
What is ftpck

     ftpck is utility to verify the various files required to run
     wu-ftpd.

     Since the beginning, the only wu-ftpd configuration checker was
     "ckconfig". All it did was simply check to see if the needed files
     were where they had been specified in pathnames.h. Other than
     that, you had to look at the man pages, examples and the source
     code to try and figure out what was the proper syntax. In some
     cases, ftpaccess file directives were added but not listed in the
     man pages or READMEs.

     ftpck is intended to check all files and fields in all the files
     to assure proper syntax. It checks to assure that all files
     referenced in the various wu-ftpd system files exist. It checks
     modes on files as well as modes on ftp directories specified.

     This is a third developmental version and is finally nearing
     public release.

     Please help me complete this. It has already pointed out errors in
     my configuration here and I'm sure it will help you as well. I
     need suggestions about what checks make sense and should be added.
     Also I need help deciding what should be listed as an ERROR: and
     what should be listed as a WARNING:. Please help me create a
     useful and complete wu-ftpd configuration checker for all to use.

                                   [----]

Current development status

     June 3, 1997: This has been cleaned up greatly with all ftpaccess
     records now being checked. There a only a couple checks still
     needed and we are entering the cleanup phase in preparation for
     release. It has not been converted to ANSI C yet. That is coming.

     This was developed on Solaris 2.5 and there may be portability
     concerns. I hope not but if so, please send me any required
     patches and I'll add them.

     I could use some help. Portability testing is what I need most.

                                   [----]

What does it test ?

     This list nearly complete. At present the following things are
     checked.

     The following WU-FTPD configuration files being tested.

          ftpaccess, ftpconversions, ftphosts, ftppidnames,
          ftpgroups, ftpservers, ftpusers, xferlogs

     Additionally, the _PATH_EXECPATH define, is checked as is the
     inetd.conf file.

     The plan is to:

        * assure complete ftpaccess file checking is done,
        * final cleanup with manual page,
        * write a separate utility which checks permissions, modes,
          ownership, number of links, etc. of the individual ftp data
          directories. This utility is tenatively named auditftp.

     Please send suggestions to kent@landfield.com concerning tests you
     would like to see done.

     ftpaccess

            1. The existence of the specified ftpaccess file is
               verified.
            2. Modes on each of the specified ftpaccess files are
               checked to assure they are 0600.

          In addition, each record in the file is verified.

            1. alias directive
                  o Improper number of fields
                  o Checks if directory aliased exists for real
                    users
                  o Checks if directory aliased exists for
                    anonymous users
            2. autogroup directive
                  o Improper number of fields
                  o Groupname specified is a valid system group
                  o Checks each "class" specified to assure it is
                    a valid "class"
            3. banner directive
                  o Improper number of fields
                  o Checks if banner message file exists
            4. cdpath directive
                  o Improper number of fields
                  o Checks if directory aliased exists for real
                    users
                  o Checks if directory aliased exists for
                    anonymous users
            5. class directive
                  o Improper number of fields
                  o Verify there is a valid typelist specified
                  o Verify the Domain and/or IP address globbing
                    passed in
            6. compress and tar directives
                  o Improper number of fields
                  o Invalid "yes/no" specified
                  o Checks each "class" specified to assure it is
                    a valid "class"
            7. chmod, delete, overwrite, rename and umask
               directives
                  o Improper number of fields
                  o Invalid "yes/no" specified
                  o Assures <typelist> is a comma-separated list
                    of any of the keywords "anonymous", "guest"
                    and "real".
            8. deny directive
                  o Improper number of fields
                  o Checks for valid Address, domain or
                    !nameserved
                  o Checks to assure the message file exists
            9. email directive
                  o Improper number of fields
           10. guestgroup directive
                  o Improper number of fields
                  o Groupnames specified are valid system groups
           11. guestserver directive
                  o Improper number of fields
           12. limit directive
                  o Improper number of fields
                  o Check if valid class specified
                  o Check <n> is a number
                  o Valid <time> specified (valid_time TBD)
                  o Message file exists in guest and real ftp
                    directories
           13. log directive
                  o Improper number of fields
                  o Checks both the `log transfers' and `log
                    commands' entries.
                  o Assures <typelist> is a comma-separated list
                    of any of the
                  o Checks directions
           14. logfile directive (new virtual support directive)
                  o Improper number of fields
                  o Assure logfile exists at specified path
           15. loginfails directive
                  o Improper number of fields
                  o content is a number
           16. lslong and lsshort directives
                  o Verify the specified executable exists
           17. message directive
                  o Improper number of fields
                  o Check the <when> specified is valid
                  o Verify any classes listed are valid system
                    classes
           18. noretrieve directive
                  o Improper number of fields
                  o Check the to assure the <filename> file is
                    available
           19. passwd-check directive
                  o Improper number of fields
                  o Check for <none|trivial|rfc822> validity
                  o Check for <enforce|warn> validity
           20. path-filter directive
                  o Improper number of fields
                  o Check typelist specified is valid
                  o Verify message file path exists
           21. private directive
                  o Improper number of fields
                  o Invalid "yes/no" specified
                  o If "private yes" check to see if _PATH_PRIVATE
                    exists
           22. readme directive
                  o Improper number of fields
                  o Check the <when> is valid
                  o Verify any classes listed are valid system
                    classes
           23. root directive (new virtual support directive)
                  o Improper number of fields
                  o Verify specified ftpd root data directory
                    exists
                  o Check to assure path is a directory.
           24. shutdown directive
                  o Improper number of fields
           25. upload directive
                  o Improper number of fields
                  o Check to assure maximum of 7 arguments
                  o Make sure <root-dir> matches the ftp user
                    passwd file homedir
                  o Check if ARG2 is yes/no
                  o Validate dirs/nodirs
                  o Assure the mode specified is sane
                  o Assure any specified user has a passwd file
                    entry
                  o Assure any specified group has a group file
                    entry
           26. virtual directive
                  o Improper number of fields
                  o Make sure <addr> seems sane
                  o Check if ARG1 is root/banner/logfile
                  o Assure path exists (only from machine root)
                  o Assure root path is a directory
                  o Assure banner and logfiles are regular files

