Red Hat :: Setting Up A Secure FTP Site Under RHEL 5.3
Dec 3, 2010
I have recently setup a RHEL 5.3 server primarily to be used as an Apache web server. I also now have a requirement to have this server also service SFTP requests for uploading/downloading files.
1. By default RHEL 5.3 allows SFTP (over TCP port 22). However when searching for SFTP site setup I've come across the fact that RedHat recommends using vsftpd. So if I configure vsftpd, what happens to the default SFTP and the ability to remotely use something like PuTTY to SSH into the server? Really looking to see if SFTP or vsftpd is best. Also, is vsftpd as or more secure than FTP over SSH?
2. I've set aside a separate disk parition (to keep it away from the system partition to help lock down security) for the SFTP site. So I want to use that as the default SFTP root directory structure. How can this be achieved?
3. My requirements dictate 3 separate directories need to be used, each with their own associated SFTP user. The user can only read/write it's own directory structure and cannot navigate out of it. Also there will be a SFTP super user able to navigate through each of the 3 directory structures mentioned, but will not be able to navigate out of it's home directory. Can this be done, if so how?
There will be no SSL certificates in play at the moment. I'm more concerned about getting things setup and working correctly first. However there may be a requirement to use them later. The site will be accessed over the Internet initially, hence the reason I'm looking to make it as secure as possible while getting it up and running quickly.
View 3 Replies
ADVERTISEMENT
May 7, 2010
I want to restrict a user accessing my ftp site.
1) i can block the user in ftp configuration file
2) i can block the user in PAM or /etc/host.deny
i heard that if pam is denying the user and ftp is allowing the user the user can get the access it means that ftp conf file is stronger than host.deny
View 6 Replies
View Related
Mar 7, 2011
I am trying to do secure VNC over SSH to a remote linux server from my windows PC, but running into this error.
Error: Unable to connect to host: Connection refused (10061)
View 4 Replies
View Related
Jul 19, 2010
Does Redhat provide a 'site' license option? The amount of server my company keeps adding is growing to quickly so this would be a more ideal solution. Does any one know about this or where I could find more information? For some reason i can't access certain pages on their site (probably connection issues with this connection's firewall).
View 2 Replies
View Related
Aug 3, 2011
setting up secure ftp on linux
View 3 Replies
View Related
Jun 17, 2010
I'm trying to secure the CentOS servers on our company network as the current situation is, shall we say, less-than-ideal: remote root logins with the same password across several servers (behind a firewall, on non-standard ports, but still) and several key processes running as root. My proposal to amend this consists of the following:
- setup a bare as possible SSH-gateway with only the normal user accounts to handle remote access
- disable the root login from anywhere else but LOCAL and create special accounts with root permissions for our ~4 system administrators, like admin.foo admin.bar that can only login from inside the company network, using SSH-keys.
So far my biggest obstacle seems to be creating the administrative users, how do I go about and do that? When I simply create a user adminfoo with uid=0 it will show on my shell as root, which makes it useless as a way to make our admins accountable for their actions. BTW, my initial proposal to use sudo unfortunately met with strong resistance, because it compromises usability.
View 7 Replies
View Related
Mar 8, 2010
I'm running Ubuntu Server 9.10 and I'm looking to setup an FTP server. I have SSH running beautifully and it's accessible from any computer whether it be inside the network or coming in from the internet (provided you have the administrator username and password ). I've tried Proftpd and vsftpd and have failed miserably so far. Which FTP server application do you think I should go with and how could I go about setting it up through my SSH connection?
My current setup is this:
- Ubuntu Server 9.10 with Fixed IP of 192.168.1.100
- 500GB Hard Drive
- SDA1 = 512MB ext2 /boot
- SDA2 = 2GB swap
- SDA3 = 20GB ext4 /
- SDA5 = 438GB ext4 /home
- One User (Username = administrator)
- Full SSH Capabilities
- IP Address to DNS provided by www.dyndns.org
- WRT120N Router with Remote Access and Port 22 Open
I basically want to set up a secure FTP server that anyone on the internal network can access as well as anyone from the internet (as long as they have a username and password). I want to setup a username and password for each user so that they all have read/write access to the same folder in my /home partition (I'll call it FTPSHARE).
View 9 Replies
View Related
Mar 25, 2011
To setting up the mail server for my site. The situation is such that it is necessary to allow access through the site (built under LAMP) to the mail server. Ligament postfix + dovecot good option? or who have a similar configs mail server.
View 1 Replies
View Related
Nov 27, 2009
I'm confused about the sendmail/ssl combination. so confused, i'm not even sure what i'm confused about :) I want to have email sent from our server to the rest of the world in a 'secure' manner. Just dl'ed and installed CentOS5.4: Linux rh5 2.6.18-164.el5xen #1 SMP Thu Sep 3 04:03:03 EDT 2009 x86_64 x86_64 x86_64 GNU/Linux the /etc/mail/sendmail.mc has the instructions
[Code]...
