Vou pode ver mais detalhes no site www.under-linux.org. Foi postado dia 1 de março de 2011. Espero ter ajudado. Sou pentester e uso varias listas mas no under-linux.org fica bem obvio e em portugues. Recomendo.
2011/3/2, Flávio Barros <[email protected]>: > Vc tem o endereço dessa lista ? > > Em 2 de março de 2011 15:42, Mauro Risonho de Paula Assumpção < > [email protected]> escreveu: > >> Alem da configuraçao de uma olhada nas listas de segurança saiu um CVE >> com falha de segurança sobre vsftp ha 1 ou 2 dias atras. Se voce vai >> usa-lo e interessante ver isso tambem. >> >> 2011/3/2, Flávio Barros <[email protected]>: >> > Muito obrigado. >> > >> > Em 2 de março de 2011 12:04, Ivan Brasil Fuzzer >> > <[email protected]>escreveu: >> > >> >> Segue abaixo o arquivo de configuração onde eu deixo o home(apenas o >> home) >> >> de cada usuário disponível para acesso. >> >> >> >> >> >> # Example config file /etc/vsftpd.conf >> >> # >> >> # The default compiled in settings are fairly paranoid. This sample >> >> file >> >> # loosens things up a bit, to make the ftp daemon more usable. >> >> # Please see vsftpd.conf.5 for all compiled in defaults. >> >> # >> >> # READ THIS: This example file is NOT an exhaustive list of vsftpd >> >> options. >> >> # Please read the vsftpd.conf.5 manual page to get a full idea of >> vsftpd's >> >> # capabilities. >> >> # >> >> # >> >> # Run standalone? vsftpd can run either from an inetd or as a >> standalone >> >> # daemon started from an initscript. >> >> listen=YES >> >> # >> >> # Run standalone with IPv6? >> >> # Like the listen parameter, except vsftpd will listen on an IPv6 >> >> socket >> >> # instead of an IPv4 one. This parameter and the listen parameter are >> >> mutually >> >> # exclusive. >> >> #listen_ipv6=YES >> >> # >> >> # Allow anonymous FTP? (Beware - allowed by default if you comment this >> >> out). >> >> anonymous_enable=NO >> >> # >> >> # Uncomment this to allow local users to log in. >> >> local_enable=YES >> >> # >> >> # Uncomment this to enable any form of FTP write command. >> >> write_enable=YES >> >> # >> >> # Default umask for local users is 077. You may wish to change this to >> >> 022, >> >> # if your users expect that (022 is used by most other ftpd's) >> >> local_umask=000 >> >> # >> >> # Uncomment this to allow the anonymous FTP user to upload files. This >> >> only >> >> # has an effect if the above global write enable is activated. Also, >> >> you >> >> will >> >> # obviously need to create a directory writable by the FTP user. >> >> #anon_upload_enable=YES >> >> # >> >> # Uncomment this if you want the anonymous FTP user to be able to >> >> create >> >> # new directories. >> >> #anon_mkdir_write_enable=YES >> >> # >> >> # Activate directory messages - messages given to remote users when >> >> they >> >> # go into a certain directory. >> >> dirmessage_enable=YES >> >> # >> >> # Activate logging of uploads/downloads. >> >> xferlog_enable=YES >> >> # >> >> # Make sure PORT transfer connections originate from port 20 >> >> (ftp-data). >> >> connect_from_port_20=YES >> >> # >> >> # If you want, you can arrange for uploaded anonymous files to be owned >> by >> >> # a different user. Note! Using "root" for uploaded files is not >> >> # recommended! >> >> #chown_uploads=YES >> >> #chown_username=whoever >> >> # >> >> # You may override where the log file goes if you like. The default is >> >> shown >> >> # below. >> >> #xferlog_file=/var/log/vsftpd.log >> >> # >> >> # If you want, you can have your log file in standard ftpd xferlog >> format >> >> #xferlog_std_format=YES >> >> # >> >> # You may change the default value for timing out an idle session. >> >> #idle_session_timeout=600 >> >> # >> >> # You may change the default value for timing out a data connection. >> >> #data_connection_timeout=120 >> >> # >> >> # It is recommended that you define on your system a unique user which >> the >> >> # ftp server can use as a totally isolated and unprivileged user. >> >> #nopriv_user=ftpsecure >> >> # >> >> # Enable this and the server will recognise asynchronous ABOR requests. >> >> Not >> >> # recommended for security (the code is non-trivial). Not enabling it, >> >> # however, may confuse older FTP clients. >> >> #async_abor_enable=YES >> >> # >> >> # By default the server will pretend to allow ASCII mode but in fact >> >> ignore >> >> # the request. Turn on the below options to have the server actually do >> >> ASCII >> >> # mangling on files when in ASCII mode. >> >> # Beware that on some FTP servers, ASCII support allows a denial of >> >> service >> >> # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd >> >> # predicted this attack and has always been safe, reporting the size of >> >> the >> >> # raw file. >> >> # ASCII mangling is a horrible feature of the protocol. >> >> #ascii_upload_enable=YES >> >> #ascii_download_enable=YES >> >> # >> >> # You may fully customise the login banner string: >> >> #ftpd_banner=Welcome to blah FTP service. >> >> # >> >> # You may specify a file of disallowed anonymous