Setting up ftp server on pogoplug E02

Hi

I want to setup an FTP server on my pogoplug E02 (Debian, nothing else on that pogoplug), but I want it to be accessible from the outside, i.e. internet. The usage scenario is that certain websites can push files to the ftp server (my pogoplug) (instead of downloading the files) and I will move them from the pogoplug to my computer and do use them there.

This is in principal no problem (redirecting ports ion the router to the pogopug) but I want to have this safe so that the risk is minimized. I don't want to open all doors for hacking of my network. So my question is: are there any things I should consider? Configurations?

Any suggestions?

Thanks,

Rainer

===========================
Blog: https://rmkrug.wordpress.com/

1 x Pogoplug E02 (pink): Logitech media server

1 x Pogoplug E02 (pink): FTP server only (throw away configuration - quick to rebuild)

1 x GoFlex Net: running OpenMediaVault

some things to consider are the following

set your ftp server to use a port other than the default, somewhere above port 1024 is a good place to put it. most scans and penetration attempts are done on standard and well known ports.

disable file system traversal in your configuration this will "jail" the ftp root

create an ftp user with only access to this folder

disallow execution of binaries

dont run the ftp service as root

ensure you have an absolute minimum of services running on the box - the less services that are on it the less chance of breach

ensure you arent running any services that are sslv2


and thats just for starters////

some good tips are found here
http://www.bu.edu/tech/about/security-resources/bestpractice/ftp/

Thanks - very useful tips.

I have a pogoplug E02 which I use only as an ftp server, and I am not running anything else on it.

I followed https://www.howtoforge.com/tutorial/proftpd-installation-on-debian-and-ubuntu/ to set it up.

Also, it is not running permanently as I know more or less when it is needed.

I assume exporting the ftp directory via NFS and than accessing it locally via NFS does not pose a security risk?

Thanks,

Rainer

===========================
Blog: https://rmkrug.wordpress.com/

1 x Pogoplug E02 (pink): Logitech media server

1 x Pogoplug E02 (pink): FTP server only (throw away configuration - quick to rebuild)

1 x GoFlex Net: running OpenMediaVault

it *shouldn't*

assuming that you dont open the NFS exports to the wide world and you ensure that the ftp use is in no other group than there own.

i.e. not in the root or nfs users groups

my recomended approac would not be to use NFS

but copy your files on and off using scp.

filezilla is a great package to use for this

I always forget about scp - thanks for reminding me.

But as I want to move the files, rsync via ssh should work perfectly.

Thanks,

Rainer

===========================
Blog: https://rmkrug.wordpress.com/

1 x Pogoplug E02 (pink): Logitech media server

1 x Pogoplug E02 (pink): FTP server only (throw away configuration - quick to rebuild)

1 x GoFlex Net: running OpenMediaVault