View 2 Replies
View Related
Jun 9, 2011
Does anyone know how to go about setting up a secure IMAP email server that is able to be accessed from outside the network? Similar to how you can access your google email account from your computer using Thunderbird.
View 3 Replies
View Related
Aug 3, 2011
I am new to linux.
I am trying to get vnc setup on my workstation.
I will paste some of the steps I have taken.
I downloaded the tigervnc and tigervnc-server through yum.
I setup the service file as so
Then when I go to start my server i get a FAILED message:
View 1 Replies
View Related
Jun 14, 2009
what rpms should I need install for setting up redhat cluster on RHEL 5.0 I want to create two RHEL 5.0 nodes as one cluster having oracle database server installed. And please note I have created these two nodes on VMware server for testing purpose. is it possible for creating cluster of two virtual guests.
View 3 Replies
View Related
Apr 7, 2010
There is a server with two HBA QLA2460, connected via SAN to the SE9980 disk array. RHEL 5.4 (x86_64) is running on the server. In the SAN two zones are set up: HBA1-port1 9980; HBA2 - port2 SE9980. As a result, the server can see:
[Root @ c5 ~] # multipath-ll
mpath1 (1HITACHI_R45028F9022F) dm-2 HITACHI, OPEN-E
[Size = 14G] [features = 1 queue_if_no_path] [hwhandler = 0] [rw]
_ Round-robin 0 [prio = 0] [active]
_ 3:0:0:0 sdb 8:16 [active] [ready]
_ 4:0:0:0 sdc 8:32 [active] [ready]
_ 3:0:0:16384 sdd 8:48 [active] [ready]
[Code]...
Question: Why OS sees eight ways instead of two? Why do extra ways have such strange LUN (16384, 32768, etc.)?
View 1 Replies
View Related
Dec 1, 2010
I'm an Oracle DBA and started working for my current employer about 4 months ago. This past weekend an alert re: FS space brought my attention to /var/spool/clientmqueue (full of mail re: cron jobs) and the fact that sendmail is not running on our Linux servers.I'm told that the IT security team deemed sendmail too vulnerable so we don't run it.Aside from FS filling up and missing notification of issues with crontab entries, I'm concerned that we may be missing notification of potential issues. In other Unix/Linux environments I've seen emails from the print daemon when it experienced problems with specific jobs.
Are there other Linux facilities aside from cron and lpd that use email to advise the users of possible issues? Are there ways to secure sendmail or secure alternatives to sendmail? My primary need/desire is to make sure that emails regarding issues on the server get to the appropriate users. Secondary goal would be to have the ability to use mailx to send mail out. There is No need/desire to receive mail from outside.
View 1 Replies
View Related
Jun 25, 2010
I have to ubuntu machine (9.10 and 10.4) with a openvpn tunnel between them.This is the situation:
Code:
NetworkA 192.168.0.0/24
|
UbuntuA br0:192.168.0.3 (openvpn bridge between eth0 and tap0)[code].....
UbuntuA has one only interface etho and there are two openvpn instance: one bridge istance with br0 and another instance with tun0.
UbuntuA is not the gateway for networkA. UbuntuB is the gateway for NetworkB.I need to comunicate between pc on networkB e those on networkA.This is the "ping situation" (no pc tested has an active firewall):
ubuntuA vs ubuntuB: OK
ubuntuB vs ubuntuA: OK
pc on NetworkA vs ubuntuA and ubuntuB: OK[code].....
View 6 Replies
View Related
Jul 27, 2010
I've been on a quest to enable full routing through my openvpn tunnel between my office and the colo. Masquerading will work, however it will throw off anything key based and makes a lot of things just more difficult and vague in general. Is there an easy way to do this via iptables? I tried using quagga hoping it would magically solve my problems, however it does not seem to do my routing for me . I just did a basic static route within zebra...
View 3 Replies
View Related
Mar 25, 2010
I have three locations with a central office connected to two remote locations. At the central office I run on a cisco asa 5505 two site to site vpns. The remote end of the first site is a checkpoint firewall , and the remote end of the second site is racoon on debian. Both sites are up and working. However, where at the first site traffic goes both ways, at the second site it only works from the central office to the remote office.
For example, I can ssh from a host in the central office to a host in the first remote site (through checkpoint firewall,) then ssh back from that host at the remote office to any host in the central office. In contrast, after I ssh from a host in the central office to a host in the second remote office (through racoon), I cannot see the central office hosts (ping the ip address of a central office host, ssh, etc. all fail.) The vpn settings at the central office (the cisco asa 5505) are identical. So it seems to me that some routing magic is missing on the host running racoon at the second remote office. Where would such setting reside? racoon config files? iptables?
View 1 Replies
View Related
Oct 3, 2010
Maybe a site-to-site Ouija board connection.
