FTP Server distros? Plus old server reminiscing

GrimReaper

I'm currently looking at setting up a dedicated ftp server for work, it must have the following features/capabilities (in my eyes):

* Anonymous logon
* User logon to own specific directories (for example virtual user, no shell access)
* Universal user logon, for example this user can logon and upload/download/delete from all user directories and anonymous directory (NOT root, this will be a user for employees to access all ftp user directories)
* Have root login for ftp disabled
* Be relatively secure, I do not consider some normal linux distro set-up as an ftp server secure.

I am currently testing pure-ftpd on openbsd, generally i've got things sort of working how I want.

But I am open to alternatives, when I get the damn things downloaded i'll be looking at clarkconnect and sme server.

If there is some Linux/*BSD server specific distro then point it my way. I am curious about those kind of server distros where it's purely configured from a web interface.

bowen

GrimReaper wrote: »

I'm currently looking at setting up a dedicated ftp server for work, it must have the following features/capabilities (in my eyes):

* Anonymous logon
* User logon to own specific directories (for example virtual user, no shell access)
* Universal user logon, for example this user can logon and upload/download/delete from all user directories and anonymous directory (NOT root, this will be a user for employees to access all ftp user directories)
* Have root login for ftp disabled
* Be relatively secure, I do not consider some normal linux distro set-up as an ftp server secure.

I am currently testing pure-ftpd on openbsd, generally i've got things sort of working how I want.

But I am open to alternatives, when I get the damn things downloaded i'll be looking at clarkconnect and sme server.

If there is some Linux/*BSD server specific distro then point it my way. I am curious about those kind of server distros where it's purely configured from a web interface.

I've always liked vsftpd. However, proftpd has some good reviews (but in my experience it's a pain to setup).

Vsftpd was very easy and fast to get up and working, thus I recommend it. (Does pretty much everything you're looking for as far as I know). Hell, I even got it doing ftp over ssh (or whatever it was) relatively easily.

Edit: here's a link for ya:

vsftpd

GrimReaper

Thanks, i'm currently playing about with a couple of the linux distros. Clarkconnect turned out to be a horrible disappointment. And i'm trying SME Server now.

I'll try vsftpd tomorrow on my openbsd vm.

iTunesIsEvil

I wish that Filezilla Server worked on Linux. Every time I have to set a Linux box up I keep thinking "I could be done by now with FZS." Then I get back to work and quit my sniveling.

Filezilla.

GrimReaper

iTunesIsEvil wrote: »

I wish that Filezilla Server worked on Linux. Every time I have to set a Linux box up I keep thinking "I could be done by now with FZS." Then I get back to work and quit my sniveling.

Filezilla.

This is for the company for I work for, when I have anything facing the internet being too paranoid is never enough. Filezilla server has had too many vulnerabilities for my liking. Same with proftpd.

Running something like that on openbsd would negate the entire point of using openbsd in the first place.

Filezilla server is fine for some home server on your local machine but serving ftp for an entire company I'd never trust it.
If you want easy to set-up ftp stuff for linux etc. Then I suggest using something like webmin alongside your ftp server of choice.

Also, sme server has turned out to be a big disappointment too.

Lewisham

<naive>I'd just use whatever had the best package management system so I didn't have to worry about stuff.</naive>

Although Debian's wonderful "Oh hey guys, seeding keys is for losers" thing means I wouldn't recommend that

GrimReaper

Oh, i've just stumbled across engarde linux whilst looking at all the server distros on distrowatch.

For ftp it uses vsftpd by default which is a good sign.

iTunesIsEvil

I wasn't aware that Filezilla Server was apparently riddled with vulnerabilities. Linky?

Janin

Another vote for vsftpd. It's one of the few (only?) FTP servers included in Ubuntu's main repository, which attests well to its security and stability.

I am curious about what you mean by "I do not consider some normal linux distro set-up as an ftp server secure.". A standard setup has few running services and no open ports, which seems to me ideal for configuring a server.

GrimReaper

Janin wrote: »

Another vote for vsftpd. It's one of the few (only?) FTP servers included in Ubuntu's main repository, which attests well to its security and stability.

I am curious about what you mean by "I do not consider some normal linux distro set-up as an ftp server secure.". A standard setup has few running services and no open ports, which seems to me ideal for configuring a server.

By that I mean if it's compromised remotely it's like a gold mine for the exploiter as there is a metric ton of tools for the person to use already installed. Whereas something without GCC etc makes it much more difficult for them.

Also, here's the filezilla server vulnerabilities that have occured in the past.

GrimReaper

Ok, engarde officially sucks. It requires activation/registration to use it and is generally a pain in the arse.

bowen

GrimReaper wrote: »

Ok, engarde officially sucks. It requires activation/registration to use it and is generally a pain in the arse.

