More secure wu-ftpd
Pantalache Dalis-Adrian
class intern real,guest,anonymous xxx.xxx.xxx.xxx
class extern anonymous *
#fake passwd :)
# noretrieve /etc/passwd
# noretrieve /etc/shaddow
deny 194.102.92.* /etc/mesaj/denymsg
deny 193.230.84.64 /etc/mesaj/msg.local
deny 192.162.1.1 /etc/mesaj/msg.local
limit local 0 Any /etc/mesaj/msg.local
limit intern 25 Any /etc/mesaj/msg.preamultzi
limit extern 5 Any /etc/mesaj/msg.preamultzi
loginfails 3
greeting brief
#banner /etc/mesaj/banner1
compress yes guest,anonymous
tar yes guest,anonymous
chmod no guest,anonymous
delete no guest,anonymous
overwrite no guest,anonymous
rename no guest,anonymous
mkdir no guest,anonymous
upload no guest,anonymous
chmod no guest,anonymous
umask no guest,anonymous
compress yes real
tar yes real
chmod yes real
delete yes real
overwrite yes real
rename yes real
log transfers guest,real,anonymous inbound,outbound
shutdown /etc/shutmsg
passwd-check rfc822 enforce
#Filtering non ascii character
path-filter anonymous /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt guest
path-filter gest /etc/mesaj/pathmsg ^[-A-Za-z0-9_]*$ ^\. ^-
#pt. users
path-filter real /etc/mesaj/pathmsg ^[-A-Za-z0-9\._-]*$
#This line protect me wen a bug shown in wu-ftp2.4 2.5 2.6
# specify the upload directory information
upload /home/ftp * no nobody nogroup 0000 nodirs
upload /var/ftp /bin no
upload /var/ftp /etc no
upload /home/ftp /incoming yes ftp ftp 440 nodirs
#protecting for long line max 3
site-exec-max-lines 3 all
dns refuse_mismatch /etc/mesaj/dns.msg
dns refuse_no_reverse /etc/mesaj/dns2.msg
#chroot
guest-root /home *
restricted-uid %100-499 %501-999
--
Pantalache Dalis-Adrian
+---------------------------------+
| Linux Sysadmin |
| |
| http://electron.upit.ro/~dalis |
| da...@electron.upit.ro |
| da...@agersystems.ro |
+---------------------------------+
_______________________________________________
Linux-security mailing list
Linux-s...@redhat.com
https://listman.redhat.com/mailman/listinfo/linux-security