[TriLUG] Changing Red Hat security settings

Wed Mar 2 18:39:01 EST 2005

OK, restarting xinetd appears to have started wu-ftpd.  I didn't do 
anything special with the users in the config file but was still able to 
log in and put files to the server as a user.  Many thanks for the help.

I will see about the kernel upgrade.

William

On Wed, 2 Mar 2005, John Berninger wrote:

> Some duplication of previous responses but here goes...
> 
> On Wed, 02 Mar 2005, William Sutton wrote:
> 
> > >         RHEL 2.1 is based on RHL 7.2, so if you want vsftpd, you'd
> > > likely have to roll your own.
> > 
> > Nice...Was there a reason for doing this other than the dependency hell 
> > that seemed to be part of RH8.x and RH9?
>         No, just timing.  RHEL 2.1 was released just after RHL 7.2, RHEL
> 3 wasn't release ready until after RHL 9 was out, so RHEL 2.1 is a 7.2
> base, 3 is a 9 base.
> 
> > > > 3.  Not related directly:  Which is preferable?  vsftpd or wu-ftpd?  If 
> > > > vsftpd, where can I get an rpm that will work on ES 2.1?
> > >         vsftpd is way more secure, but <support drone>it's not supported
> > > on RHEL 2.1</drone>.
> > 
> > figures...
>         Reasoning is same as above.
> 
> > ok, some checking:
> > 
> > # rpm -qa |grep -i 'wu-ftp'
> > wu-ftpd-2.6.1-20
> > 
> > # chkconfig --list  |grep -i ftp
> >         wu-ftpd:        on
> > 
> > # service wu-ftpd status
> > wu-ftpd: unrecognized service
>         Expected - as was pointed out, wu-ftpd is a xinetd subservice,
> thus why you have to restart xinetd to restart wu-ftpd.
> 
> > # iptables -L
> > /lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: 
> > init_module: Device or resource busy
> > Hint: insmod errors can be caused by incorrect module parameters, 
> > including invalid IO or IRQ parameters
> > /lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: insmod 
> > /lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o failed
> > /lib/modules/2.4.9-e.12/kernel/net/ipv4/netfilter/ip_tables.o: insmod 
> > ip_tables failed
> > iptables v1.2.5: can't initialize iptables table `filter': iptables who? 
> > (do you need to insmod?)
> > Perhaps iptables or your kernel needs to be upgraded.
>         You're in deep shit.  The messages about not seeing iptables
> modules are okay, but e.12 is known to have multiple data corruptors.
> It is probably munching on your data as I write this.  Upgrade the
> kernel to something post-e.49 as soon as you can.  After you've done
> that, check "ipchains -L", but I doubt you have any firewall rules
> active.  Also, just to be on the safe side, "chkconfig gssftp off ;
> service xinetd restart" as GSSFTP will sometimes get started
> automatically - that's bitten a number of people.
> 
> > All sounds very ominous.  Perhaps I should consider bumping this up to RH 
> > ES 3.something?
>         Nothing ominous aside from the e.12 kernel.  You should be fine
> on 2.1 with a newer kernel.
> 
> 