[2422] in linux-security and linux-alert archive


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

More secure wu-ftpd

daemon@ATHENA.MIT.EDU (Pantalache Dalis-Adrian)
Wed Aug 16 20:21:44 2000

Date: Mon, 14 Aug 2000 08:50:16 +0300 (EEST)
From: Pantalache Dalis-Adrian <dalis@electron.upit.ro>
To: linux-security@redhat.com
Message-ID: <Pine.LNX.4.21.0008140824070.837-100000@electron.upit.ro>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Errors-To: linux-security-admin@redhat.com

class   local   real,guest,anonymous  xxx.xxx.xxx.xxx
class   intern   real,guest,anonymous xxx.xxx.xxx.xxx
class   extern  anonymous *

#fake passwd :)
# noretrieve /etc/passwd
# noretrieve /etc/shaddow


deny 194.102.92.* /etc/mesaj/denymsg
deny 193.230.84.64 /etc/mesaj/msg.local
deny 192.162.1.1 /etc/mesaj/msg.local


limit   local      0  Any             /etc/mesaj/msg.local
limit   intern              25  Any             /etc/mesaj/msg.preamultzi
limit   extern        5  Any             /etc/mesaj/msg.preamultzi


loginfails 3
greeting brief
#banner /etc/mesaj/banner1
compress        yes     guest,anonymous
tar             yes     guest,anonymous
chmod           no      guest,anonymous
delete          no      guest,anonymous
overwrite       no      guest,anonymous
rename          no      guest,anonymous
mkdir           no      guest,anonymous
upload          no      guest,anonymous
chmod           no      guest,anonymous
umask           no      guest,anonymous
compress        yes     real
tar             yes     real
chmod           yes     real
delete          yes     real
overwrite       yes     real
rename          yes     real


log transfers   guest,real,anonymous    inbound,outbound
shutdown /etc/shutmsg
passwd-check rfc822 enforce


#Filtering non ascii character
path-filter anonymous /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt guest
path-filter gest /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt. users
path-filter real /etc/mesaj/pathmsg ^[-A-Za-z0-9\._-]*$
#This line protect  me wen a bug shown in wu-ftp2.4  2.5 2.6



# specify the upload directory information
upload  /home/ftp  *            no      nobody   nogroup 0000 nodirs
upload  /var/ftp  /bin          no
upload  /var/ftp  /etc          no
upload  /home/ftp  /incoming    yes     ftp   ftp 440 nodirs

#protecting for long line max 3
site-exec-max-lines 3 all
dns refuse_mismatch /etc/mesaj/dns.msg
dns refuse_no_reverse /etc/mesaj/dns2.msg

#chroot
guest-root /home *
restricted-uid %100-499 %501-999




-- 
Pantalache Dalis-Adrian
+---------------------------------+
|	 Linux Sysadmin           |
|                                 |
| http://electron.upit.ro/~dalis  |
| dalis@electron.upit.ro          |
| dalis@agersystems.ro            |
+---------------------------------+



_______________________________________________
Linux-security mailing list
Linux-security@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-security


home	help	back	first	fref	pref	prev	next	nref	lref	last	post

[2422] in linux-security and linux-alert archive

More secure wu-ftpd

daemon@ATHENA.MIT.EDU (Pantalache Dalis-Adrian)Wed Aug 16 20:21:44 2000

daemon@ATHENA.MIT.EDU (Pantalache Dalis-Adrian)
Wed Aug 16 20:21:44 2000