Chuck Peters on Thu, 29 Nov 2001 21:20:44 +0100


[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Linux Security Flaw


On Thu, 29 Nov 2001, Bob Razler wrote:

> Hello:
>
> 	I don't know if anyone saw this yet or not:
>
>
> http://www.zdnet.com/zdnn/stories/news/0,4586,5100074,00.html?chkpt=zdnn
> p1tp02

No, but it would have been nice to mention the article is about wu-ftp as
it has a long history of security problems.  Anyone who runs/administrates
servers on the net should be getting email alerts from their vendor(s).

We run proftpd here at CCIL because it has a little better security
history.  There are better ftpd alternatives as well, if you want a server
to be secure, you shouldn't be running ftpd period.  Security is a
balancing act of usabilty and CYA, for a freenet like CCIL we run proftpd
to allow users to easily upload webpages, as an attorney I would think the
CYA level would be greater. If you want your servers reasonable secure,
use sshd and rsync so that users can run scp (secure copy), ssh (secure
shell) and rsync.

Using rsync and ssh is a nice way to keep websites updated.  My friend
Kathy has a website, http://starryskies.com, and now all she has to do is
enter update-sskies to upload updates to the site.

Chuck

>
> Robert J. Razler, Esq.
> Approvals Manager
> Heritage Building Group, Inc.
> Suite A-100
> 3326 Old York Road
> Furlong, PA 18925
> 215.794.0550, ext. 117
> www.heritagebuildinggroup.com
> brazler@heritagebuildinggroup.com
>
>
>


______________________________________________________________________
Philadelphia Linux Users Group       -      http://www.phillylinux.org
Announcements-http://lists.phillylinux.org/mail/listinfo/plug-announce
General Discussion  -  http://lists.phillylinux.org/mail/listinfo/plug