Monday, December 22, 2008

How To Install VSFTPD

How To Install VSFTPD

Most Linux software products are available in a precompiled package format. Downloading and installing packages isn't hard .It is best to use the latest version of VSFTPD.

When searching for the file, remember that the VSFTPD packages' filename usually starts with the word vsftpd followed by a version number, as in vsftpd-1.2.1-5.i386.rpm for Redhat/Fedora or vsftpd_2.0.4-0ubuntu4_i386.deb for Ubuntu.

How To Get VSFTPD Started

With Fedora, Redhat, Ubunbtu and Debian You can start, stop, or restart VSFTPD after booting by using these commands:

[root@ash tmp]# /etc/init.d/vsftpd start

[root@ash tmp]# /etc/init.d/vsftpd stop

[root@ash tmp]# /etc/init.d/vsftpd restart

With Redhat / Fedora you can configure VSFTPD to start at boot you can use the chkconfig command.

[root@ash tmp]# chkconfig vsftpd on

With Ubuntu / Debian the sysv-rc-conf command can be used like this:

root@u-ash:/tmp# sysv-rc-conf on

Note: In RedHat Linux version 8.0 and earlier, VSFTPD operation is controlled by the xinetd process.

Testing the Status of VSFTPD

You can always test whether the VSFTPD process is running by using the netstat -a command which lists all the TCP and UDP ports on which the server is listening for traffic. This example shows the expected output.

[root@ash tmp]# netstat -a | grep ftp

tcp 0 0 *:ftp *:* LISTEN

[root@ash tmp]#

If VSFTPD wasn't running, there would be no output at all.

The vsftpd.conf File

VSFTPD only reads the contents of its vsftpd.conf configuration file only when it starts, so you'll have to restart VSFTPD each time you edit the file in order for the changes to take effect. The file may be located in either the /etc or the /etc/vsftpd directories depending on your Linux distribution.

This file uses a number of default settings you need to know about.

  • VSFTPD runs as an anonymous FTP server. Unless you want any remote user to log into to your default FTP directory using a username of anonymous and a password that's the same as their email address, I would suggest turning this off. The configuration file's anonymous_enable directive can be set to no to disable this feature. You'll also need to simultaneously enable local users to be able to log in by removing the comment symbol (#) before the local_enable instruction.
  • If you enable anonymous FTP with VSFTPD, remember to define the root directory that visitors will visit. This is done with the anon_root directive.

anon_root=/data/directory

  • VSFTPD allows only anonymous FTP downloads to remote users, not uploads from them. This can be changed by modifying the anon_upload_enable directive shown later.
  • VSFTPD doesn't allow anonymous users to create directories on your FTP server. You can change this by modifying the anon_mkdir_write_enable directive.
  • VSFTPD logs FTP access to the /var/log/vsftpd.log log file. You can change this by modifying the xferlog_file directive.
  • By default VSFTPD expects files for anonymous FTP to be placed in the /var/ftp directory. You can change this by modifying the anon_root directive. There is always the risk with anonymous FTP that users will discover a way to write files to your anonymous FTP directory. You run the risk of filling up your /var partition if you use the default setting. It is best to make the anonymous FTP directory reside in its own dedicated partition.

The configuration file is fairly straight forward as you can see in the snippet below where we enable anonymous FTP and individual accounts simultaneously.

# Allow anonymous FTP?

anonymous_enable=YES

...

# The directory which vsftpd will try to change

# into after an anonymous login. (Default = /var/ftp)

anon_root=/data/directory

...

# Uncomment this to allow local users to log in.

local_enable=YES

...

# Uncomment this to enable any form of FTP write command.

# (Needed even if you want local users to be able to upload files)

write_enable=YES

...

# Uncomment to allow the anonymous FTP user to upload files. This only

# has an effect if global write enable is activated. Also, you will

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable=YES

...

# Uncomment this if you want the anonymous FTP user to be able to create

# new directories.

#anon_mkdir_write_enable=YES

...

# Activate logging of uploads/downloads.

xferlog_enable=YES

...

# You may override where the log file goes if you like.

# The default is shown below.

xferlog_file=/var/log/vsftpd.log

...

To activate or deactivate a feature, remove or add the # at the beginning of the appropriate line.

