: Message edited by: void main ]
-
whoop whoop :D
-
quote:
Originally posted by void main:
It is more secure to give them an FTP-only account and not let them have shell access if at all possible.
[ September 27, 2002: Message edited by: void main ]
as long as you make sure to not allow certain users on ftp (such as root, uucp, mail, etc) in your /etc/ftpusers file.
-
there are several anti virus scanners for linux
-
quote:
Originally posted by HPC GUY:
there are several anti virus scanners for linux
To be more specific they are anti-virus scanners for Windows that run under Linux. So you can scan windows files if you are using your Linux machine as a Windows file server. Virus scanners for Linux viruses would no doubt be a money losing application.
-
quote:
Originally posted by The Master of Reality / Bob:
there is NO "virus" for Linux. therefore there is no "virus" scanner.
Such arrogance can lead to ones downfall.
McAfee finds first known Linux virus 2/10/97 (http://news.zdnet.co.uk/story/0,,t269-s2065135,00.html)
Redhat Virus (http://news.bbc.co.uk/2/hi/sci/tech/1123827.stm)
"Lax security measures have been blamed for the rash of infections. The three loopholes that the Redhat worm exploits have been known about for months and patches for them have been available for almost as long. Redhat itself issued a patch in September last year."
Better safe then sorry, I'd think
[ September 28, 2002: Message edited by: fett101 ]
-
quote:
Originally posted by fett101:
[QB]McAfee finds first known Linux virus 2/10/97 (http://news.zdnet.co.uk/story/0,,t269-s2065135,00.html)
[/QB
I dont understand how this would cause much destruction unless it is ran as root and if it can be run as root by itself then there must be a serious flaw somewhere in Linux.
quote:
http://news.bbc.co.uk/2/hi/sci/tech/1123827.stm
there is a difference between worms, viru, and trojans.