Site Navigation

Date:      Wed, 24 Nov 2010 13:35:33 +0100
From:      Polytropon <freebsd@edvax.de>
To:        "Dave" <dave@g8kbv.demon.co.uk>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: new user questions.  (Before I back myself into a corner!)
Message-ID:  <20101124133533.ab5cae74.freebsd@edvax.de>
In-Reply-To: <4CEC4677.7554.3BF9432E@dave.g8kbv.demon.co.uk>
References:  <4CEC4677.7554.3BF9432E@dave.g8kbv.demon.co.uk>

---

next in thread | previous in thread | raw e-mail | index | archive | help

---

Allow me to answer some of your questions without begin too
precise about the "whole picture", because I just can't speak
about all aspects due to lack of experience. :-)



On Tue, 23 Nov 2010 22:55:51 -0000, "Dave" <dave@g8kbv.demon.co.uk> wrote:
> I'd like to:-
> Have a ssh login via LAN available, I believe that's a standard feature, 
> but I expressedly disabled that (well, told it not to implement it) when 
> I orignaly installed the OS. 

The SSH functionality is provided by

	sshd_enable="YES"

in /etc/rc.conf; upon reboot or

	/etc/rc.d/sshd start

the server gets activated. If no keys are present, they are
generated at first startup. You can also provide your own set
of keys if you already have some. See

	man sshd

for details.



> Have a small web server, again I've read that Apache can do a good job, 
> but I don't want (nor need) all it's facilities, in particular I need to 
> lock it down so no "Put's" can happen for a start!  The web pages are 
> simple flat form, text and static graphics, with a little client side 
> scripting, purely to find the client's local date and time, to select the 
> graphic to serve.

Well, lighttpd comes to my mind, although there are some others
that are really good at this "simple stuff". Reducing things to
a working and functional minimum isn't as easy as it sounds. :-)



> Have a FTP server, so I can automate some of the web page graphics 
> updates, from other systems that generate the data, and can FTP files 
> across the LAN, also of course for general web page maintenance needs.

The system brings an FTP server. You can enable it by uncommenting
the entry

	ftp  stream  tcp  nowait  root  /usr/libexec/ftpd  ftpd -ll

in /etc/inetd.conf. With this approach, the system's inetd controls
the communication to the server program.

You'll notice that THIS line has ftpd -ll (ell ell) instead of just
one -l. This is intended for log purposes. Add the line

	!ftpd
	*.*	/var/log/ftpd.log

to /etc/syslog.conf and

	touch /var/log/ftpd.log

to create a log file for the FTP server. This can help you to
spot misbehaviour either on server or client side.



> That sounds in the face of things what I want, but am unsure of the 
> implications of doing that.  Is it "better" (ie, easier for a novice to 
> manage) than the native OS based FTP server tool?  I would preffer to 
> have FTP login's that are in no way related to any system login users.

In order to disallow system level accounts for FTP, use the file
/etc/ftpusers: This file contains the accounts that are NOT allowed
to make an FTP connection. Put "root" and "toor" (UID 0 accounts)
on top. Also put "ftp" there - this is the anonymous FTP user
which I think you do NOT want to work.

Also, consider using scp for file transfers, it's often much more
convenient, allthough I like

	ftp -u ftp://$(FTPUSER):$(FTPPASSWD)@$(SERVER) ${FILES}

for shoving new stuff onto the the web server with FTP server. :-)

There's nothing wrong with system's FTP in my opinion, as long as
you know what it's actually doing (and how), and you can see the
implications to consider to your particular needs and security
requirements.



> Of all the stuff I've read so far in the FreeBSD handbook, and a few 
> other places, not one mention is made (that I can see so far) of how to 
> set services for alternative port numbers?

In the documentation of that services (FTP, SSH for example) you
can specify alternative ports, e. g. -p <port> for sshd which can
be set via sshd_flags= in the /etc/rc.conf file. It's always a good
idea to look through the man pages of the programs you use. The
system's program ALL do come with a good manpage - software from
ports not always provides that quality.



> Unless there is a compelling argument to, I'd prefer to stick with V8.0 
> too.

I don't see a problem with that. Unlike most other operating systems,
you can always use FreeBSD on "old-fashioned" hardware. For example,
I have a 150 MHz P1 with 128 MB here doing some simple "in-house"
server stuff - it currently runs 8.0 (and will soon receive an
update using freebsd-update, a tool that will allow you to keep
your system on a current state even if you don't want to run big
compile orgies on it).



> PS:	I run one of these....
> http://www.ncdxf.org/beacon/monitors.html

Greetings es 73 de JO52TD ryryryry ...-.- :-)




-- 
Polytropon
Magdeburg, Germany
Happy FreeBSD user since 4.0
Andra moi ennepe, Mousa, ...

---

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20101124133533.ab5cae74.freebsd>

Legal Notices | © 1995-2024 The FreeBSD Project. All rights reserved.

Contact