Jump to content

Disabling FTP Service


arcane

Recommended Posts

I'm using v5b13 and it appears there's an FTP service running with default user nobody and password xampp.  Is this a required service?  If not, how does one disable it?  And if it is a required service, can one change the password without adversely affecting the system?  If so, how?

Link to comment

@prostuff1

 

I wasn't aware that an FTP service was installed by default and the security vulnerability wasn't brought to my attention until a scan was done by IT.  In any case, I presume that there is a reason that vsftpd was installed and don't want to disable it if it will adversely affect the server.  

 

 

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp    stream  tcp    nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Link to comment

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.
Link to comment

And with that in mind here is what I found with said Google search.  Opps forgot to say this was for RedHat but may work on unRAID as well.

 

 

Unless I'm missing something, those commands will not work.  It looks like I can disable vsftpd by commenting out this line in inetd.conf :

 

ftp     stream  tcp     nowait  root    /usr/sbin/tcpd  vsftpd

 

But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole.  This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.

Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.

You'll need to comment out the line, then re-start inetd so it does not try to re-invoke it, then kill any existing process.

 

these three lines in your config/go script will probably do it:

sed -i -e "s/^ftp/##ftp/" /etc/inetd.conf

/etc/rc.d/rc.inetd restart

killall vsfptd

 

 

Link to comment

@ dgaschk

 

IT was doing a scan of the network, and found the vulnerability.  I wasn't aware that xampp was part of the unraid distribution, so was surprised to see that the FTP service was present.  I tried to login with the credentials given, and it worked even without the array started.

 

@ Joe L.

 

Thanks for the more comprehensive solution.  If FTP isn't needed, and is a security risk, shouldn't it be disabled in future releases, or at least given instructions how to change the login/password?

Link to comment

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...