[cobalt-developers] Secure FTP and PortSentry

[John Thewlis <jthewlis@xxxxxxx>]

Hi

Many thanks for all of the suggestions in relation to the security 
tools for the RaQ4r. I am acting on them presently.

2 other questions that hopefully someone can shed light upon.

Firstly, we installed PortSentry as a PKG file, but did an uninstall of 
the PKG as numerous users were reporting that they could no longer 
access the mail server for their domains. The uninstall was not clean, 
as we had to manually delete two PortSentry directories that remained 
after running the PKG uninstall. Upon a system reboot the PortSentry 
processes were gone so we assumed all was well.

We are now getting constant calls telling us that users who are using 
fixed IP addresses to access the Cobalt box are still not able to 
access their email, despite the fact that the PortSentry processes do 
not seem to be running. It appears to be the SMTP service that is 
affected, POP seems ok.

Users with dynamically assigned IP addresses for net access are having 
no problems accessing the Cobalt box.

Any ideas as to how to fix this?

Secondly, we have stopped the ftp service on the Cobalt box, and are 
asking clients to use SecureFX from VanDyke Software to transfer files 
using sftp. This is working fine, except that each domain user can 
traverse the full Cobalt filesystem, and see all other user's web sites 
and associated files.

Is it possible to lock down secure ftp access using SecureFX so that 
users can only access and view their own domain?

Many thanks

John

John Thewlis