A way to investigate ftp server configuration on FreeBSD 6.2

[The_Immortal]

Hi there!

Dear Sirs,

I'm totally new at FreeBSD but unfortuntaly my current job is concerning to old FreeBSD. I got FreeBSD 6.2-RELEASE-p3 installed and there is no way to update it.

The current problem is the server has open ftp-connection without any login just by IP accessing of this server.
I was looking for tutorials and everyone says that ftp configuration can be found in /ect/ftpchroot file but I don't have such file. I have only /etc/ftpusers that shows restricted users.

Could someone who involved with FreeBSD form its start help me how to find out how can I configure ftp server of FreeBSD 6.2 please?

Thank you very much!

 

[zirias@]

I'm totally new at FreeBSD but unfortuntaly my current job is concerning to old FreeBSD. I got FreeBSD 6.2-RELEASE-p3 installed and there is no way to update it.

Oh... while this might be problematic: if it isn't possible to upgrade, it must be replaced ASAP.

The current problem is the server has open ftp-connection without any login just by IP accessing of this server.

You have a lot more problems than that for sure. Tell your boss this machine must be replaced. In case of refusal, contact your CISO. If there isn't one or this doesn't help, better look out for another job, for your own mental health...

 

[mer]

Sounds like an old style "anonymous ftp" configuration.

Other than the obligatory "FreeBSD-6.2-RELEASE has been EOL'd for more than a little bit", you could start here:

File Transfer Protocol (FTP)

 

[getopt]

Topics about unsupported FreeBSD versions

The FreeBSD Forums cater primarily to end-users and systems administrators. As such, the Forums focus almost exclusively on FreeBSD versions that are officially supported according to the official FreeBSD website. Since resources are scarce, the FreeBSD Forums strongly suggest that anyone asking...

forums.freebsd.org

 

[kpedersen]

On an old install like that I suggest:

• Disabling ftp entirely (ports ranges are too hard to lock down)
• Compile up a recent HTTP server (using a recent encryption library outside of your aging packages)
• Use HTTP to share the software that the old FTP was serving
• If used, replace SSH with a newer version
• Block every port in the firewall apart from HTTP (port 80) and SSH (22)

After that, you should be pretty safe for a while. So spend this time writing a business case to get it replaced in the next year.

 

[im]

First of all you should discover which ftp-server is running (ftpd, proftpd, vsftpd, etc).
Inspect /etc/rc.conf for all lines which are containing 'ftp' and public the name of your ftp-server here.
Another way is to run sockstat | less and search for the name of service (2nd column) who is listens tcp4 port 21 (6th column)
We can help you after you specify the name of your ftp server.

The files that you are specified are related only to internal FreeBSD's ftpd which usually runs via inetd.

Слава Україні!

 

[Deleted member 70435]

better look out for another job, for your own mental health...

Seems like a good option for him.

 

[getopt]

Seems like a good option for him.

Good options are, if you are free to choose from.