Anonymous FTP Should be considered a security concern and should be enabled only if it is absolutely necessary. Also, to allow FTP to work properly in a chroot environment, make sure that the file system containing the FTP home directory is not mounted as nosuid.
- Crear la esctructura de directorio FTP home directory:
mkdir /export/ftp/pub
mkdir /export/ftp/bin
mkdir /export/ftp/dev
mkdir /export/ftp/etc
mkdir /export/ftp/usr
mkdir /export/ftp/usr/lib
- Copiar el binario de ls comand al FTP bin directory:
cp /usr/bin/ls /export/ftp/bin
chmod 111 /export/ftp/bin/ls
- Copiar librerias necesarias dentro del FTP directory:
cp /usr/lib/ld.so* /export/ftp/usr/lib
cp /usr/lib/libc.so.1 /usr/lib/libdl.so.1 /export/ftp/usr/lib
cp /usr/lib/libintl.so.1 usr/lib/libw.so.1 /export/ftp/usr/lib
cp /etc/passwd /etc/group /etc/netconfig /export/ftp/etc
- Copiar archivos necesarios dentro del FTP directory
structure a resolver NIS names:
cp /usr/lib/nss*.so.1 /export/ftp/usr/lib
cp /usr/lib/libnsl.so.1 /export/ftp/usr/lib
cp /usr/lib/straddr.so /export/ftp/usr/lib
cp /etc/nsswitch.conf /export/ftp/etc
- Asignar permisos en /export/ftp/usr/lib y
/export/ftp/etc directories:
chmod 555 /export/ftp/usr/lib/*
chmod 444 /export/ftp/etc/*
- Asignar permisos a los directorios creados:
chmod 555 /export/ftp/usr/lib
chmod 555 /export/ftp/usr
chmod 555 /export/ftp/bin
chmod 555 /export/ftp/dev
chmod 555 /export/ftp/etc
chmod 755 /export/ftp/pub
chmod 555 /export/ftp
- Agregar la siguiente linea en /etc/passwd file:
ftp:x:30000:30000:Anonymous FTP:/export/ftp:/bin/false
- Agregar la siguiente linea en /etc/shadow file:
ftp:NP:6445::::
- Asegurar permisos sean propiedad de root y no de FTP:
chown -R root /export/ftp
- Enjoy
