How to allow FTP in hosts.allow
How to allow FTP in hosts.allow
AOA
Dear All !
I am using FreeBSD 6.2. I am facing a problem that my machine is reports me a number of invalid user attempts from outside. I want to secure it by using "hosts.allow", but when i do this my FTP services also stop working. The FTP server package is "vsftpd".
Please guide ...
Dear All !
I am using FreeBSD 6.2. I am facing a problem that my machine is reports me a number of invalid user attempts from outside. I want to secure it by using "hosts.allow", but when i do this my FTP services also stop working. The FTP server package is "vsftpd".
Please guide ...
Thanks & Regards
Muhammad Ali
Muhammad Ali
what have you tried to do?
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Dear Lambda !
Thanks for the reply.
What I have done is a little change in "hosts.allow". That is
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
##ALL : ALL : allow (Changed)
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
sshd : 192.168.1.6,192.168.1.7 : allow ##(Changed)
sshd : ALL : deny ##(Changed)
Just uncommected two lines ...
Thanks for the reply.
What I have done is a little change in "hosts.allow". That is
# Start by allowing everything (this prevents the rest of the file
# from working, so remove it when you need protection).
# The rules here work on a "First match wins" basis.
##ALL : ALL : allow (Changed)
# Wrapping sshd(8) is not normally a good idea, but if you
# need to do it, here's how
#sshd : .evil.cracker.example.com : deny
sshd : 192.168.1.6,192.168.1.7 : allow ##(Changed)
sshd : ALL : deny ##(Changed)
Just uncommected two lines ...
Thanks & Regards
Muhammad Ali
Muhammad Ali
add something like to allow access from that network. by commenting out the "ALL" entry, you've pretty much disabled all services by default.
Code: Select all
vsftpd : 192.168.0.1/24 : allow
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
you need just the second entry, not both.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
read his last post again. he says
I have tried it, I want to make FTP available for all.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Re: How to allow FTP in hosts.allow
it was just about the above line, when you want to secure it by hosts.allow then should have a IP address or a subnet to be allowed and deny every one else if you say allow every one then you can't say that you are going to secure it.Learner wrote: I want to secure it by using "hosts.allow"
Please guide ...
thanks
shahz
LinuxBoy
once again, it should be clear that he changed his mind. he said he wanted everyone to use ftp.
Watch out for the Manners Taliban!
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
Isn't it amazing how so many people can type "linuxpakistan.net" into their browsers but not "google.com"?
-
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
regarding stopping dictionary attacks on ftp
Hello ;
Please follow the following steps to stops the dictionary attacks on the ftp server
1. Create the group 'www' with r/w privileges to the /srv/www/htdocs folder (the website folder) if it doesn't exist already.
2. Create the user 'ftp_remote_admin' and have it belong in the group
'www' (So it will have r/w access to the http server folder.) Also, set the users home folder to /srv/www/htdocs.
3. Restrict access to only those who login (No anonymous), and only to the user 'ftp_remote_admin' via the vsftpd config file.
4. Set vsftpd.conf to move users into their home folder on login.
Regards,
Ghulam Yaseen
Please follow the following steps to stops the dictionary attacks on the ftp server
1. Create the group 'www' with r/w privileges to the /srv/www/htdocs folder (the website folder) if it doesn't exist already.
2. Create the user 'ftp_remote_admin' and have it belong in the group
'www' (So it will have r/w access to the http server folder.) Also, set the users home folder to /srv/www/htdocs.
3. Restrict access to only those who login (No anonymous), and only to the user 'ftp_remote_admin' via the vsftpd config file.
4. Set vsftpd.conf to move users into their home folder on login.
Regards,
Ghulam Yaseen
x2oxen wrote:Is there any way to stop something like dictionary attack on ftp service??
-
- Naik
- Posts: 68
- Joined: Thu Aug 07, 2008 6:09 pm
- Location: karachi
regarding allow only one host and reject all
It is also possible that we restrict all others except one user
vsftpd:IP_address: Allow
vsftpd:ALL:Deny
vsftpd:IP_address: Allow
vsftpd:ALL:Deny
lambda wrote:once again, it should be clear that he changed his mind. he said he wanted everyone to use ftp.