SEARCH and Navigation TOOL
|
|
Everett weather -- Seattle - Everett traffic -- assorted News
parallel NASB/KJV -- BBC: Middle East
South East Asian Missions -- Voice of the Martyrs
Nuts-Bolts-Wrench specs
john's vehicle history since 1972
ssh and vsftp.conf files - misc settings and security issuesthe use of ftp is not recommended. using vsftp is an acceptable alternative (very secure ftp). review the man pages and use search tools to verify that the configuration will not leave your system vulnerable. #!/bin/bash # script standardizes /etc/ssh/sshd_config, /etc/vsftpd.conf and removes oracle from /etc/ftpusers # jm - 25jul05 ##### # VALID /etc/vsftpd.conf # write_enable=YES # dirmessage_enable=YES # local_enable=YES # syslog_enable=YES # connect_from_port_20=YES # pam_service_name=vsftpd #################### cp /etc/vsftpd.conf /etc/vsftpd.conf-ORIG echo "## see /etc/vsftpd.conf-ORIG for comments - this file config info only" > /etc/vsftpd.conf echo "write_enable=YES" >> /etc/vsftpd.conf echo "dirmessage_enable=YES" >> /etc/vsftpd.conf echo "local_enable=YES" >> /etc/vsftpd.conf echo "syslog_enable=YES" >> /etc/vsftpd.conf echo "connect_from_port_20=YES" >> /etc/vsftpd.conf echo "pam_service_name=vsftpd" >> /etc/vsftpd.conf ##### ##### ##### ##### cp /etc/ssh/sshd_config /etc/ssh/sshd_config-ORIG #################### ######################### # --> cat /etc/ssh/sshd_config | grep -v ^# | grep -v ^$ PasswordAuthentication yes X11Forwarding yes UsePrivilegeSeparation yes Subsystem sftp /usr/lib64/ssh/sftp-server #################### # another system: --> cat /etc/ssh/sshd_config | grep -v ^# | grep -v ^$ PermitRootLogin no X11Forwarding yes X11DisplayOffset 10 UsePrivilegeSeparation yes Subsystem sftp /usr/lib64/ssh/sftp-server #################### ########################################################################################## example vsftpd.conf file from a system, these are defaults... see notes below: --> cat /etc/vsftpd.conf | grep -v ^# write_enable=NO # good dirmessage_enable=YES nopriv_user=ftpsecure local_enable=YES anonymous_enable=YES # this is not a good idea - anonymous ftp is just an opportunity... anon_world_readable_only=YES # offers some protection, better to disable anonymous completely and use scp syslog_enable=YES connect_from_port_20=YES ascii_upload_enable=YES pam_service_name=vsftpd listen=NO listen_ipv6=YES ssl_enable=NO pasv_min_port=30000 pasv_max_port=30100 ########################################################################################## -- Linux commands, scripts, tools and systems administration -- |
SEARCH and Navigation TOOL |
|
Everett weather -- Seattle - Everett traffic -- assorted News parallel NASB/KJV -- BBC: Middle East South East Asian Missions -- Voice of the Martyrs Nuts-Bolts-Wrench specs john's vehicle history since 1972 |
|
|