On Thu, Nov 4, 2021 at 11:12 PM Konstantin Olchanski <[email protected]> wrote: > > > > > > Once I had a clue I was able to install the vsftpd rpm > > > > Running an unmaintained, out-of-date, password based service like FTP > > on an obsolete and unsupported operating system is begging for a lot > > of trouble if the machine is ever probed by a rootkit. Are you sure > > about doing this? > > I would presume the OP has a clue and they are running the ftp server on a > private network > or with firewall rules to restrict access to trusted machines.
Why would you presume this? Seriously, people get asked all the time to provide public facing services on poorly secured hosts and do so as a matter of course. Folks doing DevOps or system administration are constantly asked "can we do this", and the answer is often "yes", when a more insightful question might be "what is the safe way to do this". It's quite traditional for developers to run all sorts of insecure services and have to negotiate later with the security admins who discover the service. I have stories about MIT computer science professors insisting on running public NFS shares with their home directories and write access enabled. And someone learning Linux, supporting an old lab setup, might not have had the extra experience to realize how to reduce risks coherently. It's like assuming that someone buying fireworks knows how to use them safely. Too many people don't.
