Daniel Ouellet wrote:
Hi all,
I am trying to solve a problem I have to improve security and I am
hoping someone will have a good idea or point me to docs that may
suggest a good way to achieve this.
The setup: The various servers are only accessible from three specific
location and all is done via ssh only. Any other access from the
world, needs to be via VPN to other box and turn around to connect to
these servers and all VPN gateway also use PF with OS signature and
deny ALL Linux and the like OS connections to limit even more the access.
The issue: Some clients, even after refusal for a long time insists to
use FTP to upload files to servers. So after a long discussion, it was
agree to limit access to their office only and no login account on a
OpenBSD box where they dump their PDF to be called on the web server.
I wanted to use ssh, but look like the jail of ftpd with no shell
works ok so far.
The current compromise: FTP was allow to two directory ONLY that are
part of sub section of a web site. So, the site, other then very
specific portion of the site is not accessible via FTP.
The risk: Now, if a php script is uploaded in the specific directory,
then obviously a call to that page will run the php scripts and can
open security that way and allow to do what ever the php was design
for in the server jail space obviously, but still.
The goal: Only allow PDF upload to that directory with the ftp client
and also no possibility to rename the files to .php for example.
Why: Looks like I can't win the battle to not opening up a bit more
the ftp access and I refuse to do so until I can address the concern
above. I will open it more ONLY if I find a way to limit this to PDF
ONLY.
Having a cronjob delete any .php files, or any none PDF files from
that directory is not really an option as you could still upload a
file, call it, before the cronjob run and kill it.
So, any way this can be done?
Allow, delete, replace, upload of *.pdf ONLY via ftpd for the reason
above?
May be it's not possible, but I am hoping that someone will have a
clever idea and I would be able to do this.
Regards,
Daniel
why not have a cron job that looks in a directory, and runs file(1)
against it. parse the output and
see if it's 'really' a pdf or not? .. if yes -> move it otherwise rm the
junk. Or I could be nuts once
again :)
