How to create a directory for anonymous ftp user & How to deny the anonymous user?
Creating a directory for anonymous ftpuser:
Output:
Server side:
# mkdir /ftp_anonymous
bash-3.00# ftpconfig -d /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# ls /ftp_anonymous/
bin dev etc lib pub usr
bash-3.00# ftpconfig /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# svcs -a |grep ftp
disabled 14:40:42 svc:/network/ftp:default
bash-3.00# svcadm enable ftp
bash-3.00# svcs -a |grep ftp
online 15:24:31 svc:/network/ftp:default
bash-3.00# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1: anonymous/anonymous"gmail.com: IDLE
1 users (no maximum)
Client side:
# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'anonymous"gmail.com' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe@fire1.network
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
dev
etc
lib
pub
usr
226 Transfer complete.
30 bytes received in 5.8e-05 seconds (508.94 Kbytes/s)
ftp> cd pub
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
new
226 Transfer complete.
5 bytes received in 2.9e-05 seconds (170.78 Kbytes/s)
ftp> cat new
?Invalid command
ftp> bye
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 927 bytes in 2 transfers.
221-Thank you for using the FTP service on fire2.
221 Goodbye.
Denying Anonymous User account:
FTP Server Side:
# vi /etc/ftpd/ftpusers
"/etc/ftpd/ftpusers" 18 lines, 193 characters
# ident "@(#)ftpusers 1.5 04/02/20 SMI"
#
# List of users denied access to the FTP server, see ftpusers(4).
#
daemon
bin
sys
adm
lp
uucp
nuucp
smmsp
listen
gdm
webservd
nobody
noaccess
nobody4
anonymous
# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)
FTP Client side:
Anonymous user disabled in ftpusers:
# ftp 192.168.0100
bash-3.00# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
530 Login incorrect.
Login failed.
Monday, August 24, 2009
Monday, August 17, 2009
System Security - FTP
A few additional information on FTP monitoring:
# ftpcount
Shows current number of users in each ftp server class
-v Displays the user counts for ftp server classes defined in virtual host [ftpaccess]
-V Display program copyright and version information then terminate
Output:
# ftpcount
Service class realusers - 1 users (no maximum)
Service class guestusers - 0 users (no maximum)
Service class anonusers - 0 users (no maximum)
# ftpwho
Shows current process information for each ftp server user
1. Itll display which user is logged in along with the process id
2. Status of the user will be displayed
3. Will also display the password given by the anonymous user
Output:
# ftpwho
Service class realusers:
bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd: 192.168.0.157: bhagat: IDLE
- 1 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)
Here,
1. A real user named - bhagat is logged through ftp from the machine 192.168.0.157.
2. Similarly if other category of user's are logged in, then their name's & corresponding
machine Ip will be displayed.
3. If anonymous user is logged in then their password will be displayed. (Normally the system
prompts & and ask for e-mail id).
# ftpcount
Shows current number of users in each ftp server class
-v Displays the user counts for ftp server classes defined in virtual host [ftpaccess]
-V Display program copyright and version information then terminate
Output:
# ftpcount
Service class realusers - 1 users (no maximum)
Service class guestusers - 0 users (no maximum)
Service class anonusers - 0 users (no maximum)
# ftpwho
Shows current process information for each ftp server user
1. Itll display which user is logged in along with the process id
2. Status of the user will be displayed
3. Will also display the password given by the anonymous user
Output:
# ftpwho
Service class realusers:
bhagat 1157 0.0 0.2 4852 2628 ? S 12:48:03 0:00 ftpd: 192.168.0.157: bhagat: IDLE
- 1 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)
Here,
1. A real user named - bhagat is logged through ftp from the machine 192.168.0.157.
2. Similarly if other category of user's are logged in, then their name's & corresponding
machine Ip will be displayed.
3. If anonymous user is logged in then their password will be displayed. (Normally the system
prompts & and ask for e-mail id).
Tuesday, August 11, 2009
Disk Administration
How to mount two or more devices in the same mount point?