View 5 Replies
View Related
Jun 21, 2010
Having some issues setting up sendmail on a (basically) blank RHEL 5.5 server setup. My ultimate goal is to be able to automagically send logs / errors / notifications to ourselves from the server.
Our basic setup is a Win 2003 domain with exchange running on mail.domain.com.au.
I've edited the '/etc/mail/sendmail.mc' and added the :
Code:
line to it.
Also added the domain (domain.com.au) to the '/etc/mail/local-host-names' files
Also edited submit.mc and added
Code:
When I try and send a mail from root or a test user to one of the domain accounts, it seems to go fine, i.e no errors are reported but it never gets delivered.
From the mail logs:
Code:
So it seems to be sent to the queue no problems and when I check the queue :
Code:
Total requests: 0
Not nothing ever gets received. Am I missing something? I have read and read and read but dont seem to be getting any furthur.
So in the end this server doesn't need to do anything except be able to send mail from root to an external mail address.
View 1 Replies
View Related
Jun 28, 2010
For a testing purpose iin our environment we need to setup a Linux based virtual machines.For that i come to know there is a option in RHEL using xen or kvm.can anyone provide me the detailed step by step for setting up virtualization in rhel?Also i have few doubts like, is redhat subscription needed for achieve this?also there is a possible to do vmotion thing which is in vmware,can we do that with rhel virtualization without rhel subscription.
View 8 Replies
View Related
Feb 18, 2010
In the office there is a local network with samba+openldap PDC. The local domain name is company.net. The company desided to create a corporate Website on a remote hosting and desided that the site's domain should be company.net which is same as local network's domain name. So now it is not possible to reach that corporate website from within the company's local network because, as I guess, bind9 which is installed on above menioned PDC looks for company.net on a local webserver. Is there a possibility to let people from this local network browse the remote site?
View 1 Replies
View Related
Mar 2, 2011
is possible to edited the default RHEL CD to have it automatically install RHEL based off of a kickstart file that I will store locally on the CD. My plan would be to put a cd in a server and have the OS automatically being installed.
View 3 Replies
View Related
Feb 1, 2011
We are planning to migrate our LINUX server from RHEL 3to RHEL 5. What are the configuration difference between RHEL 3 to RHEL 5 for webserver installations?
View 1 Replies
View Related
Apr 27, 2009
I have 4 partitions in my system, out of which two(sda1, sda2) have windows on them. I have installed RHEL 4 32 - bit on sda3 and after that , installed installed RHEL 64-bit on to a partition sda 5. Now i am unable to boot into RHEL 32-bit. The error i am getting is Error 13: Invalid or unsupported executable format.
View 1 Replies
View Related
May 1, 2011
can not ping from host (RHEL 6) to RHEL 5 in (virtual)? I have stopped iptables on both machines. But still not able to ping from host machine to virtual.
View 1 Replies
View Related
Jul 13, 2009
I have RHEL 3 and Win XP Installed in my P.C?I want to uninstall RHEL 3 and install RHEL 9 without affecting XP.how can i do this and also where can i download free RHEL 9 version or any other latest linux distribution for free?
View 1 Replies
View Related
Feb 16, 2010
A client has sent me an RHEL 5.1 box for me to do some work on, but it's not registered with Red Hat. This is causing me problems, because it's a minimal installation, and I need some more dev software.My immediate reaction was to install various bits (emacs, and so on) from my Centos 5(.0) DVD.The base RHEL system only had one (disabled) repo entry,so I added a yum DVD repo entry in yum.conf.d.
This looked good to start with, but it doesn't work. Something in RHEL's pirut/yum/rpm/whatever is getting confused, and can't work out what is/isn't installed.
Question - how do you maintain an unregistered RHEL box? Has RH done something to make life difficult? Is my problem simply that I'm using a Centos 5.0 DVD, instead of Centos 5.1? Am I stuck with downloading lots of rpms from the net and doing everything manually? I really don't want to do that.
View 2 Replies
View Related
Dec 23, 2009
I am trying to download RHEL 5.4 AS version for testing..But under [URL] There is no specific link for AS version or ES version..How can I detect which iso is for AS and which one for ES..? There are separate links for AS and ES version for RHEL 4.x version but why is it not available for RHEL 5.x versions?
View 3 Replies
View Related
Dec 14, 2010
what are the major differences between rhel 5.2 and rhel 5.4
View 2 Replies
View Related
Dec 9, 2009
I have a database server running RHEL 5.1 32 bit that suffered some catastrophic failures about 6 months ago. We were able to patch it back together and keep it running, but now the manufacturing site it supports is going to shut down for two weeks and I would like to replace it permenantly. Does anyone have any guidance for that sort of thing? I'd like to have the new server up and running before hand, basically changing the hostname/ip and restoring the databases only on conversion day. I've done this in the past with HP UX - Red Hat conversions, but this is my first red hat to red hat move. Any advice or shortcuts?I forgot to add the other wrinkle. The new server will be running 64bit linux.
View 1 Replies
View Related
