Web hosting
Ver »
Páginas Web
Ver »
Soporte UNIX
Ver »
Ver »

Setup Anonymous FTP

Anonymous FTP Should be considered a security concern and should be enabled only if it is absolutely necessary. Also, to allow FTP to work properly in a chroot environment, make sure that the file system containing the FTP home directory is not mounted as nosuid.

  1. Crear la esctructura de directorio FTP home directory:
    mkdir /export/ftp/pub
    mkdir /export/ftp/bin
    mkdir /export/ftp/dev
    mkdir /export/ftp/etc
    mkdir /export/ftp/usr
    mkdir /export/ftp/usr/lib
  2. Copiar el binario de ls comand al  FTP bin directory:
    cp /usr/bin/ls /export/ftp/bin
    chmod 111 /export/ftp/bin/ls
  3. Copiar librerias necesarias dentro del  FTP directory:
    cp /usr/lib/* /export/ftp/usr/lib
    cp /usr/lib/ /usr/lib/ /export/ftp/usr/lib
    cp /usr/lib/ usr/lib/ /export/ftp/usr/lib
    cp /etc/passwd /etc/group /etc/netconfig /export/ftp/etc
  4. Copiar archivos necesarios dentro del FTP directory structure a resolver  NIS names:
    cp /usr/lib/nss*.so.1 /export/ftp/usr/lib
    cp /usr/lib/ /export/ftp/usr/lib
    cp /usr/lib/ /export/ftp/usr/lib
    cp /etc/nsswitch.conf /export/ftp/etc
  5. Asignar permisos en  /export/ftp/usr/lib y /export/ftp/etc directories:
    chmod 555 /export/ftp/usr/lib/*
    chmod 444 /export/ftp/etc/*
  6. Asignar permisos a los directorios creados:
    chmod 555 /export/ftp/usr/lib
    chmod 555 /export/ftp/usr
    chmod 555 /export/ftp/bin
    chmod 555 /export/ftp/dev
    chmod 555 /export/ftp/etc
    chmod 755 /export/ftp/pub
    chmod 555 /export/ftp
  7. Agregar la siguiente linea en  /etc/passwd file:
    ftp:x:30000:30000:Anonymous FTP:/export/ftp:/bin/false
  8. Agregar la siguiente linea en  /etc/shadow file:
  9. Asegurar permisos sean propiedad de root y no de FTP:
    chown -R root /export/ftp
  10.  Enjoy


Random TIPS


Information provided by the Sans Institute:
The ten most commonly exploited UNIX vulnerabilities?
Poor system administration practices
Reusable/poor passwords
Flawed SUID programs (e.g., rdist, binmail)
HTTP servers and CGI application vulnerabilities
Default "+" entries in the /etc/hosts.equiv file
NFS/NIS vulverabilities sendmail program bugs
Buffer overruns (e.g., gets(), syslog())
SUID shell scripts

free counters