Yeah stick with your bsd and set up the vsftpd and you'll be golden security wise. Don't try any of those branded pieces of crap, trust me, you can do better yourself with 5 minutes, and you rely on someone else to update configurations on closed systems

We had a WIFI-AP that we maintained the OS on, and one the other company did, guess which one was used for leeching purposes? Theirs used some off-brand access-point OS that they had no control over, and ours was one the three of us on my team threw together. That said, what else is on this system, apache?

iTunesIsEvil

GrimReaper wrote: »

Also, here's the filezilla server vulnerabilities that have occured in the past.

I'll take a look at those, thanks. :P

GrimReaper

bowen wrote: »

GrimReaper wrote: »

Ok, engarde officially sucks. It requires activation/registration to use it and is generally a pain in the arse.

Yeah stick with your bsd and set up the vsftpd and you'll be golden security wise. Don't try any of those branded pieces of crap, trust me, you can do better yourself with 5 minutes, and you rely on someone else to update configurations on closed systems

We had a WIFI-AP that we maintained the OS on, and one the other company did, guess which one was used for leeching purposes? Theirs used some off-brand access-point OS that they had no control over, and ours was one the three of us on my team threw together. That said, what else is on this system, apache?

That's why i'm not comfortable having a general OS for a dedicated server purpose, you have to worry about keeping all that other stuff up to date.. oh sure, there's always the ability to choose not to install everything but then updating those kind of systems without X11, GTK etc is a pita.

I've just gotten the vm working as I want with OpenBSD and pure-ftpd. I tried vsftpd but it required a few little extras for things like virtual users. Frankly to me it seems security wise pureftpd and vsftpd are about on an equal footing security wise.

There has been 1 vulnerability for pureftpd and that was to a type of dos, nothing major. Vsftpd seems slightly more secure in that there have been 0 vulnerabilities (according to secunia).

I just dug out the old main server, fear it.. dual pentium 3 933MHz processors, 2GB RAM, 2x 36.7GB 15k rpm SCSI hard drives.. it's a compaq ML-370. So old that I can't remember what key I need to bash to get into the bios. It'll be the ftp server.

bowen

GrimReaper wrote: »

bowen wrote: »

GrimReaper wrote: »

Ok, engarde officially sucks. It requires activation/registration to use it and is generally a pain in the arse.

Yeah stick with your bsd and set up the vsftpd and you'll be golden security wise. Don't try any of those branded pieces of crap, trust me, you can do better yourself with 5 minutes, and you rely on someone else to update configurations on closed systems

We had a WIFI-AP that we maintained the OS on, and one the other company did, guess which one was used for leeching purposes? Theirs used some off-brand access-point OS that they had no control over, and ours was one the three of us on my team threw together. That said, what else is on this system, apache?

That's why i'm not comfortable having a general OS for a dedicated server purpose, you have to worry about keeping all that other stuff up to date.. oh sure, there's always the ability to choose not to install everything but then updating those kind of systems without X11, GTK etc is a pita.

I've just gotten the vm working as I want with OpenBSD and pure-ftpd. I tried vsftpd but it required a few little extras for things like virtual users. Frankly to me it seems security wise pureftpd and vsftpd are about on an equal footing security wise.

There has been 1 vulnerability for pureftpd and that was to a type of dos, nothing major. Vsftpd seems slightly more secure in that there have been 0 vulnerabilities (according to secunia).

I just dug out the old main server, fear it.. dual pentium 3 933MHz processors, 2GB RAM, 2x 36.7GB 15k rpm SCSI hard drives.. it's a compaq ML-370. So old that I can't remember what key I need to bash to get into the bios. It'll be the ftp server.

That could be, managing a unix based system via SSH tends to be a royal pain, but you get used to it after a while. But yeah, they're about equal, and it took me less time to get my vsftpd configured off the bat compared to proftpd and pureftpd. Maybe it was Ubuntu helping us with that one, though.

GrimReaper

Heh, just rediscovered that it doesn't have a BIOS as such. It needs a partition for that kind of stuff, which is long since gone. HP don't provide any of those CD's to download etc anymore. The oldest ML370 they have on the site is this one.

The one we have is this dinosaur... "Announcing the fastest ML370 ever...".

I upgraded it over time, at first it had 1GB of RAM, a single 1GHz P3 and an 18GB SCSI hard drive. Then I moved it over to dual 933MHz (couldn't get my hands on a second 1GHz processor), 2GB of RAM and two 36.7GB SCSI drives. Then I bought the new quad core monster to replace it at the end of last year. Memories.

bowen

GrimReaper wrote: »

Heh, just rediscovered that it doesn't have a BIOS as such. It needs a partition for that kind of stuff, which is long since gone. HP don't provide any of those CD's to download etc anymore. The oldest ML370 they have on the site is this one.

The one we have is this dinosaur... "Announcing the fastest ML370 ever...".

