[lug] sending log files to another machine

Gary Masters gmasters at devcg.denver.co.us
Wed Jan 12 16:08:55 MST 2000


On Mon, 10 Jan 2000, William Jarosko Jr. wrote:

> 
> Gary, as for rsync and the like, I was under the impression, only use r
> commands if your system isn't connected to anything outside of your location
> and even then it's a bad idea, from a security stand point anyway.
> 

As Kevin mentioned, you'd want to conduct these 'r' commands via ssh.

> I really hadn't thought of ftp, I guess I could login to the remote as a non
> priv. user so files can't be deleted. hmmm...   Thanks
> 

What I've done in the past, when circumstance didn't allow other
means[1], is create a dummy user that can only ftp to the system in
question.  I've done this by making a copy of /bin/false as
/bin/ftponly, making that the dummy users shell and adding it to
/etc/shells. This way /bin/false can still be used to fully disable an
account.  Give this user a really heinous password (mkpasswd is good
for this).  And set up a cron job to rotate files out of the dummy
account.  On the sending system, set up a script such as... 

#!/bin/sh
USER=DUMMY.USER.NAME
PASS=HEINOUS.PASSWORD
FILE="LIST OF FILES"
ftp -i -n HOST.WITH.DUMMY.ACCOUNT << EOJ
  user $USER $PASS
  mput "$FILE"
  quit
EOJ

...to send the files.  This script is owned by root and has
permissions 0700.  If extremely paranoid, set the immutable bit.
Since ftp authentication is in the clear, this "solution" is subject
to sniffing.  YMMV.

--
  Gary Masters
  gmasters at devcg.denver.co.us

[1] Pre OpenSSH.






More information about the LUG mailing list