Other vsftpd.conf Options

There are many other options you can add to this file:

  • Limiting the maximum number of client connections (max_clients)
  • Limiting the number of connections by source IP address (max_per_ip)
  • The maximum rate of data transfer per anonymous login. (anon_max_rate)
  • The maximum rate of data transfer per non-anonymous login. (local_max_rate)

Descriptions on this and more can be found in the vsftpd.conf man pages.

FTP Security Issues

FTP has a number of security drawbacks, but you can overcome them in some cases. You can restrict an individual Linux user's access to non-anonymous FTP, and you can change the configuration to not display the FTP server's software version information, but unfortunately, though very convenient, FTP logins and data transfers are not encrypted.

The /etc/vsftpd.ftpusers File

For added security, you may restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security.

Anonymous Upload

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users. The commands you need are:

[root@ash tmp]# mkdir /var/ftp/pub/upload

[root@ash tmp]# chmod 722 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is.

ftpd_banner= ****welcome ash*********

Using SCP As Secure Alternative To FTP

One of the disadvantages of FTP is that it does not encrypt your username and password. This could make your user account vulnerable to an unauthorized attack from a person eavesdropping on the network connection. Secure Copy (SCP) and Secure FTP (SFTP) provide encryption and could be considered as an alternative to FTP for trusted users. SCP does not support anonymous services, however, a feature that FTP does support.

FTP Users with Only Read Access to a Shared Directory

In this example, anonymous FTP is not desired, but a group of trusted users need to have read only access to a directory for downloading files. Here are the steps:

1) Disable anonymous FTP. Comment out the anonymous_enable line in the vsftpd.conf file like this:

# Allow anonymous FTP?

anonymous_enable=NO

2) Enable individual logins by making sure you have the local_enable line uncommented in the vsftpd.conf file like this:

# Uncomment this to allow local users to log in.

local_enable=YES

3) Start VSFTP.

[root@ash tmp]# service vsftpd start

4) Create a user group and shared directory. In this case, use /home/ftp-users and a user group name of ftp-users for the remote users

[root@ash tmp]# groupadd ftp-users

[root@ash tmp]# mkdir /home/ftp-docs

5) Make the directory accessible to the ftp-users group.

[root@ash tmp]# chmod 750 /home/ftp-docs

[root@ash tmp]# chown root:ftp-users /home/ftp-docs

6) Add users, and make their default directory /home/ftp-docs

[root@ash tmp]# useradd -g ftp-users -d /home/ftp-docs user1

[root@ash tmp]# useradd -g ftp-users -d /home/ftp-docs user2

[root@ash tmp]# useradd -g ftp-users -d /home/ftp-docs user3

[root@ash tmp]# useradd -g ftp-users -d /home/ftp-docs user4

[root@ash tmp]# passwd user1

[root@ash tmp]# passwd user2

[root@ash tmp]# passwd user3

[root@ash tmp]# passwd user4

7) Copy files to be downloaded by your users into the /home/ftp-docs directory

8) Change the permissions of the files in the /home/ftp-docs directory for read only access by the group

[root@ash tmp]# chown root:ftp-users /home/ftp-docs/*

[root@ash tmp]# chmod 740 /home/ftp-docs/*

Users should now be able to log in via FTP to the server using their new usernames and passwords. If you absolutely don't want any FTP users to be able to write to any directory, then you should set the write_enable line in your vsftpd.conf file to no:

write_enable = NO

Remember, you must restart VSFTPD for the configuration file changes to take effect.

Sample Login Session To Test Functionality

Here is a simple test procedure you can use to make sure everything is working correctly:

1) Check for the presence of a test file on the ftp client server.

[root@ash tmp]# ll

total 1

-rw-r--r-- 1 root root 0 Dec 4 09:08 testfile


2) Connect to via FTP

[root@ash tmp]# ftp 192.168.1.100

Connected to 192.168.1.100 (192.168.1.100)

220 ready, dude (vsFTPd 1.1.0: beat me, break me)

Name (192.168.1.100:root): user1

331 Please specify the password.

Password:

230 Login successful. Have fun.

Remote system type is UNIX.

