|
|
Sponsored Content
Special Forums
IP Networking
how to deny someone to use ftp command ?
Post 302148846 by yarx on Monday 3rd of December 2007 11:42:03 PM
12-04-2007
Quote:
You'll never be able to fully prevent users from running ftp to an uncontrolled remote host but you can make it harder by restricting connections on port 21 from AAA to BBB. It's not a prefect solution though as an ftpd can be run on any port, a determined user will just move the ftpd and carry on doing it.
However, in 90% of the cases where I hear these sorts of questions, it actually the wrong question being asked. Are you sure this is the correct solution to your problem? Why do you want to prevent the ftp in the first place? Why is BBB being targeted as a server to prevent access to?
If you are trying to prevent users from using the system for unathorised purposes (eg it's a school computer perhaps), it might be better to define what is acceptable and what is not, then perform 'after the fact' auditing and clobber whoever did it
It's a matter of human nature, if we see a fence, we try and go over it. Making a stronger fence only encourages us to try harder. If we get attacked by a bull in the paddock, we'll probably think twice about climbing that fence next time no matter how easy it was to get past...
However, in 90% of the cases where I hear these sorts of questions, it actually the wrong question being asked. Are you sure this is the correct solution to your problem? Why do you want to prevent the ftp in the first place? Why is BBB being targeted as a server to prevent access to?
If you are trying to prevent users from using the system for unathorised purposes (eg it's a school computer perhaps), it might be better to define what is acceptable and what is not, then perform 'after the fact' auditing and clobber whoever did it
It's a matter of human nature, if we see a fence, we try and go over it. Making a stronger fence only encourages us to try harder. If we get attacked by a bull in the paddock, we'll probably think twice about climbing that fence next time no matter how easy it was to get past...hi,Smiling Dragon,thanks for your reply.
if BBB open port 21/20 to transfer the data from AAA, i can use "iptables"(on linux, or any others software like have a firewall functions) to drop the data package, like you saied " It's not a prefect solution though as an ftpd can be run on any port ".
i think is the wrong question to ask someone.
|
|
10 More Discussions You Might Find Interesting
1. UNIX for Dummies Questions & Answers
Hi all
I'm using an AIX 5 machine.
I'm trying to telnet from this machine to another Aix machine.
When I use the "root" user - Everything works.
I can telnet successfully the other machine
When I use another user but root - I can't telnet the machine:
noah@logist:/home/noah>telnet aixtst... (2 Replies)
Discussion started by: sunbird
2 Replies
2. UNIX for Dummies Questions & Answers
OK, let see, i have a Tru64 Unix and need to know how the list of ftp users works and in /etc/ftpusers we have the unauthorized users but when we create a new user i want this users put automatic for deny access .....
where i set when creation of users action put automatic the user in that file?... (1 Reply)
Discussion started by: wbendek
1 Replies
3. UNIX for Dummies Questions & Answers
Dear all
i am relatively new in using UNIX i have a problem,
We are using IBM Informix Dynamic Server Version 9.40.FC7W4 we have 2 bsic user groups that we are using the 1st is root and another i wasnt to restrict the command "dba" that takes the users of that group to the database. I have... (3 Replies)
Discussion started by: masquerer
3 Replies
4. Solaris
Hi ,
I want to deny ftp access to some user. Currently I don't have /etc/ftpusers file. From the man page , i can modify the login shell at /etc/passwd to invalid one. How to add it ? replaced with /dev/null or something. If you have any other method to disabled it . Pls show me.
My FTP is... (10 Replies)
Discussion started by: skully
10 Replies
5. AIX
Hello everyone
I have to limit the root logins on my aix box (aix 5.3)
I change the value on the /etc/security/user
default (login and rlogin) change to false
and add to root (rlogin and login = false)
I tried in different ways but I got the same.
Root still can login
I try algo... (6 Replies)
Discussion started by: lo-lp-kl
6 Replies
6. UNIX for Dummies Questions & Answers
Hello I want to block individuals who attempt to use ssh to loggon to one of my machines from a certain IP address. I added the following entry in hosts.deny. Will the entry do what I want to do?
ssh: 202.111.128.225 (3 Replies)
Discussion started by: mojoman
3 Replies
7. Shell Programming and Scripting
HI
I want to make only one IP can access to ftp acount in cpanel or by shell
can any body help me ? (1 Reply)
Discussion started by: elkadrey
1 Replies
8. AIX
Dear AIX/UNIX experts:
I have a demand to restricted a file to be copy by others, but this file must can be read by others/Applications.
As I tried, the chmod command cannot fulfill this requirement. But not sure if the ACL can achieve this function or not ?
Could anybody give me your... (8 Replies)
Discussion started by: devyfong
8 Replies
9. UNIX for Dummies Questions & Answers
I do not want to be interrupted with any messages. How do I set my session to deny messages? (2 Replies)
Discussion started by: beelifter
2 Replies
10. UNIX for Dummies Questions & Answers
Hi there,
For /etc/hosts.deny was it used to deny access from the internet? (2 Replies)
Discussion started by: alvinoo
2 Replies
LEARN ABOUT CENTOS
ftphosts
ftphosts(4) File Formats ftphosts(4) NAME
ftphosts - FTP Server individual user host access file SYNOPSIS
/etc/ftpd/ftphosts DESCRIPTION
The ftphosts file is used to allow or deny access to accounts from specified hosts. The following access capabilities are supported: allow username addrglob [addrglob...] Only allow users to login as username from host(s) that match addrglob. deny username addrglob [addrglob...] Do not allow users to login as username from host(s) that match addrglob. A username of * matches all users. A username of anonymous or ftp specifies the anonymous user. addrglob is a regular expression that is matched against hostnames or IP addresses. addrglob may also be in the form address:netmask or address/CIDR, or be the name of a file that starts with a slash ('/') and contains additional address globs. An exclamation mark (`!') placed before the addrglob negates the test. The first allow or deny entry in the ftphosts file that matches a username and host is used. If no entry exists for a username, then access is allowed. Otherwise, a matching allow entry is required to permit access. EXAMPLES
You can use the following ftphosts file to allow anonymous access from any host except those on the class A network 10, with the exception of 10.0.0.* IP addresses, which are allowed access: allow ftp 10.0.0.* deny ftp 10.*.*.* allow ftp * 10.0.0.* can be written as 10.0.0.0:255.255.255.0 or 10.0.0.0/24. FILES
/etc/ftpd/ftphosts ATTRIBUTES
See attributes(5) for descriptions of the following attributes: +-----------------------------+-----------------------------+ | ATTRIBUTE TYPE | ATTRIBUTE VALUE | +-----------------------------+-----------------------------+ |Availability |SUNWftpr | +-----------------------------+-----------------------------+ |Interface Stability |External | +-----------------------------+-----------------------------+ SEE ALSO
in.ftpd(1M), ftpaccess(4), attributes(5) SunOS 5.10 1 May 2003 ftphosts(4)