Skip to content

Disable ftp by the “anonymous” user

Before we release a machine into “production”, our security team has to check and verify that the host is “secure”. Apparently, today was not my day. They discovered that anybody can ftp into this host using the “anonymous” login name and anything they desire as the password. So the question is this – “how to disable ftp access to an AIX host using the anonymouns login?”Przed pozwoleniem na użycie maszyny, nasza “drużyna” bezpieczeństwa musi sprawdzić maszynę i oficjalnie wydać pozwolenie na jej udostępnienie użytkownikom. Dzisiaj coś mi nie idzie. Drużyna “Timura” odkryła, że każdy ma dostęp do tej maszyny używając do tego celu ftp i logując się jako “anonymous” i dowolne hasło. W związku z tym zadano następujące pytanie – “jak pozbawić temu użytkownikowi dostęp do ftp na maszynie AIX”?

One, can just take the whole ftp system down and be done with it – a bit drastic as in here interfaces need ftp to shuffle their data. So the ftp has to stay accept anonymous cannot be allowed to use this service. I check if I have on this machine a user account called ftp?

entchap1:MDC:/home/duszyk> lsuser ftp
ftp id=40 pgrp=ftp groups=ftp home=/spool/anonymous shell=/usr/bin/ksh gecos=Anonymous FTP

Indeed, there is one! Now, I go to his home directory and list its contents.

entchap1:MDC:/spool/anonymous> ls -ltr
total 191440
dr-x--x--x    4 root     sys             256 Apr 19 21:22 usr
dr-x--x--x    2 root     sys             256 Apr 19 21:22 etc
dr-x--x--x    2 root     sys             256 Apr 19 21:37 dev
dr-x--x--x    3 root     sys             256 Apr 19 21:37 bin
-rw-r--r--    1 cmax     cmax       98011486 Apr 27 10:27 setup.exe
-r--r--r--    1 cmax     cmax           1463 Apr 27 10:56 cmselect.cfg

Yes, someone made use of this account, I am sure it was the vendor installing the new version of application…. First, I will remove the ftp user execting rmuser -p ftp. Next, I will delete his home directory and its contents. So, can anonymous login with ftp? Not any more.

Posted in AIX, Real life AIX.

Tagged with , , , , , , , .

0 Responses

Stay in touch with the conversation, subscribe to the RSS feed for comments on this post.

Some HTML is OK

or, reply to this post via trackback.

Copyright © 2016 Waldemar Mark Duszyk. All Rights Reserved. Created by Blog Copyright.