Monday, August 24, 2009

System Security - FTP (Anonymous)

How to create a directory for anonymous ftp user & How to deny the anonymous user?

Creating a directory for anonymous ftpuser:

Output:


Server side:
# mkdir /ftp_anonymous
bash-3.00# ftpconfig -d /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# ls /ftp_anonymous/
bin dev etc lib pub usr
bash-3.00# ftpconfig /ftp_anonymous/
Updating directory /ftp_anonymous/
bash-3.00# svcs -a |grep ftp
disabled 14:40:42 svc:/network/ftp:default
bash-3.00# svcadm enable ftp
bash-3.00# svcs -a |grep ftp
online 15:24:31 svc:/network/ftp:default
bash-3.00# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
ftp 2096 0.0 0.1 2232 1600 ? S 15:24:48 0:00 ftpd: fire1: anonymous/anonymous"gmail.com: IDLE
1 users (no maximum)


Client side:
# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
230-The response 'anonymous"gmail.com' is not valid
230-Next time please use your e-mail address as your password
230- for example: joe@fire1.network
230 Guest login ok, access restrictions apply.
Remote system type is UNIX.
Using binary mode to transfer files.
ftp> pwd
257 "/" is current directory.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
bin
dev
etc
lib
pub
usr
226 Transfer complete.
30 bytes received in 5.8e-05 seconds (508.94 Kbytes/s)
ftp> cd pub
250 CWD command successful.
ftp> ls
200 PORT command successful.
150 Opening ASCII mode data connection for file list.
new
226 Transfer complete.
5 bytes received in 2.9e-05 seconds (170.78 Kbytes/s)
ftp> cat new
?Invalid command
ftp> bye
221-You have transferred 0 bytes in 0 files.
221-Total traffic for this session was 927 bytes in 2 transfers.
221-Thank you for using the FTP service on fire2.
221 Goodbye.



Denying Anonymous User account:

FTP Server Side:
# vi /etc/ftpd/ftpusers

"/etc/ftpd/ftpusers" 18 lines, 193 characters
# ident "@(#)ftpusers 1.5 04/02/20 SMI"
#
# List of users denied access to the FTP server, see ftpusers(4).
#
daemon
bin
sys
adm
lp
uucp
nuucp
smmsp
listen
gdm
webservd
nobody
noaccess
nobody4
anonymous

# ftpwho
Service class realusers:
- 0 users (no maximum)
Service class guestusers:
- 0 users (no maximum)
Service class anonusers:
- 0 users (no maximum)



FTP Client side:
Anonymous user disabled in ftpusers:

# ftp 192.168.0100

bash-3.00# ftp 192.168.0.100
Connected to 192.168.0.100.
220 fire2 FTP server ready.
Name (192.168.0.100:root): anonymous
331 Guest login ok, send your complete e-mail address as password.
Password:
530 Login incorrect.
Login failed.
Posted by at

2 comments:

  1. SenthilnathanOctober 14, 2011 at 4:22 PM

    Directory should be /ftp_anonymous
    or it can be different?

    ReplyDelete
  2. Manickam KamalakkannanOctober 15, 2011 at 4:24 PM

    To Senthil,

    No, its's not necessary to be like that, it can be in any name.

    ReplyDelete

Subscribe to: Post Comments (Atom)