          Also checks for invalid directives used in the ftpaccess
          files.

     ftpconversions

       1. The existence of the ftpconversions file is verified.
       2. Modes on the ftpconversions file are checked to assure they
          are 0600.
       3. Verify syntax of the ftpconversions file.
       4. Verify specified external commands exist in the root.
       5. Verify specified external commands exist in the anonymous
          area.
       6. Verify 'types' specified are valid.
       7. Verify 'options' specified are valid.

     ftphosts

       1. The existence of the ftphosts file is verified.
       2. Modes on the ftphosts file are checked to assure they are
          0600.
       3. Verify syntax of the ftpgroups file.
       4. Verify allow/deny keyword usage.
       5. Verify valid domain and IP globbing specified.

     ftppidnames

       1. Checks the existence of the runtime pid file directory.

     ftpgroups

       1. The existence of the ftpgroups file is verified.
       2. Modes on the ftpgroups file are checked to assure they are
          0600.
       3. Verify syntax of the ftpgroups file.
       4. Make sure the groups specified are valid system groups.

     ftpservers

       1. The existence of the ftpservers file is verified if
          VIRTUAL_SERVER support compiled in.
       2. Modes on the ftpservers file are checked to assure they are
          0600.
       3. Checks to assure all ftpaccess files specified in the
          ftpservers file exist.
       4. All specified ftpaccess files are then themselves checked via
          the ftpaccess tests listed above.

     ftpusers

       1. The existence of the ftpusers file is verified.
       2. Modes on the ftpusers file are checked to assure they are
          0600.
       3. Account names not longer than 8 characters.
       4. Assure only one item per line.
       5. Records are newline terminated.
       6. Check root and all system accounts are in ftpusers file.

     xferlogs

       1. The existence of the xferlog files are verified. All xferlogs
          are checked if the site has indicated the use of virtual
          server support.
       2. Modes on the xferlog file are checked to assure they are
          0660.

     _PATH_EXECPATH

       1. Checks to assure you have not compiled WU-FTPD with
          _PATH_EXECPATH set to /bin, /usr/bin, /etc or /sbin. Doing so
          would open potential or real security holes onto your system.

     inetd.conf

       1. Check to assure the "-a" option is specified on the 'ftp'
          entry. Without it all ftpaccess functionality is disabled.

                                   [----]

Getting ftpck

     You can get the current snapshot of ftpck from
     ftp://ftp.landfield.com/wu-ftpd/ftpck/

                                   [----]

Installing ftpck

     As the distribution is configured, it needs to be unpacked under
     the wu-ftpd src/ directory. The tar/shar files will create a
     subdirectory ftpck.1.x. You will need to edit the Makefile in the
     ftpck directory and make sure things are right for your
     installation. It is setup to use your existing pathnames.h and
     config.h files.

     Type make and build it. Test it from that directory. When you are
     satisfied it does the right things, type make install and then go
     verify your config.

     Note: rdservers.c is not used unless you are one of the beta sites
     for my new way of doing virtual hosting. If so, make sure you put
     -DVIRTUAL_SERVER in the CFLAGS. If you are using the current
     virtual support then you do not need to do anything.

                                   [----]

Running ftpck

     usage: ftpck [ -ceFghprstuvx ] [-f accessfile]

     With no options, all WU-FTPD configuration files are checked.
     More than one set of checks can be specified at a time.

     Options for checking default config files
       -c:             Check ftpconversions file at /tmp/ftpd/ftpconversions
       -f:             Check ftpaccess file at /tmp/ftpd/ftpaccess
       -g:             Check ftpgroups file at /tmp/ftpd/ftpgroups
       -h:             Check ftphosts file at /tmp/ftpd/ftphosts
       -p:             Check pid directory at /tmp/ftpd/ftp.pids-%s
       -s:             Check ftpservers file at /tmp/ftpd/ftpservers
       -u:             Check ftpusers file at /tmp/ftpd/ftpusers
       -x:             Check xferlog file at /tmp/ftpd/xferlog

     Check named file options
       -C conversions: Check the specified ftpconversions file
       -F ftpaccess:   Check the specified ftpaccess file
       -G ftpgroups:   Check the specified ftpgroups file
       -H ftphosts:    Check the specified ftphosts file
       -S ftpservers:  Check the specified ftpservers file
       -U ftpusers:    Check the specified ftpusers file

     Other options
       -d:             Turn on describe mode. (Very verbose) A
                       second -d enables accessfile line display
       -e:             Check _PATH_EXECPATH not == /bin
       -i:             Check inetd.conf file at /etc/inetd.conf
       -I inetd.conf:  Check the specified inetd.conf file
       -r:             Verify aliases and cdpaths usable in all ftp root directories
       -v:             Produce verbose output

     Please Note: The files specified in the above usage example
     represent the test location of the various WU-FTPD config files on
     my system. These paths are dependent on the specifications in the
     pathnames.h you use.

                                   [----]

----
Kent Landfield                        Phone: 1-817-545-2502             
The Landfield Group                   FAX:   1-817-545-7650             
Email: kent@landfield.com             http://www.landfield.com/
Please send comp.sources.misc related mail to kent@uunet.uu.net.
Search the Usenet Hypertext FAQ Archive at http://www.faqs.org/faqs/
