Ticket #845 (closed maintenance: fixed)

Opened 20 months ago

Last modified 20 months ago

Unneeded FTP server on PuffinServer

Reported by: chris Owned by: chris
Priority: major Milestone: Maintenance
Component: Live server Keywords:
Cc: ade, paul, sam, annesley Estimated Number of Hours: 0.0
Add Hours to Ticket: 0 Billable?: yes
Total Hours: 0.75

Description

The BOA stack installs and runs a FTP server, which we don't need as we use SSH/SFTP and it therefore causes a unneeded load, see ticket:692#comment:177 for an example.

Change History

comment:1 Changed 20 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.0 to 0.25

There is a firewall rule to allow FTP traffic:

iptables -L | grep ftp
target     prot opt source               destination       
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:ftp-data
ACCEPT     tcp  --  anywhere             anywhere             ctstate NEW tcp dpt:ftp

For now I have blocked this:

iptables -A INPUT -p tcp --destination-port ftp -j DROP
iptables -A INPUT -p tcp --destination-port ftp-data -j DROP

I can't a simple way to stop this service running, the config for for it is at /usr/local/etc/pure-ftpd.conf and it uses PAM and this is configured via /etc/pam.d/pure-ftpd.

The iptables rules haven't changed the load it is adding however:

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND
18019 root      20   0 28904  444   52 R    27  0.0   0:00.83 pure-ftpd

This might have to be followed up via a ticket with the BOA project -- it seems like a total waste of resources to be running a service we don't use.

comment:2 Changed 20 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Total Hours changed from 0.25 to 0.5

There is a ticket from 2011 which says the way to stop it running is to comment out this line:

  if ($COMMAND =~ /pure-ftpd/) {$ftplives = "YES"; $ftpsumar = $li_cnt{$COMMAND};}

In /var/xdrago/proc_num_ctrl.cgi, so I have done that, all done killall pure-ftpd but it is still running:

  PID USER      PR  NI  VIRT  RES  SHR S  %CPU %MEM    TIME+  COMMAND                                             
 3017 root      20   0 28904  444   52 R    29  0.0   0:00.88 pure-ftpd

So I have opened a ticket about it.

comment:3 Changed 20 months ago by chris

  • Add Hours to Ticket changed from 0.0 to 0.25
  • Status changed from new to closed
  • Resolution set to fixed
  • Total Hours changed from 0.5 to 0.75

The answer to the ticket:

  1. rm -f /usr/local/sbin/pure-config.pl
  2. killall -9 pure-ftpd
  3. remove FTP from _XTRAS_LIST

So I have done 1. and 2., the _XTRAS_LIST variable in /root/.barracuda.cnf didn't contain FTP:

_XTRAS_LIST="PDS CSF CHV"

I have updated the wiki page, see wiki:PuffinServer#pure-ftpd and this matter is now resolved so closing this ticket.

Note: See TracTickets for help on using tickets.