HostedDB - Dedicated UNIX Servers
Securing-Optimizing-RH-Linux-1_2_444
Comments and suggestions concerning this book should be mailed to gmourani@videotron.ca © Copyright 1999-2000 Gerhard Mourani and Open Network Architecture ® 444 #%PAM-1.0 auth       required     /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed auth       required     /lib/security/pam_pwdb.so shadow nullok auth       required     /lib/security/pam_shells.so account    required     /lib/security/pam_pwdb.so session    required     /lib/security/pam_pwdb.so Configuration of the “/etc/logrotate.d/ftpd” file Configure your “/etc/logrotate.d/ftpd” file to rotate each week your log files automatically. Create the ftpd file (touch /etc/logrotate.d/ftpd) and add the following lines: /var/log/xferlog {     # ftpd doesn't handle SIGHUP properly     nocompress } Configure ftpd to use tcp-wrappers inetd super server Tcp-wrappers take cares to start and stop ftpd server. Upon execution, inetd reads its configuration information from a configuration file which, by default, is “/etc/inetd.conf”. There must be an entry for each field of the configuration file, with entries for each field separated by a tab or a space. Step 1 Edit the inetd.conf file (vi /etc/inetd.conf) and add or verify the existence of the following line: ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  in.ftpd -l -a NOTE: Update your “inetd.conf” file by sending a SIGHUP signal (killall -HUP inetd) after adding the above line in the file. · To update your “inetd.conf” file, use the following command: [root@deep /]# killall -HUP inetd Step 2 Edit the hosts.allow file (vi /etc/hosts.allow) and add for example the following line: in.ftpd: 192.168.1.4 win.openarch.com Which mean client IP “192.168.1.4” with host name “win.openarch.com” is allowed to  FTP on the server. FTP Administrative Tools ftpwho The ftpwho program utility displays all active ftp users and their current process information on the system. The output of the command is in the format of the “/bin/ps” command. The format of this command is: · To displays all active ftp users and their current process, use the following command: [root@deep /]# ftpwho Service class openarch: 5443 ?        S      0:00 ftpd: win.openarch.com: ftpadmin: IDLE    -   1 users ( 20 maximum)