Securing Linux FTP Server
On my previous blog I've shown on how to set up a FTP server. But the default settings that are in a default installation are
not that tight or secured yet. To mention few, one of the risk is that the default settings allow anonymous logins. Another
is that the user can navigate anywhere on the server.
On this blog I'll show you on how to make your FTP server more secured.
a.) Disallow anonymous logins
1. First is to disallow anonymous logins. To do this, open the vsftpd.conf using any text editor.
vi /etc/vsftpd/vsftpd.conf
2. Change
anonymous_enable=YES
TO
anonymous_enable=NO
3. Then restart vsftpd
if sudoer
/sbin/service vsftpd restart
if root
service vsftpd restart
b.) Never allow your ftp users to navigate on other folders except the one he owns
1. Comment this line on vsftpd.conf
from:
chroot_list_file=/etc/vsftpd.chroot_list
to:
#chroot_list_file=/etc/vsftpd.chroot_list
2. Set the following settings:
chroot_local_user=YES
chroot_list_enable=NO
3. Then finally restart the vsftpd for the changes to take effect
Here is a link of other settings you can play with:
http://vsftpd.beasts.org/vsftpd_conf.html
Hope you find this helpful. Cheers!!!! and God Bless!!!!!
No comments:
Post a Comment