[wplug] Anonymous FTP and hidden files (security problem?)
Albert E. Whale, CISSP
aewhale at ABS-CompTech.com
Wed Sep 10 09:25:58 EDT 2003
Russ Schneider wrote:
> In Anonymous FTP, in the ftp user's directory are the following hidden
> files:
>
> -rw------- 1 ftp ftp 35 Sep 9 12:18 .bash_history
> -rw-r--r-- 1 ftp ftp 24 Sep 9 12:05 .bash_logout
> -rw-r--r-- 1 ftp ftp 191 Sep 9 12:05 .bash_profile
> -rw-r--r-- 1 ftp ftp 124 Sep 9 12:05 .bashrc
> -rw-r--r-- 1 ftp ftp 141 Sep 9 12:05 .mailcap
> -rw-r--r-- 1 ftp ftp 3761 Sep 9 12:05 .screenrc
>
> Is there any security concern with any of these files? Should I chmod
> them down to a more restrictive access? Should I remove them altogether?
>
Russ,
These files are primarily intended to be used for Users with SHELL
Access. Tftp - aka Anonymous FTP, should not get Shell Access (IMHO).
Removal should not break your system, but rather improve your Security.
--
Albert E. Whale, CISSP - Sr. Security, Network, and Systems Consultant
--------------------------------------------------------------------------------
http://www.abs-comptech.com & http://www.No-JunkMail.com
ABS Computer Technology, Inc. - ESM, Computer & Networking Specialists
No-JunkMail.com - SPAM Stops Here.
Founding Board of Directors of Pittsburgh FBI - InfraGard
More information about the wplug
mailing list