Hardening ftp server & customizing ftp server on Solaris

• Previous message: Peter Junker: "Remote Execution of Solaris Management Console on a Linux Box through a SSH Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Date: Mon, 30 May 2005 10:58:31 +0800 (CST)
To: sunmanagers@sunmanagers.org

Hi,
 
I need to harden our Solaris ftp server - any url or
guide you can point me to is appreciated.
 
In particular I need to address the following :
In particular, I'll need to know how we could :
a)after login to individual user's home directory
  (eg: /home/user11, /home/user12), 'pwd' command
  will display "/" instead of "/home/user11" in
  the example below
b)if we do chroot (ie "cd /"), it will bring the
  user to his actual home directory /home/user11
  instead of going to the actual /
c)how does Sun set up "sunsolve.sun.com" ftp site
  for anonymous user access to dump their core files
  there such that after you've "put" the file in,
  other users who login using the same id anonymous
  won't be able to "get" the file. Even if I'm the
  one who created the dump file, I won't be able to
  delete/overwrite/get it subsequently if I login
  using the same anonymous id - believe this has
  to do with some sticky/sgid settings (or it's some
  ftp server setting?)
d)I've tried inserting "UMASK=555" into /etc/default/ftpd
  & a banner into this same file - when I ftp into
  the ftp Sun server, don't see the banner & somehow
  the permission of the file created is -w--w--w-
  Looks like what I've done on ftpd do not work
ftp>
ftp> pwd
257 "/home/user11" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
hello
local.cshrc
local.login
local.profile
226 Transfer complete.
107 bytes received in 0.019 seconds (5.36 Kbytes/s)
ftp>
ftp> cd /
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
core
ftp.log
man.sendmail.tar
noautoshutdown
postinstall_pkgmap
preinstall_pkgmap
vpd.properties
226 Transfer complete.
104 bytes received in 0.012 seconds (8.23 Kbytes/s)
ftp>
 
 
 
Thanks
G Sun
 

 Yahoo! Mobile
- Download the latest ringtones, games, and more!
_______________________________________________
sunmanagers mailing list
sunmanagers@sunmanagers.org
http://www.sunmanagers.org/mailman/listinfo/sunmanagers

• Previous message: Peter Junker: "Remote Execution of Solaris Management Console on a Linux Box through a SSH Tunnel"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Relevant Pages Re: Microsoft FTP Server problem on W2K? ... It is a UNISYS ClearPath mainframe system that is trying to FTP using ... passive mode to a MS FTP server. ... Currently the mainframe FTPs in ACTIVE mode. ... Since the mainframe pushes files to our customers over a WAN connection, ... (microsoft.public.inetserver.iis.security) RE: FTP Upload ... FTP server to the following specified size. ... //set or get the remote path of the FTP server that you want to connect. ... //set the class MessageString. ... (microsoft.public.dotnet.framework.aspnet) Re: FTP Upload ... FTP server to the following specified size. ... //set or get the remote path of the FTP server that you want to connect. ... //set the class MessageString. ... (microsoft.public.dotnet.framework.aspnet) RE: vsftpd beginners tutorial? ... # This file was created to illustrate the steps needed to create a new FTP ... Why vsftpd as this FTP Server? ... System software customization considerations. ... User and Group Configuration ... (RedHat) Re: IPSwitch, Inc. WS_FTP Server ... > bounce attack as well as PASV connection hijacking. ... > The FTP bounce vulnerability allows a remote attacker to cause the ... > anonymously along with any internal addresses that the FTP server has ... That means it's got to handle a PORT ... (Bugtraq)