Using binary mode to transfer files.

ftp>

As expected, we can't do an upload transfer of testfile to ash

ftp> put testfile

local: testfile remote: testfile

227 Entering Passive Mode (192,168,1,100,181,210)

553 Could not create file.

ftp>

But we can view and download a copy of the VSFTPD RPM located on the FTP server ash.

ftp> ls

227 Entering Passive Mode (192,168,1,100,35,173)

150 Here comes the directory listing.

-rwxr----- 1 0 502 76288 Jan 04 17:06 vsftpd-1.1.0-1.i386.rpm

226 Directory send OK.

ftp> get vsftpd-1.1.0-1.i386.rpm vsftpd-1.1.0-1.i386.rpm.tmp

local: vsftpd-1.1.0-1.i386.rpm.tmp remote: vsftpd-1.1.0-1.i386.rpm

227 Entering Passive Mode (192,168,1,100,44,156)

150 Opening BINARY mode data connection for vsftpd-1.1.0-1.i386.rpm (76288 bytes).

226 File send OK.

76288 bytes received in 0.499 secs (1.5e+02 Kbytes/sec)

ftp> exit

221 Goodbye.

[root@ash tmp]#

As expected, anonymous FTP fails.

[root@ash tmp]# ftp 192.168.1.100

Connected to 192.168.1.100 (192.168.1.100)

220 ready, dude (vsFTPd 1.1.0: beat me, break me)

Name (192.168.1.100:root): anonymous

331 Please specify the password.

Password:

530 Login incorrect.

Login failed.

ftp> quit

221 Goodbye.

[root@ash tmp]#

Friday, September 5, 2008

Installing MySQL 5.0 on Solaris 10

Installing MySQL 5.0 on Solaris 10.
At least some basic Unix/Linux administrative skills.
must have FRESH running copy of Solaris 10 6/06.
unstalled MySQL version in the system
.
DownloadsPlease obtain a copy of MySQL 5.0 from http://dev.mysql.com/downloads/mysql/5.0.html. For the Solaris 10 MySQL packages, please scroll the page down the section of “Solaris (pkgadd package) downloads”. Choose the appropriate processor architecture of the package (either x86 or SPARC). Download the packages (both Standard and Max) and save them in an appropriate directory.
I will use “/usr/files” as the directory where the mysql-xxx.pkg.gz files were placed through out the tutorial (Please take note that the xxx is the version number and is to be replaced by the actual text in the file name).PreparationPlease perform the following as the root user.
Imp point--Make sure that any other previously running copies of MySQL are to be uninstalled from the system.
Step 1.
login as “root”
To list all the packages, type: "pkginfo grep mysql" at the shell.
If you see any listed packages, you may remove them by typing “pkgrm ” The names of the packages are list at the second column of after executing pkginfo.
Step 2.
Change the directory to the place where you’ve downloaded the mysql-xxx.pkg.gz files. (e.g. “cd /usr/files”). If the files were compressed by gzip and you can see the .gz extension at the end of the files, you may decompress them by typing “gzip –d mysql-xxx.pkg.gz”. Decompress the downloaded mysql-xxx.pkg.gz files. InstallationFollow these steps to perform the installation (perform as "root"):
Step 3.
Create the mysql group by typing “groupadd mysql”.
Create the mysql user by typing “useradd -g mysql mysql”.
Change the directory where the MySQL packages were placed. “cd /usr/files”.
install the package by typing: “pkgadd -d mysql-xxx.pkg”. Just accept the default install directory (/opt/mysql) when prompted and go through the installation process.
Step4.
The MySQL should have been installed in “/opt/mysql/mysql”.
Change the directory to /etc/init.d and edit the "mysql" file with any text editor.
IT is better to keep the copy in desktop before you make edit
Locate the line which states: "datadir=". Change the line to "datadir=/opt/mysql/mysql/data". Save the changes.

After the installation, change the path to "/opt" and type this: “chown -R mysql:mysql mysql”. This is to change the ownership of the whole mysql directory.Initiallizing the database
Change the operating user from “root” to “mysql” by tying: “su mysql”.
Change the working directory to “/opt/mysql/mysql/scripts” by typing: “cd /opt/mysql/mysql/scripts”.
Execute the mysql_db_install script by typing: “./mysql_install_db --user=mysql --ldata=/opt/mysql/mysql/data”.
Change the working directory to "/opt/mysql/mysql/bin”.
Start the database by typing: “./mysqld_safe --datadir=/opt/mysql/mysql/data --user=mysql &”.
Connecting to MySQLTry to connect to the Mysql Database by typing “mysql” as the root user. You should be able to see the “mysql>” prompt for the successful connection. The only user which could connect to the database now is the root user and it doesn't require a password.
I hope this will help those who are trying to install the MySQL 5.0 database on the Solaris 10 OS for the first time.

