November 7th, 2005, 11:03 PM
Audit: anonymous ftp and /etc/shadow - is this a risk?
My brain is misfiring and I need to ask for some advice. We are conducting on audit on some HP-UX 11.i servers and found one server, deemed a public ftp server, to have anoymous ftp. But we also found that the admins have enabled shadowed passwords. Now my first thought is that they need to disable ftp post-haste, but am I wrong on this? Can /etc/shadow be compromised and lead to the compromise of /etc/passwd? I think so, but again my brain is misfiring right now.
Also - as stated before, I believe they should have ftp turned off, even if they have imposed disk quota limits and move to ssh. The reason I ask this is because... they do not have ssh deployed everywhere and I have preached til I was coarse - so I was looking for some advice there as well.
Thanks in advance.
\"We\'re the middle children of history.... no purpose or place. We have no Great War, no Great Depression. Our great war is a spiritual war. Our great depression is our lives. We\'ve all been raised by television to believe that one day we\'ll all be millionaires and movie gods and rock stars -- but we won\'t. And we\'re learning slowly that fact. And we\'re very, very pissed off.\" - Tyler (Brad Pitt) Fight Club