My friend was running RH6.2 with no firewall, and he had been lax on getting the security patches as well, so he knows it is his own fault. :)
On Thu, 17 Jan 2002, Technomage wrote:
> question?
> was the box that lpr was running on protected by firewall?
>
> also, is it a standard linux installation using either ipchains or iptables
> as the firewall?
>
> I might be able to help a lot with ipchains. iptables is still relatively new
> for me and I went with a standard "high security" setup.
>
> Technomage
>
> On Thursday 17 January 2002 10:58, you wrote:
> > Armand,
> >
> > I did figure this out and even tried to post to the list on Sunday about
> > it, but of course my post never got there... Thanks everyone for the help.
> >
> > I'm thinking I will check out one of the alternate servers that have been
> > discussed here. A friend of mine was rooted recently (through lpr) by a
> > particularly nasty script kiddie, so in light of the pain he experienced
> > I'm stepping up my security as well.
> >
> > On Wed, 16 Jan 2002, Armand wrote:
> > > % Probably a dumb question. I would like to symlink a directory under
> > > % my
> > > % /home/ftp/pub. I know this is possible - lots of sites do it. But
> > > % wu-ftp
> > > % doesn't recognize symlinks created by ln -s. Is there something
> > > % special
> > > % I can do to get the link to work in wu-ftpd?
> > > %
> > > % Thanks,
> > > % Lisa
> > >
> > > Hi Lisa,
> > >
> > > According to http://www.wu-ftpd.org/wu-ftpd-faq.html#QA74
> > >
> > > "15.I made a symbolic link within the anonymous tree and it doesn't work
> > > for the anonymous users.
> > >
> > > Symbolic links are relative to your active root. If you want to access
> > > files/directories/diskspace outside your chrooted environment, you'll
> > > have to import it using directory loopback mounts (available on at
> > > least Solaris) or using NFS mounts (available on most other operating
> > > systems but they have a performance impact)."
> > >
> > > So in short, no you can't just make a soft-link with ln -s. Apparently
> > > it requires an NFS mount which I'm not familiar with.
> > >
> > > But according to people on irc.openprojects.net #linpeople you can use
> > > hard links to accomplish this (be aware that you can't hard-link across
> > > devices i.e. partitions).
> > >
> > > Maybe this is where security problems arise when you try to link outside
> > > of the chrooted environment.
> > >
> > > I like wu-ftp, it automatically set up ftp to my users' public_html file
> > > just by making an ftp-only account.
> > >
> > > There are other ftp servers that may well be as good as if not better
> > > but I learned a lot from digging thru the docs about wu-ftp on my
> > > RH box.
> > >
> > > HTH,
> > > Armand
> > > ________________________________________________
> > > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> > > post to the list quickly and you use Netscape to write mail.
> > >
> > > PLUG-discuss mailing list - PLUG-discuss@lists.plug.mybutt.net
> > > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> > ________________________________________________
> > See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't
> > post to the list quickly and you use Netscape to write mail.
> >
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.mybutt.net
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> ________________________________________________
> See http://PLUG.phoenix.az.us/navigator-mail.shtml if your mail doesn't post to the list quickly and you use Netscape to write mail.
>
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.mybutt.net
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>