Monday, February 25, 2008

Homemade Honeypots

Developing your own honeypot is not as complicated as it might seem. Using a variety of commonly found security tools, some basic code, and a lot of creativity, you can create many different honeypots. There is no blueprint for developing your own honeypot. It all depends on what you want it to do, the resources you have on hand, and the technologies you feel most comfortable with. The purpose of this chapter is to give you examples of the different technologies and solutions that can be created. It is hoped that by reviewing these different possibilities, you will have a better understanding of what your options are and how to best develop and implement them.
Homemade honeypots have a variety of possible uses. Perhaps you want to detect certain probes or scans, or you need to capture the payload of a specific attack. For this you need nothing more than a simple program that emulates, or perhaps simply listens on, a single port and captures all the activity to that port. This is an example of a low-interaction honeypot designed for limited interaction. On the other extreme, homemade honeypots can create the illusion of a complete operating system, allowing attackers to execute their activities but in a controlled environment. This is a more complex honeypot with far greater levels of interaction, designed to gather more information on attackers.
The variety of homemade honeypots is limited only by the imagination of security professionals, a very imaginative group indeed. Homemade honeypots can run the gamut from very simple to very advanced, which is why they are covered in the middle of this book, between the relatively simple and relatively complex honeypots that are commercially available. In this chapter we are going to cover two specific implementations of homemade honeypots: port monitoring and caged environments. These two types of honeypots represent the different extremes, from the low-interaction system to the more advanced caged environments.
Port monitoring is the simpler of homemade honeypots. Port monitoring honeypots are nothing more than a solution that monitors a specific port or a variety of ports. The goal of the port monitoring can be as simple as capturing connections to a service, such as with BOF, or it can entail response or emulation capabilities, such as with Specter. Either way, these solutions tend to be low interaction, limiting the attacker to an emulated service to interact with.
A chroot or jailed environment is the more advanced of the two categories we cover here. Instead of emulating the services, a caged environment is created. This caged environment exists within a real operating system. The advantage of the caged, or jailed, environment is that it creates the illusion of a real operating system. The attacker has nearly the same functionality as it would if it had compromised a real computer. However, its actions are more closely monitored and controlled.
Both solutions have advantages and disadvantages. Choosing between them depends on what you want to achieve. Port monitoring solutions are easy to develop and implement and have less risk. But they also have limited capabilities: There is little attackers can interact with. This solution is mainly for a specific, predefined purpose, such as detecting attacks or capturing automated tools. A chroot or jailed environment, while more complicated to develop and implement, is more flexible and can give us far greater information on attackers.
These two solutions are not the only methods for developing your own honeypots. There are countless other varieties. For example, Brad Spencer developed a simple sendmail honeypot that emulates a vulnerable mail relay that can be used for spam. By simply modifying the parameters used with sendmail, Brad has created a homemade honeypot that captures spammers. George Bakos has developed Tiny Honeypot. This suite of tools lets you to build a honeypot that appears to allow attackers to successfully hack into it, regardless of what they do. Both of these homemade solutions can be found on the CD-ROM.
The two solutions we will focus on—port listeners and jails—represent some of the most common methods you will find. They also represent two dramatically different approaches and technologies, demonstrating the different potentials of homemade honeypots. We will begin with the simpler solution of the two, port monitoring.

Sunday, January 13, 2008

Ruby

Ruby is an object-oriented programming language that makes programming both enjoyable and fast. With the easy-to-use interpreter, familiar syntax, complete object-oriented functionality, and powerful class libraries, Ruby has become a language that can be applied to a broad range of fields from text processing and CGI scripts to professional, large-scale programs.
While Ruby is easy to learn, there are many details that you can't be expected to remember. This book presents those details in a clean and concise format. It is a reference to keep next to your desktop or laptop, designed to make Ruby even easier to use.
For those of you who are new to Ruby, there are several online tutorials available to get you started: Ruby's home page (http://www.ruby-lang.org/) is a good starting pointing as it offers Ruby tutorials and the Ruby Language FAQ.