Unsafe programs and alternative programs on Linux systems

WUFTD has been a constant security vulnerability since 1994, and hackers can easily access remote root access, and many security vulnerabilities do not even require a valid account on the FTP server. Recently, WUFTP is also a frequent occurrence of security vulnerabilities.

Its best alternative program is PROFTPD. PROFTPD is easy to configure, and in most cases it is faster, and its source code is relatively clean (fewer buffer overflow errors). There are many important sites that use PROFTPD. SourceForge.net is a good example (this site has 3,000 open source projects, its load is not small ah!) ）。 Some Linux distributors use PROFTPD on their primary FTP site, and only two major Linux publishers (SuSE and Caldera) use WUFTPD.

Another advantage of PROFTPD is that it can run both from inetd and as a separate daemon. This makes it easy to solve some of the problems that inetd brings, such as denial-of-service attacks (denial of service attack), and so on. The simpler the system, the easier it is to keep the system safe.

WUFTPD either review all of the source code (very difficult), or rewrite the code completely, otherwise wuftpd must be replaced by PROFTPD.

Telnet

Telnet is very, very insecure, and it transmits passwords in plaintext. It's safe to replace the program is OpenSSH. OpenSSH is already very mature and stable on Linux, and there are a lot of free client software on the Windows platform. Linux publishers should adopt a OpenBSD strategy: Install OpenSSH and set it to default, install Telnet but do not set it to default.

For Linux publishers who are not in the United States, it is easy to add OpenSSH to Linux distributions. Linux publishers in the U.S. will have to think of something else (for example: Red hat has the latest openssh RPM packages on the German FTP server (ftp.redhat.de)). Telnet is an incurable procedure. To ensure the security of the system, you must replace it with software such as OpenSSH.

Sendmail

In recent years, the security of SendMail has improved a lot (it used to be the hacker's key attack program). However, SendMail still has a very serious problem. In the event of a security breach (such as a recent Linux kernel error), SendMail is the program that the hacker focuses on, because SendMail is running as root and the code is large and prone to problems.

Almost all Linux distributors use SendMail as their default configuration, with only a handful of postfix or qmail as optional packages. However, few Linux distributors use SendMail on their mail servers. Both SuSE and red Hat use a qmail based system.

SendMail does not necessarily have to be completely replaced by other programs. But its two alternative programs, QMail and Postfix, are more secure, faster, and especially postfix than it is easy to configure and maintain.