Re: bash_logout and sftp

From: Corey (corey_s_at_qwest.net)
Date: 05/07/05

  • Next message: Corey: "Re: bash_logout and sftp"
    Date: Fri, 6 May 2005 17:27:44 -0700
    To: secureshell@securityfocus.com
    
    

    On Friday 06 May 2005 12:30 pm, Robert L Sowders wrote:
    > Why bother?
    >

    It's necessary.

    We do not allow users shell or ftp access to our web/streaming server;
    instead, they upload their content to the ssh server - this content then
    needs to be mirrored/synced/copied/moved to the web/streaming server ASAP.

    That's the workflow.

    > Why not just set a rapid rsync cron from root and rsync the entire
    > structure, and move files with ownership and permission's? If nothing has
    > changed, then nothing gets moved.
    >

    Because we want the content to go live at the soonest possible time after the
    users upload it to the ssh server -- we want the finest granularity possible,
    which is why we would prefer not to use cron.

    Also, a cronjob running too often would vastly increase the amount of
    incomplete rsyncs... if the cron goes off while a user is in the middle of an
    upload, then partial/broken data will be mirrored onto the live web/streaming
    server - if this continually happens, then it's a waste of bandwidth and
    resources and will also pose other issues. Ensuring that the rsync only
    happens the moment after the user closes his sftp session, will greatly
    reduce those sorts of occurances.

    > There is something to be said for simple.
    >

    Agreed. This would be extremely simple if sftp-server had the sort of
    hook/trigger I was looking for... apparently a product called vshell can get
    close to facilitating this, but we're sticking w/ opensource solutions so
    unfortunately that is not an option. Looks like we'll have to use a log
    parser.

    Cheers,

    Corey


  • Next message: Corey: "Re: bash_logout and sftp"

    Relevant Pages

    • Re: File Upload - Security Issues
      ... You want to upload a file for what reason and ... these viruses have less chance of being able to execute (even if succeeded ... :> file and what pitfalls you see re: security might be helpful on this ... :>: files to an IIS server that doesn't have MS Office actually installed? ...
      (microsoft.public.scripting.vbscript)
    • Re: File Upload - Security Issues
      ... uploaded and the user could upload any or all of these in theory. ... There is no one product that can give you 100% security, ... > Code doesn't execute in local memory space unless remote user has rights ... > You don't have MS Office installed on the server. ...
      (microsoft.public.scripting.vbscript)
    • pure-ftp nologin
      ... I have a server running FreeBSD 6.3. ... # If you want to enable PAM authentication, ... AnonymousCanCreateDirs no ... # Disallow anonymous users to upload new files ...
      (comp.unix.bsd.freebsd.misc)
    • [NT] DeskNow Mail and Collaboration Server Directory Traversal Vulnerabilities
      ... The following security advisory is sent to the securiteam mailing list, and can be found at the SecuriTeam web site: http://www.securiteam.com ... Collaboration Server is "a full-featured and integrated mail and instant ... attachment upload feature that may be exploited to upload files to ... * DeskNow Mail and Collaboration Server version 2.5.12 and prior ...
      (Securiteam)
    • Re: [Full-disclosure] phpBB 2.0.17 (and other BB systems as well) Cookie disclosure exploit.
      ... app that allows the user to upload an image of some type. ... Internet Explorer ignores the content type sent by the web server and ... > HTML code instead. ... > upload it as a phpBB avatar. ...
      (Full-Disclosure)