[Ubuntu-BR] Vsftpd

Flávio Barros flaviobarros em gmail.com
Quarta Março 2 19:55:34 UTC 2011 

Vc tem o endereço dessa lista ?

Em 2 de março de 2011 15:42, Mauro Risonho de Paula Assumpção <
mauro.risonho em gmail.com> escreveu:

> Alem da configuraçao de uma olhada nas listas de segurança saiu um CVE
> com falha de segurança sobre vsftp ha 1 ou 2 dias atras. Se voce vai
> usa-lo e interessante ver isso tambem.
>
> 2011/3/2, Flávio Barros <flaviobarros em gmail.com>:
> > Muito obrigado.
> >
> > Em 2 de março de 2011 12:04, Ivan Brasil Fuzzer
> > <ivan em fuzzer.com.br>escreveu:
> >
> >> Segue abaixo o arquivo de configuração onde eu deixo o home(apenas o
> home)
> >> de cada usuário disponível para acesso.
> >>
> >>
> >> # Example config file /etc/vsftpd.conf
> >> #
> >> # The default compiled in settings are fairly paranoid. This sample file
> >> # loosens things up a bit, to make the ftp daemon more usable.
> >> # Please see vsftpd.conf.5 for all compiled in defaults.
> >> #
> >> # READ THIS: This example file is NOT an exhaustive list of vsftpd
> >> options.
> >> # Please read the vsftpd.conf.5 manual page to get a full idea of
> vsftpd's
> >> # capabilities.
> >> #
> >> #
> >> # Run standalone?  vsftpd can run either from an inetd or as a
> standalone
> >> # daemon started from an initscript.
> >> listen=YES
> >> #
> >> # Run standalone with IPv6?
> >> # Like the listen parameter, except vsftpd will listen on an IPv6 socket
> >> # instead of an IPv4 one. This parameter and the listen parameter are
> >> mutually
> >> # exclusive.
> >> #listen_ipv6=YES
> >> #
> >> # Allow anonymous FTP? (Beware - allowed by default if you comment this
> >> out).
> >> anonymous_enable=NO
> >> #
> >> # Uncomment this to allow local users to log in.
> >> local_enable=YES
> >> #
> >> # Uncomment this to enable any form of FTP write command.
> >> write_enable=YES
> >> #
> >> # Default umask for local users is 077. You may wish to change this to
> >> 022,
> >> # if your users expect that (022 is used by most other ftpd's)
> >> local_umask=000
> >> #
> >> # Uncomment this to allow the anonymous FTP user to upload files. This
> >> only
> >> # has an effect if the above global write enable is activated. Also, you
> >> will
> >> # obviously need to create a directory writable by the FTP user.
> >> #anon_upload_enable=YES
> >> #
> >> # Uncomment this if you want the anonymous FTP user to be able to create
> >> # new directories.
> >> #anon_mkdir_write_enable=YES
> >> #
> >> # Activate directory messages - messages given to remote users when they
> >> # go into a certain directory.
> >> dirmessage_enable=YES
> >> #
> >> # Activate logging of uploads/downloads.
> >> xferlog_enable=YES
> >> #
> >> # Make sure PORT transfer connections originate from port 20 (ftp-data).
> >> connect_from_port_20=YES
> >> #
> >> # If you want, you can arrange for uploaded anonymous files to be owned
> by
> >> # a different user. Note! Using "root" for uploaded files is not
> >> # recommended!
> >> #chown_uploads=YES
> >> #chown_username=whoever
> >> #
> >> # You may override where the log file goes if you like. The default is
> >> shown
> >> # below.
> >> #xferlog_file=/var/log/vsftpd.log
> >> #
> >> # If you want, you can have your log file in standard ftpd xferlog
> format
> >> #xferlog_std_format=YES
> >> #
> >> # You may change the default value for timing out an idle session.
> >> #idle_session_timeout=600
> >> #
> >> # You may change the default value for timing out a data connection.
> >> #data_connection_timeout=120
> >> #
> >> # It is recommended that you define on your system a unique user which
> the
> >> # ftp server can use as a totally isolated and unprivileged user.
> >> #nopriv_user=ftpsecure
> >> #
> >> # Enable this and the server will recognise asynchronous ABOR requests.
> >> Not
> >> # recommended for security (the code is non-trivial). Not enabling it,
> >> # however, may confuse older FTP clients.
> >> #async_abor_enable=YES
> >> #
> >> # By default the server will pretend to allow ASCII mode but in fact
> >> ignore
> >> # the request. Turn on the below options to have the server actually do
> >> ASCII
> >> # mangling on files when in ASCII mode.
> >> # Beware that on some FTP servers, ASCII support allows a denial of
> >> service
> >> # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
> >> # predicted this attack and has always been safe, reporting the size of
> >> the
> >> # raw file.
> >> # ASCII mangling is a horrible feature of the protocol.
> >> #ascii_upload_enable=YES
> >> #ascii_download_enable=YES
> >> #
> >> # You may fully customise the login banner string:
