Disabling FTP Service

I'm using v5b13 and it appears there's an FTP service running with default user nobody and password xampp.  Is this a required service?  If not, how does one disable it?  And if it is a required service, can one change the password without adversely affecting the system?  If so, how?

Was wondering if there was any input on this?  I was quite surprised to find out that this service was present and activated by default as it presents a security risk.  Thanks!

vsftpd is installed and running by default.

Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching.

vsftpd is installed and running by default.

 

Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching.

@prostuff1

I wasn't aware that an FTP service was installed by default and the security vulnerability wasn't brought to my attention until a scan was done by IT.  In any case, I presume that there is a reason that vsftpd was installed and don't want to disable it if it will adversely affect the server.  

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

ftp    stream  tcp    nowait  root    /usr/sbin/tcpd  vsftpd

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

You can disable ftp without issue.

How did you determine the password?

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.

these three lines in your config/go script will probably do it:

sed -i -e "s/^ftp/##ftp/" /etc/inetd.conf

/etc/rc.d/rc.inetd restart

killall vsfptd

@ dgaschk

IT was doing a scan of the network, and found the vulnerability.  I wasn't aware that xampp was part of the unraid distribution, so was surprised to see that the FTP service was present.  I tried to login with the credentials given, and it worked even without the array started.

@ Joe L.

Thanks for the more comprehensive solution.  If FTP isn't needed, and is a security risk, shouldn't it be disabled in future releases, or at least given instructions how to change the login/password?