#!/bin/sh
#
# script to protect anonymous ftp against some attacks
#  (c) Mar-90 by guenther@ira.uka.de
#
FTP_HOME=/ftp
BIN=$FTP_HOME/bin
DEV=$FTP_HOME/dev
ETC=$FTP_HOME/etc
IN=$FTP_HOME/incoming
LF=$FTP_HOME/lost+found
LOG=$FTP_HOME/ls-lagR
OUT=$FTP_HOME/outgoing
PUB=$FTP_HOME/pub
TMP=/tmp
#
FTP_UID=ftpadm
FTP_GID=XLINK
#
CHGRP=/bin/chgrp
CHMOD=/bin/chmod
CHOWN=/etc/chown
COMPRESS=/usr/ucb/compress
FIND=/usr/bin/find
LS=/bin/ls
RM=/bin/rm
SH=/bin/sh
#

#
#	create temporary script for find
#

CHPERM=$TMP/SECURE_FTP.$$

$CAT << 'EOF' > $CHPERM
#!$SH
  if [ -d $1 ] ; then $CHMOD 755 $1; else $CHMOD 644 $1; fi
EOF

#

$CHOWN -f root $FTP_HOME
$CHMOD 755 $FTP_HOME

$CHOWN -f $FTP_UID $FTP_HOME/*
$CHOWN -f -R root $BIN $ETC $LF

cd $FTP_HOME

for i in * ; do
	$SH $CHPERM $i
done

$CHMOD 111 $BIN $ETC
$CHMOD 711 $OUT
$CHMOD 733 $IN

$CHOWN -f -R $FTP_UID $PUB $IN $OUT
$CHGRP -f -R $FTP_GID $PUB $IN $OUT

$FIND $PUB -exec $SH $CHPERM {} \;
		    
$RM -f $CHPERM

#
[ -f $LOG.Z ] && {
	$RM -f $LOG.Z
}
[ -f $LOG ] && {
	$RM	-f $LOG
}
cd FTP_HOME
$LS	-lagR $PUB > $LOG
$COMPRESS $LOG
$CHOWN	-f $FTP_UID $LOG $LOG.Z
$CHGRP	-f $FTP_GID $LOG $LOG.Z
[ -f $LOG ] && {
	$CHMOD	644 $LOG
}
[ -f $LOG.Z ] && {
	$CHMOD	644 $LOG.Z
}
#
# end-of-script
#