[CLUE-Admin] unusual server activity
Lynn Danielson
lynnd at techangle.com
Thu Dec 4 14:03:41 MST 2003
Jed S. Baer wrote:
>On Thu, 4 Dec 2003 11:33:58 -0700
>Jeff Cann <j.cann at isuma.org> wrote:
>
>
>>On Thursday 04 December 2003 10:45 am, Lynn Danielson wrote:
>>
>>
>>>Both the ftp account and services have been disabled.So, I don't understand why there would be any ftp user activity.
>>>
>>>
>>... It is troubling that someone is logging in as ftp. Perhaps we should disable the 'ftp' account? At a minimum, we should change the password.
>>
>>
>
>I'm missing something here? If the ftp account and services have been
>disabled, then why do I get a username prompt when I attempt to ftp to
>clue.denver.co.us?
>
The ftp services were/are disabled. They are commented out in both the
/etc/services
and inetd.conf files. The ftp user does not have a valid password, and
so should not be
able to login. But you're absolutely right. The server is (was
actually) responding to
ftp request and allowing user connections. This did not use to be the
case. I've changed
the permission on the ftp daemon to make it nonexecutable and ftp
request are now
ignored. But I don't understand how this service was running when the
inetd.conf and
services entries were commented out.
>Is there any reason to have ftp available on the box?
>
No. We decided when we brought the box up that we'd all use secure shell
access and that was sufficient. I did open up the port so that I could
use the
ftp client on the box once (I needed to test an ftp server on another
machine).
But the port was only open for a few hours and the server was never running.
>Maybe it got turned off manually some time ago, and the recent reboot (did that occur?) restarted it.
>
No, I did manage to get the quotas working without a reboot. The
server's been
up for 210 days.
Lynn
More information about the clue-admin
mailing list