Securing-Optimizing-RH-Linux-1_2_444
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca
© Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ®
444
#%PAM-1.0
auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
auth required /lib/security/pam_pwdb.so shadow nullok
auth required /lib/security/pam_shells.so
account required /lib/security/pam_pwdb.so
session required /lib/security/pam_pwdb.so
Configuration of the /etc/logrotate.d/ftpd file
Configure your /etc/logrotate.d/ftpd file to rotate each week your log files automatically.
Create the ftpd file (touch /etc/logrotate.d/ftpd) and add the following lines:
/var/log/xferlog {
# ftpd doesn't handle SIGHUP properly
nocompress
}
Configure ftpd to use tcp-wrappers inetd super server
Tcp-wrappers take cares to start and stop ftpd server. Upon execution, inetd reads its
configuration information from a configuration file which, by default, is /etc/inetd.conf. There
must be an entry for each field of the configuration file, with entries for each field separated by a
tab or a space.
Step 1
Edit the inetd.conf file (vi /etc/inetd.conf) and add or verify the existence of the following line:
ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -a
NOTE: Update your inetd.conf file by sending a SIGHUP signal (killall -HUP inetd) after adding
the above line in the file.
·
To update your inetd.conf file, use the following command:
[root@deep /]# killall -HUP inetd
Step 2
Edit the hosts.allow file (vi /etc/hosts.allow) and add for example the following line:
in.ftpd: 192.168.1.4 win.openarch.com
Which mean client IP 192.168.1.4 with host name win.openarch.com is allowed to FTP on the
server.
FTP Administrative Tools
ftpwho
The ftpwho program utility displays all active ftp users and their current process information on
the system. The output of the command is in the format of the /bin/ps command. The format of
this command is:
·
To displays all active ftp users and their current process, use the following command:
[root@deep /]# ftpwho
Service class openarch:
5443 ? S 0:00 ftpd: win.openarch.com: ftpadmin: IDLE
- 1 users ( 20 maximum)