November 14, 201114 yr I'm using v5b13 and it appears there's an FTP service running with default user nobody and password xampp. Is this a required service? If not, how does one disable it? And if it is a required service, can one change the password without adversely affecting the system? If so, how?
November 14, 201114 yr Author Was wondering if there was any input on this? I was quite surprised to find out that this service was present and activated by default as it presents a security risk. Thanks!
November 14, 201114 yr vsftpd is installed and running by default. Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching.
November 14, 201114 yr vsftpd is installed and running by default. Not quite sure how to turn it off, but it should be possible to find an answer with a little google searching. And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well.
November 14, 201114 yr Author @prostuff1 I wasn't aware that an FTP service was installed by default and the security vulnerability wasn't brought to my attention until a scan was done by IT. In any case, I presume that there is a reason that vsftpd was installed and don't want to disable it if it will adversely affect the server. And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo.
November 14, 201114 yr And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo. Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification.
November 14, 201114 yr And with that in mind here is what I found with said Google search. Opps forgot to say this was for RedHat but may work on unRAID as well. Unless I'm missing something, those commands will not work. It looks like I can disable vsftpd by commenting out this line in inetd.conf : ftp stream tcp nowait root /usr/sbin/tcpd vsftpd But again, don't know if this is critical to the function of unraid in which case I'm interested in how I should close the security hole. This probably affects other Unraid users as well if their server is on the net since it's a default user and password combo. Glad you found a possible solution I know just enough about Linux to get me into trouble which is why I added the RedHat qualification. You'll need to comment out the line, then re-start inetd so it does not try to re-invoke it, then kill any existing process. these three lines in your config/go script will probably do it: sed -i -e "s/^ftp/##ftp/" /etc/inetd.conf /etc/rc.d/rc.inetd restart killall vsfptd
November 14, 201114 yr Author @ dgaschk IT was doing a scan of the network, and found the vulnerability. I wasn't aware that xampp was part of the unraid distribution, so was surprised to see that the FTP service was present. I tried to login with the credentials given, and it worked even without the array started. @ Joe L. Thanks for the more comprehensive solution. If FTP isn't needed, and is a security risk, shouldn't it be disabled in future releases, or at least given instructions how to change the login/password?
Archived
This topic is now archived and is closed to further replies.