Linux Security, Was Re: [CLUE-Tech] enabling ftp

Kevin Cullis kevincu at orci.com
Sat Mar 17 17:37:23 MST 2001 

You can find it here:

http://www.psionic.com/abacus/portsentry/

You can a sortof HOWTO here:

http://www.linuxnewbie.org/nhf/intel/security/portsentry1.html

I know THIS helps.

Kevin

Cyberclops wrote:
> 
> Where do you get "port sentry" and is it for Linux?
> 
> Kevin Cullis wrote:
> >
> > Absolutely!!  After Grant got caught, I installed Port Sentry in about
> > 20 minutes (I'm new at getting at the guts of Linux) and I went back to
> > grc.com and it works like a champ.  Now I just got to figure out where
> > to put the commands to start it when I restart my CPU, which the runtime
> > is going on 50 days.
> >
> > Kevin
> >
> > ian wrote:
> > >
> > > I cant' say this enough.  TURN OFF FTP ASAP!!!!
> > >
> > > Especially since your on a cable modem (Road Runner?).  It is amazingly
> > > easy to snoop on the Cable modem network to capture cleartext login passwords.
> > >
> > > That was how I originally got compromised.  I went down the same path that
> > > you are with how to secure your box.  First I'll get ftp.. then I'll get
> > > apache.. then I'll get ssh.. then I'll put a firewall up.  Wrong order..
> > >
> > > What'll happen is .. "Honey.. I need you to go to the store and get lunch.
> > > Ooppss.. didn't get ssh up this weekend.  Its on my todo list.  Honest."
> > >
> > > Before you go any farther lock down your connection with a firewall.  The
> > > learning curve is worth it.  Then get SSH on.  Make sure that everything is
> > > turned off that you aren't using such as telnet, ftp, RPC, X, the list goes
> > > on and on and on.  You can test yoru connection and what is open on it
> > > by going to http://www.grc.com
> > >
> > > If you have SSH running properly you don't really need an ftp server at all.
> > >
> > > ian
> > >
> > > On Fri, Mar 16, 2001 at 04:26:17PM -0700, rfrank wrote:
> > > > Usually the how-to's and the newbie help files get me through it,
> > > > but I'm stumped on this one.  I've taken Mandrake 7.2 and set it up
> > > > as a firewall/IP masquerader on a dedicated machine with my home
> > > > network on the 2nd Ethernet card side of that box. That all works fine
> > > > as far as I can tell.
> > > >
> > > > Now, from outside, I want to be able to ftp into that machine and
> > > > get files.  (Later I want to telnet and ssh and even put a web page up,
> > > > but that's further down the learning curve.)
> > > >
> > > > I have the (default) entry in /etc/passwd for ftp, I haven't modified
> > > > /etc/ftpaccess but made sure it's there.  I do have the line
> > > > /sbin/modprobe ip_masq_ftp in my /etc/rc.d/rc.firewall script.
> > > > /etc/inetd.conf looks good to me (as best as I would know).
> > > > But when I try to connect to my dedicated IP address from
> > > > a machine outside my local network, I get:
> > > >   [rfrank at brechin rfrank]$  ftp 24.221.212.160
> > > >   ftp: connect: Connection refused
> > > >   ftp>
> > > > I get similar results with telnet to the same address.
> > > >
> > > > This can't be that tough.  What have I missed?  A firewall rule?
> > > > Turning on some daemon?
> > > >

More information about the clue-tech mailing list