I upgraded it over time, at first it had 1GB of RAM, a single 1GHz P3 and an 18GB SCSI hard drive. Then I moved it over to dual 933MHz (couldn't get my hands on a second 1GHz processor), 2GB of RAM and two 36.7GB SCSI drives. Then I bought the new quad core monster to replace it at the end of last year. Memories.

Holy shit, we had one of those were I used to work. I think it was an old Netware DMS server with good ol' IPX/SPX.

Can't get a *nix on that beast? Because that would make like.. an ideal FTP/Web server of sorts, and a good example of recycling old servers to meet a new need and why all the *nices rock.

GrimReaper

bowen wrote: »

GrimReaper wrote: »

Heh, just rediscovered that it doesn't have a BIOS as such. It needs a partition for that kind of stuff, which is long since gone. HP don't provide any of those CD's to download etc anymore. The oldest ML370 they have on the site is this one.

The one we have is this dinosaur... "Announcing the fastest ML370 ever...".

I upgraded it over time, at first it had 1GB of RAM, a single 1GHz P3 and an 18GB SCSI hard drive. Then I moved it over to dual 933MHz (couldn't get my hands on a second 1GHz processor), 2GB of RAM and two 36.7GB SCSI drives. Then I bought the new quad core monster to replace it at the end of last year. Memories.

Holy shit, we had one of those were I used to work. I think it was an old Netware DMS server with good ol' IPX/SPX.

Can't get a *nix on that beast? Because that would make like.. an ideal FTP/Web server of sorts, and a good example of recycling old servers to meet a new need and why all the *nices rock.

I'll tell you one thing, i'd forgotten just how loud this fucker was. Seriously, we've got a raidserver with 8 hard drives and the new quad core server with 4 hard drives and yet the old ml370 manages to drown them both out. It's like a jet engine preparing to take off.

bowen

GrimReaper wrote: »

bowen wrote: »

Holy shit, we had one of those were I used to work. I think it was an old Netware DMS server with good ol' IPX/SPX.

Can't get a *nix on that beast? Because that would make like.. an ideal FTP/Web server of sorts, and a good example of recycling old servers to meet a new need and why all the *nices rock.

I'll tell you one thing, i'd forgotten just how loud this fucker was. Seriously, we've got a raidserver with 8 hard drives and the new quad core server with 4 hard drives and yet the old ml370 manages to drown them both out. It's like a jet engine preparing to take off.

... It weighs as much as one too.

GrimReaper

bowen wrote: »

GrimReaper wrote: »

bowen wrote: »

Holy shit, we had one of those were I used to work. I think it was an old Netware DMS server with good ol' IPX/SPX.

Can't get a *nix on that beast? Because that would make like.. an ideal FTP/Web server of sorts, and a good example of recycling old servers to meet a new need and why all the *nices rock.

I'll tell you one thing, i'd forgotten just how loud this fucker was. Seriously, we've got a raidserver with 8 hard drives and the new quad core server with 4 hard drives and yet the old ml370 manages to drown them both out. It's like a jet engine preparing to take off.

... It weighs as much as one too.

That's an understatement, we actually have two ML370's by the way. One was the main and the other was the backup in-case of hardware failure. The main which I tried powering on today is dead, I think dust got the better of it.. even after going at it with a compressor.

I'm using the backup which is identical, I had to take out the hard drives out of the dead one etc. To put in this one.

I also actually found the smartstart 5.0 cd's, kind of useless. I think i'll wipe that system partition, all it really gives is the ability to use the smartstart cd maintenance programs from the hard disk rather than a cd.

I'll download this and see if it gives me some better tools. I did actually have the latest stuff at some point because I did update the bios etc. Plus when I went into the settings manager thing it mentioned the settings being set by a newer version.

bowen

Hmm, I remember my boss had the bright idea that it'd be possibly to put windows 2003 server on it. I don't think it worked. Hell, I don't think he could even get the CD-ROM to be bootable. Not sure if that was the case, but the one we had was an immense piece of shit with everything break on it.

GrimReaper

bowen wrote: »

Hmm, I remember my boss had the bright idea that it'd be possibly to put windows 2003 server on it. I don't think it worked. Hell, I don't think he could even get the CD-ROM to be bootable. Not sure if that was the case, but the one we had was an immense piece of shit with everything break on it.

Yeah, I think I remember reading in some documentation that server 2003 wouldn't work or wasn't supported.. something along those lines.
As to the server itself, it was fairly reliable. Here's a couple of facts that may shock you; 1. The server was in the worst place in the building, under some stairs with carpetting and no aircon. (I kid you not) 2. The server had the following on it: windows 2000 server, exchange 2000 standard, sql server 2000 and a bunch of other stuff. This was on a machine with a single P3 1GHz, 1GB of RAM and a 18GB 10k rpm SCSI drive.

They were the designs of my predecessor, I got a server room as fast as I could when I joined the company as well as seperate things. (for example a seperate sql server, new high-end server to replace old one with sbs 2003)