2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>:> > > > errr, I meant, sftp, not rscp > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > regular ol' FTP using SELinux? Or does that just defeat the purpose of > having a secure SELlinux server entirely? >FTP is not safe as it does not encrypt username(s) and password(s) or traffic during transfer. RHEL/Centos provides SELinux booleans and settings at least for vsftpd (very secure ftpd). Please use it, if possible. -- Eero
Also check this out: http://www.bitvise.com/ftp-bridge -- Eero 2015-03-03 0:51 GMT+02:00 Eero Volotinen <eero.volotinen at iki.fi>:> > > 2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > >> > >> > errr, I meant, sftp, not rscp >> >> >> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow >> regular ol' FTP using SELinux? Or does that just defeat the purpose of >> having a secure SELlinux server entirely? >> > > FTP is not safe as it does not encrypt username(s) and password(s) or > traffic during transfer. > > RHEL/Centos provides SELinux booleans and settings at least for vsftpd > (very secure ftpd). Please use it, if possible. > > -- > Eero >
Good advice guys. I'll check out vsftpd. Thanks! Tim Sent from my iPhone> On Mar 2, 2015, at 5:55 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote: > > Also check this out: http://www.bitvise.com/ftp-bridge > > -- > Eero > > 2015-03-03 0:51 GMT+02:00 Eero Volotinen <eero.volotinen at iki.fi>: > >> >> >> 2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: >> >>>> >>>> errr, I meant, sftp, not rscp >>> >>> >>> Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow >>> regular ol' FTP using SELinux? Or does that just defeat the purpose of >>> having a secure SELlinux server entirely? >> >> FTP is not safe as it does not encrypt username(s) and password(s) or >> traffic during transfer. >> >> RHEL/Centos provides SELinux booleans and settings at least for vsftpd >> (very secure ftpd). Please use it, if possible. >> >> -- >> Eero > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos
On 03/02/2015 11:55 PM, Eero Volotinen wrote:> Also check this out: http://www.bitvise.com/ftp-bridgeyou could also recommend filezilla to your clients, it's available for mac, microsoft and linux and supports sftp. But I know there are still use cases for ftp.
On Mon, Mar 2, 2015 at 5:51 PM, Eero Volotinen <eero.volotinen at iki.fi> wrote:> 2015-03-03 0:43 GMT+02:00 Tim Dunphy <bluethundr at gmail.com>: > > > > > > > errr, I meant, sftp, not rscp > > > > > > Heh.. yeah. But the client isn't gonna go for that. LOL. Any way to allow > > regular ol' FTP using SELinux? Or does that just defeat the purpose of > > having a secure SELlinux server entirely? > > > > FTP is not safe as it does not encrypt username(s) and password(s) or > traffic during transfer. >I'd choose SSH for my own users. And for customers if proper steps are taken to prevent any interactive shells (it's even dicier with shared hosting).> > RHEL/Centos provides SELinux booleans and settings at least for vsftpd > (very secure ftpd). Please use it, if possible. >Use FTPS protocol? http://wiki.vpslink.com/Configuring_vsftpd_for_secure_connections_(TLS/SSL/SFTP) -- ---~~.~~--- Mike // SilverTip257 //