Hi,
Running ftp
online 2:53:02 svc:/network/ftp:default
If I disable ftp
disabled 2:54:00 svc:/network/ftp:default
I can still SEND ftp files out.
I cannot connect to this server via FTP, but why can I still connect to other ftp servers and send files?
Cheers.
The same reason locking your mailbox shut doesn't stop everyone else from getting mail.
Well, you disabled the FTP service/server/daemon.
Disabling FTP server does not disable the FTP client.
If you are running Solaris 11 and if you really want to remove the ftp client, you can simply run:
pkg uninstall network/ftp
With Solaris 10 and older, that would be:
pkgrm SUNWbip
However, the latter command will unfortunately also remove the ping command.
Of course, you can also remove or make unreadable the ftp binary.
If you want to protect from standard ftp traffic, the proper way is to set-up a firewall.
Be real careful changing permissions of system-supplied binaries on Solaris. Solaris often uses the same binary hard-linked with multiple names.
Try running this:
find / -inum `ls -i /usr/bin/mdb | awk '{ print $1 }'`
That will find all the names that are the same binary that is used as "mdb". I've seen way too many things like "hardening guidelines" for Solaris that miss this. They tell you to chmod mdb to something like 600 and wind up breaking everything that runs ksh.
And if you know what you're doing it doesn't even remove access to "mdb"...
That is correct and indeed a good advice. Note however that this issue doesn't affect ftp which is a standalone binary with Solaris, something unlikely to change.