We use HP-UX for tftp and it works great.
Jeff
Jeff Groman
IS Department, Childrens Hospital, Denver
[EMAIL PROTECTED]
303 864 5671
On Fri, 23 Mar 2001, Brian Kimsey-Hickman wrote:
> Re: Anyone tried setting up a Linux TFTP Server for Cisco?Thanks, for
> everyone who replied. I didn't mean to start a Linux versus Microsoft
> controversy but that is okay. I think they are valuable discussions. I did
> read in the Cisco literature that the Windows base tftp servers are limited
> to 16 MB and the Linux/Unix versions are not. Since flash images are fast
> approaching that size I thought I would start getting prepared. Whether or
> not that is actually true, I don't know. Thanks, Alan your suggestions did
> the trick.
>
> Thanks,
>
> Brian
> -----Original Message-----
>
> From: Elijah Savage [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 22, 2001 11:17 AM
> To: W. Alan Robertson; Brian Kimsey-Hickman; [EMAIL PROTECTED]
> Subject: RE: Anyone tried setting up a Linux TFTP Server for Cisco?
>
>
> I know its off topic, but I hate such narrow minded comments...
> > If you have ever installed any *ix system, you'd be darn well
> > aware that the thing is w i d e open. There is almost
> > no security there. It has to be added and maintained. Win32
> > systems are similar. Very trusting and friendly until they are
> > properly taken care of. Is *ix inherently more secure? no way.
>
>
> No holy war here either. But I could not resist the reply to this comment.
> Of course it depends on the administrator of the box, but it depends also
> how you install it. I have never installed a linux box with ftp or telnet by
> default(openssh). Because these boxes I setup are usually dns or web servers
> you can install them so that they run in a chrooted environments which tends
> to be a tad bit more secure. This is one reason I like nix over any win
> platform because I can install what I want and how I want it, which usually
> makes a nix box more secure than any win platform. So to me how I stated
> above nix is more secure, but of course you have to know what you are doing.
> You probably will say well this is not a base install. And my reply is well
> if you do a custom install which you can do right out of the box without
> recompiling the kernel or anything fancy nix will me more secure than win32
> platforms out of the box. I would like to see a custom install on win32
> instead of click here to continue.
>
> I challenge anyone to make a valid, non-ideological based
> > comparison of a base Win32 and a base Liux install. If Linux
> > were so damned secure in its current state, I woulnd't see IDS
> > logs filling up with folks scanning for obvious Linux vulns, now
> > would I? Bottom dollar is, without proper administration, both
> > Win32 and *ix suck big time. With proper care and feeding, they
> > can both become releatively secure.
> >
>
> You are seeing IDS logs filling up due to the fact that most script
> kiddies out there are learning nix and what vulnerabilities are associated
> with it. And from my years of experience and dealing with these individuals
> it is more of a challenge for them, like a notch in their belt if they
> compromise a nix box rather than a win32 platform. They will be readily
> accepted by their peers if this is accomplished and shunned away for saying
> hey I cracked a nt server. Due to the fact and the latest security survey (I
> can't remeber right off hand by whom) that show due to the recent influx of
> MCSE certified individuals that lack experience on securing these boxes that
> get broken into its not a challenge to them any more. It showed there were a
> very high number of individuals out there that did not even have the known
> IIS patch applied. I am not knocking MCSE individuals here because I myself
> am a MCSE+I we all have to start some where. But there are more individuals
> out there in the industry with NT boxes than there are with Unix boxes under
> their control.
> If you ask me this is some of the reason why you see so many entries in
> your log for nix vulnerabilities than you do for the win32 platform.
>
>
>
>
> -----Original Message-----
> From: W. Alan Robertson
> Sent: Thu 3/22/2001 10:23 AM
> To: Brian Kimsey-Hickman; [EMAIL PROTECTED]
> Cc:
> Subject: Re: Anyone tried setting up a Linux TFTP Server for Cisco?
>
>
> Rather than get into a Holy War about why Linux is better than Windows,
> I
> figured I'd just answer your question.
>
> in.tftpd doesn't constantly run like other processes, like a http
> server, as an
> example.
>
> in.tftpd is typically started as needed, and terminated when finished.
> The
> controlling process is inetd. The configuration file for inetd can be
> found at
> '/etc/inetd.conf'.
>
> Edit that file...
>
> Scroll down to a line that reads like this (the exact line varies by
> Linux
> distribution):
>
> #tftp dgram udp wait nobody /usr/sbin/tcpd
> /usr/sbin/in.tftpd /tftpboot
>
> The # means that this line is commented out. If you remove the hash
> mark,
> leaving:
>
> tftp dgram udp wait nobody /usr/sbin/tcpd
> /usr/sbin/in.tftpd /tftpboot
>
> you will have enabled the tftp service for the box. The "/tftpboot"
> reference
> refers to the tftp service home directory, so make certain that it
> exists. You
> can also move the location if you'd like. Just specify a different
> path, and
> ensure that it exists.
>
> Finally, you need to restart the inetd process, so that it will be aware
> of that
> fact that you want it to manage tftp services.
>
> Do a 'ps ax | grep inetd'. That will something like:
>
> yavin:/etc# ps ax | grep inet
> 252 ? S 0:00 /usr/sbin/inetd
> 369 ? SW 0:00 [rinetd]
> 7945 pts/1 S 0:00 grep inet
> yavin:/etc#
>
> To restart it, type this: 'kill -HUP [pid]'
>
> In my example, 252 is the pid (Process ID).
>
> I almost forgot... One thing you also need to check is the directory
> pemissions
> of /tftpboot...
>
> Make sure that the directory is World Readable, and World Writable.
> Tftp does
> no user authentication, so you have to give global read/write access to
> it's
> directory. Also, before sending a file up to the tftp server, you will
> need to
> 'touch filename'. Generally, the service will allow you to overwrite a
> file
> that exists, but it will not allow you to create a wholly new file.
> Silly,
> isn't it?
>
> Best of luck...
>
> Alan
>
> ----- Original Message -----
> From: "Brian Kimsey-Hickman" <[EMAIL PROTECTED]>
> To: <[EMAIL PROTECTED]>
> Sent: Thursday, March 22, 2001 8:17 AM
> Subject: Anyone tried setting up a Linux TFTP Server for Cisco?
>
>
> > I was wondering if anyone had tried to set up to Linux box as a TFTP
> server
> > for Cisco configurations and images. I have tried in.tftp but don't
> seem to
> > be having a lot of luck.
> >
> > Thanks,
> >
> > Brian
> >
> > _________________________________
> > FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> > Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
> _________________________________
> FAQ, list archives, and subscription info:
> http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
>
>
> _________________________________
> FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
> Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
>
_________________________________
FAQ, list archives, and subscription info: http://www.groupstudy.com/list/cisco.html
Report misconduct and Nondisclosure violations to [EMAIL PROTECTED]