e-mail addresses. >> >> Apparently >> >> # useful for combatting certain DoS attacks. >> >> #deny_email_enable=YES >> >> # (default follows) >> >> #banned_email_file=/etc/vsftpd.banned_emails >> >> # >> >> # You may restrict local users to their home directories. See the FAQ >> for >> >> # the possible risks in this before using chroot_local_user or >> >> # chroot_list_enable below. >> >> chroot_local_user=YES >> >> # >> >> # You may specify an explicit list of local users to chroot() to their >> >> home >> >> # directory. If chroot_local_user is YES, then this list becomes a list >> of >> >> # users to NOT chroot(). >> >> #chroot_list_enable=YES >> >> # (default follows) >> >> #chroot_list_file=/etc/vsftpd.chroot_list >> >> # >> >> # You may activate the "-R" option to the builtin ls. This is disabled >> by >> >> # default to avoid remote users being able to cause excessive I/O on >> large >> >> # sites. However, some broken FTP clients such as "ncftp" and "mirror" >> >> assume >> >> # the presence of the "-R" option, so there is a strong case for >> enabling >> >> it. >> >> #ls_recurse_enable=YES >> >> # >> >> # >> >> # Debian customization >> >> # >> >> # Some of vsftpd's settings don't fit the Debian filesystem layout by >> >> # default. These settings are more Debian-friendly. >> >> # >> >> # This option should be the name of a directory which is empty. Also, >> the >> >> # directory should not be writable by the ftp user. This directory is >> used >> >> # as a secure chroot() jail at times vsftpd does not require filesystem >> >> # access. >> >> secure_chroot_dir=/var/run/vsftpd >> >> # >> >> # This string is the name of the PAM service vsftpd will use. >> >> pam_service_name=vsftpd >> >> # >> >> # This option specifies the location of the RSA certificate to use for >> SSL >> >> # encrypted connections. >> >> #rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem >> >> # >> >> # This option specifies the location of the RSA key to use for SSL >> >> # encrypted connections. >> >> rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key >> >> >> >> >> >> >> >> >> >> >> >> >> >> Em 02-03-2011 12:49, Fábio Rabelo escreveu: >> >> >> >> Boa tarde ... >> >>> >> >>> Eu tentei exatamente a mesma coisa que o Sr. está propondo a algum >> tempo >> >>> atrás, e não consegui tb . >> >>> >> >>> Desde então estabeleci uma norma pessoal : >> >>> >> >>> Se eu quero ftp anônimo, uso o Vsftp . >> >>> >> >>> Se eu quero ftp autenticado, uso o Proftpd . >> >>> >> >>> >> >>> Fábio Rabelo >> >>> >> >>> >> >>> >> >>> Em 2 de março de 2011 12:40, Flávio Barros<[email protected] >> >>> >escreveu: >> >>> >> >>> Bom dia. >> >>>> >> >>>> Alguém sabe como configuro para que cada usuário tenha um diretório >> home >> >>>> específico ? >> >>>> Por exemplo: >> >>>> Usuários: maria, jose --> /suporte >> >>>> Usuários: joao --> /sistemas >> >>>> >> >>>> Com o proftpd eu sei como faz mas com o Vsftpd não. >> >>>> >> >>>> -- >> >>>> Desde já agradeço, >> >>>> +++ >> >>>> Flávio de Oliveira Barros >> >>>> Manaus - Amazonas - Brasil >> >>>> >> >>>> Copiar é bom! >> >>>> Seja Legal >> >>>> Use Software Livre >> >>>> Ubuntu User number is # 28558 >> >>>> Linux Registered User# 278223 >> >>>> -- >> >>>> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece >> >>>> >> >>>> Lista de discussão Ubuntu Brasil >> >>>> Histórico, descadastramento e outras opções: >> >>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br >> >>>> >> >>>> >> >> -- >> >> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece >> >> >> >> Lista de discussão Ubuntu Brasil >> >> Histórico, descadastramento e outras opções: >> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br >> >> >> > >> > >> > >> > -- >> > Desde já agradeço, >> > +++ >> > Flávio de Oliveira Barros >> > Manaus - Amazonas - Brasil >> > >> > Copiar é bom! >> > Seja Legal >> > Use Software Livre >> > Ubuntu User number is # 28558 >> > Linux Registered User# 278223 >> > -- >> > Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece >> > >> > Lista de discussão Ubuntu Brasil >> > Histórico, descadastramento e outras opções: >> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-br >> > >> >> -- >> Enviado do meu celular >> >> -- >> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece >> >> Lista de discussão Ubuntu Brasil >> Histórico, descadastramento e outras opções: >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br >> > > > > -- > Desde já agradeço, > +++ > Flávio de Oliveira Barros > Manaus - Amazonas - Brasil > > Copiar é bom! > Seja Legal > Use Software Livre > Ubuntu User number is # 28558 > Linux Registered User# 278223 > -- > Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece > > Lista de discussão Ubuntu Brasil > Histórico, descadastramento e outras opções: > https://lists.ubuntu.com/mailman/listinfo/ubuntu-br > -- Enviado do meu celular -- Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece Lista de discussão Ubuntu Brasil Histórico, descadastramento e outras opções: https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
