arcane Posted November 14, 2011 Share Posted November 14, 2011 I'm using v5b13 and it appears there's an FTP service running with default user nobody and password xampp. Is this a required service? If not, how does one disable it? And if it is a required service, can one change the password without adversely affecting the system? If so, how? Quote Link to comment
arcane Posted November 14, 2011 Author Share Posted November 14, 2011 Was wondering if there was any input on this? I was quite surprised to find out that this service was present and activated by default as it presents a security risk. Thanks! Quote Link to comment
prostuff1 Posted November 14, 2011 Share Posted November 14, 2011 vsftpd is installed and running by default. Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching. Quote Link to comment
BobPhoenix Posted November 14, 2011 Share Posted November 14, 2011 vsftpd is installed and running by default. Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching. And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Quote Link to comment
arcane Posted November 14, 2011 Author Share Posted November 14, 2011 @prostuff1 I wasn't aware that an FTP service was installed by default and the security vulnerability wasn't brought to my attention until a scan was done by IT. In any case, I presume that there is a reason that vsftpd was installed and don't want to disable it if it will adversely affect the server. And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo. Quote Link to comment
prostuff1 Posted November 14, 2011 Share Posted November 14, 2011 You can disable ftp without issue. Quote Link to comment
dgaschk Posted November 14, 2011 Share Posted November 14, 2011 How did you determine the password? Quote Link to comment
BobPhoenix Posted November 14, 2011 Share Posted November 14, 2011 And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo. Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification. Quote Link to comment
Joe L. Posted November 14, 2011 Share Posted November 14, 2011 And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo. Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification. You'll need to comment out the line, then re-start inetd so it does not try to re-invoke it, then kill any existing process. these three lines in your config/go script will probably do it: sed -i -e "s/^ftp/##ftp/" /etc/inetd.conf /etc/rc.d/rc.inetd restart killall vsfptd Quote Link to comment
arcane Posted November 14, 2011 Author Share Posted November 14, 2011 @ dgaschk IT was doing a scan of the network, and found the vulnerability. I wasn't aware that xampp was part of the unraid distribution, so was surprised to see that the FTP service was present. I tried to login with the credentials given, and it worked even without the array started. @ Joe L. Thanks for the more comprehensive solution. If FTP isn't needed, and is a security risk, shouldn't it be disabled in future releases, or at least given instructions how to change the login/password? Quote Link to comment
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.