[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]

More secure wu-ftpd

From: Pantalache Dalis-Adrian <dalis electron upit ro>
To: linux-security redhat com
Subject: More secure wu-ftpd
Date: Mon, 14 Aug 2000 08:50:16 +0300 (EEST)

class   local   real,guest,anonymous  xxx.xxx.xxx.xxx
class   intern   real,guest,anonymous xxx.xxx.xxx.xxx
class   extern  anonymous *

#fake passwd :)
# noretrieve /etc/passwd
# noretrieve /etc/shaddow


deny 194.102.92.* /etc/mesaj/denymsg
deny 193.230.84.64 /etc/mesaj/msg.local
deny 192.162.1.1 /etc/mesaj/msg.local


limit   local      0  Any             /etc/mesaj/msg.local
limit   intern              25  Any             /etc/mesaj/msg.preamultzi
limit   extern        5  Any             /etc/mesaj/msg.preamultzi


loginfails 3
greeting brief
#banner /etc/mesaj/banner1
compress        yes     guest,anonymous
tar             yes     guest,anonymous
chmod           no      guest,anonymous
delete          no      guest,anonymous
overwrite       no      guest,anonymous
rename          no      guest,anonymous
mkdir           no      guest,anonymous
upload          no      guest,anonymous
chmod           no      guest,anonymous
umask           no      guest,anonymous
compress        yes     real
tar             yes     real
chmod           yes     real
delete          yes     real
overwrite       yes     real
rename          yes     real


log transfers   guest,real,anonymous    inbound,outbound
shutdown /etc/shutmsg
passwd-check rfc822 enforce


#Filtering non ascii character
path-filter anonymous /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt guest
path-filter gest /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt. users
path-filter real /etc/mesaj/pathmsg ^[-A-Za-z0-9\._-]*$
#This line protect  me wen a bug shown in wu-ftp2.4  2.5 2.6



# specify the upload directory information
upload  /home/ftp  *            no      nobody   nogroup 0000 nodirs
upload  /var/ftp  /bin          no
upload  /var/ftp  /etc          no
upload  /home/ftp  /incoming    yes     ftp   ftp 440 nodirs

#protecting for long line max 3
site-exec-max-lines 3 all
dns refuse_mismatch /etc/mesaj/dns.msg
dns refuse_no_reverse /etc/mesaj/dns2.msg

#chroot
guest-root /home *
restricted-uid %100-499 %501-999




-- 
Pantalache Dalis-Adrian
+---------------------------------+
|	 Linux Sysadmin           |
|                                 |
| http://electron.upit.ro/~dalis  |
| dalis electron upit ro          |
| dalis agersystems ro            |
+---------------------------------+

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]