1. Creating a mount point
bash-3.00# mkdir /mnt/new
2. Mounting the device in the created mount point
bash-3.00# mount /dev/dsk/c1d0s4 /mnt/new/
3. Verifying the device mounted & its mount point
bash-3.00# df -h
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new
4. Now if we try to mount another device in the same mount point, we face the following error message:
bash-3.00# mount /dev/dsk/c1d0s5 /mnt/new/
mount: /dev/dsk/c1d0s5 is already mounted or /mnt/new is busy
5. So, to mount another device in the same mount point,
bash-3.00# mount -O /dev/dsk/c1d0s5 /mnt/new/
6. Verifying the device mounted & its mount point
bash-3.00# df -h
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new
/dev/dsk/c1d0s5 2.0G 2.0M 1.9G 1% /mnt/new
1. Creating a mount point
bash-3.00# mkdir /mnt/new
2. Mounting the device in the created mount point
bash-3.00# mount /dev/dsk/c1d0s4 /mnt/new/
3. Verifying the device mounted & its mount point
bash-3.00# df -h
Filesystem size used avail capacity Mounted on/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new
bash-3.00# mount /dev/dsk/c1d0s5 /mnt/new/
mount: /dev/dsk/c1d0s5 is already mounted or /mnt/new is busy
5. So, to mount another device in the same mount point,
bash-3.00# mount -O /dev/dsk/c1d0s5 /mnt/new/
6. Verifying the device mounted & its mount point
bash-3.00# df -h
Filesystem size used avail capacity Mounted on
/dev/dsk/c1d0s0 9.9G 3.2G 6.5G 34% /
/devices 0K 0K 0K 0% /devices
ctfs 0K 0K 0K 0% /system/contract
proc 0K 0K 0K 0% /proc
mnttab 0K 0K 0K 0% /etc/mnttab
swap 22G 736K 22G 1% /etc/svc/volatile
objfs 0K 0K 0K 0% /system/object
/usr/lib/libc/libc_hwcap2.so.1
9.9G 3.2G 6.5G 34% /lib/libc.so.1
fd 0K 0K 0K 0% /dev/fd
swap 22G 48K 22G 1% /tmp
swap 22G 40K 22G 1% /var/run
/dev/dsk/c1d0s4 2.0G 2.0M 1.9G 1% /mnt/new
/dev/dsk/c1d0s5 2.0G 2.0M 1.9G 1% /mnt/new
Monday, August 3, 2009
User administration
In Sun Solaris 10,
# useradd -D
Reads the entry from the following file /usr/sadm/defadduser
Output:
# useradd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
# cat /usr/sadm/defadduser
Output:
# Default values for useradd. Changed Tue Jul 28 04:28:53 2009
defgroup=1
defgname=other
defparent=/home
defskel=/etc/skel
defshell=/bin/sh
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
This file can be customized by root user, to change the default parameters to 'useradd' command
For eg:
# vi /usr/sadm/defadduser
defgroup=104
defgname=solaris
defparent=/export/home
defskel=/etc/skel
defshell=/bin/bash
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
:wq!
After saving the changes to the file,
# useradd -D
group=solaris,104 project=default,3 basedir=/export/home
skel=/etc/skel shell=/bin/bash inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
# useradd -D
Reads the entry from the following file /usr/sadm/defadduser
Output:
# useradd -D
group=other,1 project=default,3 basedir=/home
skel=/etc/skel shell=/bin/sh inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
# cat /usr/sadm/defadduser
Output:
# Default values for useradd. Changed Tue Jul 28 04:28:53 2009
defgroup=1
defgname=other
defparent=/home
defskel=/etc/skel
defshell=/bin/sh
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
This file can be customized by root user, to change the default parameters to 'useradd' command
For eg:
# vi /usr/sadm/defadduser
defgroup=104
defgname=solaris
defparent=/export/home
defskel=/etc/skel
defshell=/bin/bash
definact=0
defexpire=
defauthorization=
defrole=
defprofile=
defproj=3
defprojname=default
deflimitpriv=
defdefaultpriv=
deflock_after_retries=
:wq!
After saving the changes to the file,
# useradd -D
group=solaris,104 project=default,3 basedir=/export/home
skel=/etc/skel shell=/bin/bash inactive=0
expire= auths= profiles= roles= limitpriv=
defaultpriv= lock_after_retries=
Subscribe to:
Posts (Atom)