> >> #ftpd_banner=Welcome to blah FTP service.
> >> #
> >> # You may specify a file of disallowed anonymous e-mail addresses.
> >> Apparently
> >> # useful for combatting certain DoS attacks.
> >> #deny_email_enable=YES
> >> # (default follows)
> >> #banned_email_file=/etc/vsftpd.banned_emails
> >> #
> >> # You may restrict local users to their home directories.  See the FAQ
> for
> >> # the possible risks in this before using chroot_local_user or
> >> # chroot_list_enable below.
> >> chroot_local_user=YES
> >> #
> >> # You may specify an explicit list of local users to chroot() to their
> >> home
> >> # directory. If chroot_local_user is YES, then this list becomes a list
> of
> >> # users to NOT chroot().
> >> #chroot_list_enable=YES
> >> # (default follows)
> >> #chroot_list_file=/etc/vsftpd.chroot_list
> >> #
> >> # You may activate the "-R" option to the builtin ls. This is disabled
> by
> >> # default to avoid remote users being able to cause excessive I/O on
> large
> >> # sites. However, some broken FTP clients such as "ncftp" and "mirror"
> >> assume
> >> # the presence of the "-R" option, so there is a strong case for
> enabling
> >> it.
> >> #ls_recurse_enable=YES
> >> #
> >> #
> >> # Debian customization
> >> #
> >> # Some of vsftpd's settings don't fit the Debian filesystem layout by
> >> # default.  These settings are more Debian-friendly.
> >> #
> >> # This option should be the name of a directory which is empty.  Also,
> the
> >> # directory should not be writable by the ftp user. This directory is
> used
> >> # as a secure chroot() jail at times vsftpd does not require filesystem
> >> # access.
> >> secure_chroot_dir=/var/run/vsftpd
> >> #
> >> # This string is the name of the PAM service vsftpd will use.
> >> pam_service_name=vsftpd
> >> #
> >> # This option specifies the location of the RSA certificate to use for
> SSL
> >> # encrypted connections.
> >> #rsa_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
> >> #
> >> # This option specifies the location of the RSA key to use for SSL
> >> # encrypted connections.
> >> rsa_private_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
> >>
> >>
> >>
> >>
> >>
> >>
> >> Em 02-03-2011 12:49, Fábio Rabelo escreveu:
> >>
> >>  Boa tarde ...
> >>>
> >>> Eu tentei exatamente a mesma coisa que o Sr. está propondo a algum
> tempo
> >>> atrás, e não consegui tb .
> >>>
> >>> Desde então estabeleci uma norma pessoal :
> >>>
> >>> Se eu quero ftp anônimo, uso o Vsftp .
> >>>
> >>> Se eu quero ftp autenticado, uso o Proftpd .
> >>>
> >>>
> >>> Fábio Rabelo
> >>>
> >>>
> >>>
> >>> Em 2 de março de 2011 12:40, Flávio Barros<flaviobarros em gmail.com
> >>> >escreveu:
> >>>
> >>>  Bom dia.
> >>>>
> >>>> Alguém sabe como configuro para que cada usuário tenha um diretório
> home
> >>>> específico ?
> >>>> Por exemplo:
> >>>> Usuários: maria, jose -->  /suporte
> >>>> Usuários: joao -->  /sistemas
> >>>>
> >>>> Com o proftpd eu sei como faz mas com o Vsftpd não.
> >>>>
> >>>> --
> >>>> Desde já agradeço,
> >>>> +++
> >>>> Flávio de Oliveira Barros
> >>>> Manaus - Amazonas - Brasil
> >>>>
> >>>> Copiar é bom!
> >>>> Seja Legal
> >>>> Use Software Livre
> >>>> Ubuntu User number is # 28558
> >>>> Linux Registered User# 278223
> >>>> --
> >>>> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
> >>>>
> >>>> Lista de discussão Ubuntu Brasil
> >>>> Histórico, descadastramento e outras opções:
> >>>> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
> >>>>
> >>>>
> >> --
> >> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
> >>
> >> Lista de discussão Ubuntu Brasil
> >> Histórico, descadastramento e outras opções:
> >> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
> >>
> >
> >
> >
> > --
> > Desde já agradeço,
> > +++
> > Flávio de Oliveira Barros
> > Manaus - Amazonas - Brasil
> >
> > Copiar é bom!
> > Seja Legal
> > Use Software Livre
> > Ubuntu User number is # 28558
> > Linux Registered User# 278223
> > --
> > Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
> >
> > Lista de discussão Ubuntu Brasil
> > Histórico, descadastramento e outras opções:
> > https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
> >
>
> --
> Enviado do meu celular
>
> --
> Mais sobre o Ubuntu em português: http://www.ubuntu-br.org/comece
>
> Lista de discussão Ubuntu Brasil
> Histórico, descadastramento e outras opções:
> https://lists.ubuntu.com/mailman/listinfo/ubuntu-br
>



-- 
Desde já agradeço,
+++
Flávio de Oliveira Barros
Manaus - Amazonas - Brasil

Copiar é bom!
Seja Legal
Use Software Livre
Ubuntu User number is # 28558
Linux Registered User# 278223

More information about the ubuntu-br mailing list