[Yum] can I disable FTP PASV mode for yum?

Jason Haar Jason.Haar at trimble.co.nz
Sun Jan 11 21:49:50 UTC 2009


Hi there

We're getting false alarms triggering on our NIDS due to PASV-mode YUM
FTP sessions. This is on no account the fault of YUM, but I was
wondering if we could reconfigure YUM to use non-PASV (ie PORT) mode FTP
instead (better yet, disable FTP so that YUM only used HTTP servers). We
can do some NIDS whitelisting tricks for PORT-mode - as port 20 is
always used - which we can't do with PASV-mode.

So YUM uses urlgrabber which in turn uses ftplib, which in turn has a
"set_pasv" option. But I don't seem to be able to alter that by adding
it to /etc/yum.conf? Can I do that, or would I actually have to fiddle
with ftplib to achieve what I want (I won't do that - too many
downstream consequences)

Thanks!

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1



More information about the Yum mailing list