Secure FTP servers in *NIX
Results 1 to 10 of 10

Thread: Secure FTP servers in *NIX

  1. #1
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177

    Secure FTP servers in *NIX

    Hey all,

    I'm setting up a server right now for my LAN, and I've got Apache going now, but I'm wondering about the FTP server.

    Machine specs:


    Compaq Presario 6000

    AMD Athlon XP 2600+ Processor operating at 2.13 GHz

    512 MBs RAM

    120 GB HD

    Floppy, ZIP, DVD, and CD-RW drives

    Running Slackware Linux 10


    Second box that may be used:

    HP Pavilion (the first computer I ever bought, still serving me well)

    Pentium 3 733 MHz Not overclocked

    384 MBs RAM

    43 GB HD (Yes, it's weird, but any OS Iput on here reports 43 GB)

    Floppy, ZIP, DVD, and CD-RW drives

    Running Slackware Linux 9.1 with all patches installed.


    Now, I can easily do a google search and find out about secure FTP servers that are quickly set up, but I don't want to listen to some guy ramble on because he was paid, which is why I'm asking here, as I'm quite sure I'm not the only one who has set up multiple FTP servers before.

    PureFTPD, ProFTP, and VSFTP are all what I have used before, and I really liked PureFTPd, and VSFTP, but what do you guys think about this?

    Slackware has ProFTPd already, but I'm not looking for something already installed if it's not the best.

    I won't listen to someone saying WU-FTP, that's just wrong.

    Unless of course you can back up that, heh.

    Anyway, what FTP servers have you guys set up and liked?

    I'm thinking I will go with PureFTPD, but still, I'd like some feed back.

    Usage:

    The server will be used to pretty much back up my LAN, and maybe be used to store things for internet users to download. the load might get high, because I have...Ummm, my paid for movies I've downloaded to back up, and on some days the server may be transferng up to 3 GBs a day, and sometimes more. Which is why I like PureFTPd, because I've used that on a SUSE server and gotten 15 GBs across my network in 3 hours without a porblem.

    Also, NO ANONYMOUS. All users will have to have an account on the box.I don't want to set up anonymous at all. It's just for me and maybe friends like I said, and I want people to have to log in.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  2. #2
    PHP/PostgreSQL guy
    Join Date
    Dec 2001
    Posts
    1,164
    I like VSFTP as it's a lot better as far as security and setup than the typical Wu-FTP drop-in that RH has. No plaintext transmissions, operates on the same port 21, and you can lock everything down using no anonymous, chrooted directories, etc...

    You can find a good "how-to" here.

    You can find out more info in general here and here. The second link provides a lot more info on sites using it, how it's proven, etc...very good stuff!

    I mean, 2500 concurrent downloads on individual servers? Wow...

    Hope this helps!
    We the willing, led by the unknowing, have been doing the impossible for the ungrateful. We have done so much with so little for so long that we are now qualified to do just about anything with almost nothing.

  3. #3
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Cool man, I agree, I liked it too when I was using it. It worked very well, and gave me no problems at all. Thanks for the information.
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

  4. #4
    Senior Member
    Join Date
    Mar 2004
    Location
    Colorado
    Posts
    421
    I'll second VSFTP

    It's not perfect but it is more secure than WU or Pro as far as published vulns.

    I also like how VSFTP allows you to easily lock users into their home directory via
    the vsftpd.chroot_list

  5. #5
    Super Moderator
    Know-it-All Master Beaver

    Join Date
    Jan 2003
    Posts
    3,914
    Hey Hey,

    I'll put in another vote for VSFTPd... that's what I've got running on my SuSE box at home... and it's definately more feature filled than Pure/Pro FTPd when it comes to the security aspects. I actually just convinced a buddy to switch his server over to VSFTPd and he was quite impressed with the added security.


    Peace,
    HT
    IT Blog: .:Computer Defense:.
    PnCHd (Pronounced Pinched): Acronym - Point 'n Click Hacked. As in: "That website was pinched" or "The skiddie pinched my computer because I forgot to patch".

  6. #6
    vsftpd

  7. #7
    Senior Member
    Join Date
    Sep 2001
    Posts
    1,027
    Why not use sftp if not for anonymous ftp? Besides sftp is much nicer ports wise (only needs port 22 both ways...) and thus much simpler to configure on the firewall...

    Ammo
    Credit travels up, blame travels down -- The Boss

  8. #8
    Blast From the Past
    Join Date
    Jan 2003
    Posts
    729
    im tinkering with vsftpd and i like it alot.....altho i dont want annynomus users and thats all i have right now...but im going through the tuts listed above and figuring out what to do
    work it harder, make it better, do it faster, makes us stronger

  9. #9
    Senior Member
    Join Date
    Apr 2002
    Posts
    889
    Well first thing since i is Linux is the firewall and it must allow and be set up for passive connections after the inital handshake on both sides. Will side with the VSFtpd on this one. I simply set things up so there was one group that had the access they need. Then created download and upload directories in that groups folder. The access one down load and one up load were rooted to respected directories. Download can read and download upload only place the files not read them although I am thinking quotas are maybe better suited for this. So in the end no matter what server side program you use it will depend upon ease of use for all users and the set up of permissions. I cannot reall off the tp of my head what mine read at work on the ftp server. But I'll follow up with more info later when I review what I did and edit it because I do not like to really mention much about how I set things up here...go figure

    Peace
    I believe that one of the characteristics of the human race - possibly the one that is primarily responsible for its course of evolution - is that it has grown by creatively responding to failure.- Glen Seaborg

  10. #10
    AO BOFH: Luser Abuser BModeratorFH gore's Avatar
    Join Date
    Oct 2002
    Location
    Michigan
    Posts
    7,177
    Thanks to everyone, I appreciate it.

    I've decided to make a mixed environment. I'm going to use VSFTPd on one box, and Pure/Pro on another. the main box will get VSFTPd as just about everyone recommended it, and the other is for learning, so thanks again!
    Kill the lights, let the candles burn behind the pumpkins’ mischievous grins, and let the skeletons dance. For one thing is certain, The Misfits have returned and once again everyday is Halloween.The Misfits FreeBSD
    Cannibal Holocaust
    SuSE Linux
    Slackware Linux

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides