logging ftp downloads.

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMJohn (EBo) David at <-
MMCraig White at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: foodog
Date:  
Subject: logging ftp downloads.
Hence my disclaimer: "Best I can do...". I suggested ProFTPD because:
1) it has documentation, 2) the authors try to make it secure, 3) he
appeared to have security concerns & inadequate docs.

Uh, my bad?

Craig White wrote:
>
> foodog wrote:
> >
> > IMO, for a Linux FTP box I'd run ProFTPD, www.proftpd.org
> > Best I can do, since I don't know the answer you're looking for ;-)
> > Steve
> >
> > "John (EBo) David" wrote:
> > >
> > > I've been crawling around and noticed some odd login's to my ftp
> > > server. I see no xfer logs where I would expect, so I assume that I do
> > > not have FTP logging turned on. Reading the docs, I see I need to give
> > > ftpd a "-S" swithc. The question is where in suse to ser this. SuSE
> > > plays some funny games with how they manage the config files so they can
> > > automate a bunch of stuff with YaST. So, should I just add the "-S" to
> > > the ftp definition in inetd.conf, or am I missing something?
> > >
> ---
> suggesting that he use another ftp server when he doesn't understand the
> one he's got isn't exactly a great answer.
>
> Does Suse still use inetd and not xinetd?
>
> Do you have anon-ftpd installed?
>
> Do you have wu-ftpd installed?
>
> Both installed? try rpm -qa|grep ftp to see what you've got installed
>
> Redhat logs all transfers - /var/log/xferlog
>
> also /var/log/secure lists all log-ins
>
> also try less last
>
> the question is whether they are doing anonymous login and not able to
> get anywhere or if these are authenticating users. Authenticated users
> could be a problem if you don't have authenticated users. Also note that
> ftp daemons - regardless of flavor are notorious security risks - and
> MUST be kept up to date to cover exploits. Also, ftp really needs to
> corral users into specific areas so if you let any REAL users on, you
> need to chroot them. Do not allow any uploads until you are completely
> up to snuff on security aspects of ftp program.
>
> see
>
> man ftpd
> man ftpaccess
>
> Craig
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list -
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-Best CD drive for ripping audio?format of default.ida file?->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)