Text 265, 114 rader
Skriven 2004-08-05 20:02:26 av Tim Boyer (1:379/45)
    Kommentar till text 256 av Ellen K. (1:379/45)
Ärende: Re: UNIX HELP PLEASE
============================
From: Tim Boyer <tim@denmantire.com>

Glad to help!

On Thu, 05 Aug 2004 10:45:38 -0700, Ellen K.
<72322.enno.esspeeayem.1016@compuserve.com> wrote:

>That secure ftp sounds good, I will check it out.
>
>Thanks again, I really appreciate your help.   :)
>
>
>On Thu, 05 Aug 2004 07:15:37 -0400, Tim Boyer <tim@denmantire.com> wrote
>in message <k154h09fa7ckhqqnp8299j9ll8o6lclnli@4ax.com>:
>
>>On 5 Aug 2004 02:35:18 GMT, Ellen K <Ellen.K@harborwebs.com> wrote:
>>
>>>Hi Tim,
>>>
>>>George already said it was insecure but didn't explain why.
>>>
>>>Are you saying that ftp in general is insecure, or only ftp as implemented
on
>>>unix?
>>>
>>
>>ftp in general is a security nightmare.  The password is sent in
>>cleartext; the data are sent in cleartext.  You can do secure ftp over
>>ssh - google for 'sftp'.
>>
>>>Right now what is set up is that a Windows box goes to the external ftp site
>>>and gets the file, and then the Windows box uploads the file to the unix
box.
>>>Is this more secure in your opinion?
>>>
>>
>>If the Windows box is doing ftp, then it's the same thing - it's
>>insecure.  You're just adding a layer of complexity.
>>
>>>Is a script on the unix box that gets a file from an external ftp site more
or
>>>less secure than setting up an ftp server on the unix box to which the
external
>>>site sends the file?  Since there is an apparently unpublished (and
definitely
>>>unpatched) Oracle vulnerability when there is an ftp server on the same box
as
>>>Oracle (see other thread), I didn't want us to put an ftp server on our
Oracle
>>>server.
>>>
>>
>>IMHO, any time you set up a server, you're installing a security risk.
>>Let somebody else assume that risk. :)
>>
>>I'd see if openssh is installed on your unix box, and if it is, use
>>sftp.
>>
>>>Thanks so much.   :)
>>>
>>>
>>>> From: Tim Boyer <tim@denmantire.com>
>>>> On 4 Aug 2004 23:56:44 GMT, Ellen K <Ellen.K@harborwebs.com> wrote:
>>>>>Can someone please post what a unix shell script has to look like that
goes t
>>>>> an external ftp site and fetches a file?
>>>>>
>>>>>Also what do we have to know about ports etc in order to do this?  Our
Oracle
>>>>> consultant told me he currently cannot even ping the external ftp sites
from
>>>>> our unix box, so the first task is to get our box set up to be able to
ping
>>>>> them.
>>>>>
>>>>> Thanks in advance as usual.   :)
>>>> Ellen -
>>>> If you can't ping it, you've got other problems.  But assuming you can
>>>> ftp manually, you'll do this:
>>>> Put a file called .netrc in the home directory of the user that's
>>>> running the script.  It'll look something like this:
>>>> machine ftp.machinename.org
>>>> login yourloginname
>>>> password yourpassword
>>>> chmod it 600 so only you can read/write to it.  At that point, if you
>>>> do a
>>>> ftp ftp.machinename.org
>>>> it'll get you in there automatically.
>>>> From there, you can put macros in the .netrc file and put ftp commands
>>>> in the macros.  For instance:
>>>> macdef  getfiles
>>>> cd /tmp
>>>> bin
>>>> mget sess*
>>>> quit
>>>> will go to the /tmp directory, switch to binary mode, get all the
>>>> files starting with sess, and quit.  NOTE:  for some reason lost to
>>>> the mists of time, there has to be _two_ blank lines after the last
>>>> macro command.
>>>> Invoke it from the command line like so:
>>>> echo "\$ getfiles"|ftp ftp.machinename.org
>>>> And before George says it:  your password is unencrypted; ftp runs
>>>> unencrypted, and this is possibly one of the most insecure things you
>>>> can do with a computer.
>>>> --
>>>> Tim Boyer
>>>> tim@denmantire.com

--
Tim Boyer
tim@denmantire.com

--- BBBS/NT v4.01 Flag-5
 * Origin: Barktopia BBS Site http://HarborWebs.com:8081 (1:379/45)