We help IT Professionals succeed at work.

extreme security

andrewyu
andrewyu asked
on
Medium Priority
245 Views
Last Modified: 2013-12-16
After I set FreeBSD 4.4 (during installation) security to "EXTREME", I cannot use telnet and ftp any more !

How can I solve this problem as I MUST use this two services ?

Andrew
Comment
Watch Question

You can't telnet/ftp out, or in?

If you can't ftp/telnet in, I'm not surprised.  These are big security holes and not compatible with 'extreme' security.  (Even in a lockdown mode, you should be able to FTP out)

If you *really* need these services (and can't/won't get an ssh type equivelant working) try the following:  (DISCLAIMER:  changing security settings could get you in trouble =)

1)  Look in /etc/services for the line indicating telnet and ftp protocols (23 and 21 respectively).  If these lines are commented out, EXTREME security diallowed them.

(You may choose to uncomment these lines, but you'll be opening it up for everyone.  In this case you have very little security.  I'll leave you to your own devices).

2)  FreeBSD installs with tcpwrappers installed, and I'm guessing extreme enables them and sets 'em *really* anal.  Look at the file /etc/hosts.allow, there might be some rules regarding telnet/ftp.



Basically if you chose extreme security and feel you need it, adding telnet and ftp is just BAD.  They are the easiest security exploits.  Ask anyone with a cable modem and a firewall that logs attempts.

If you do turn 'em on, make sure to get tcp wrappers set up so only a couple of known hosts can even get to it.  Otherwise you might find yourself rooted one day.

If you're gonna turn on ftp, then you might want to consider having only one account who can receive ftp, and put them in a chroot'ed environment.

Glenn

Author

Commented:
Thank you very much !

I will test it afterward !

Andrew

Explore More ContentExplore courses, solutions, and other research materials related to this topic.