Firewall is very important and a must for every servers as this secures the box from any intruders that might want to breach or hack your server. One way that you could put up your default firewall rules in IPtables is via system-config-securitylevel-tui. It is a dos-based like UI that allows you to specify what ports are to be opened. Off course you have to do this only for creating your default firewall but to add up more security you have to use the iptables command line options.
So once you have defined you're open ports and rules via the UI. There's one more thing to do with it. The default rule created by the system-tui is not completely secured at all. There is a slight bug on it.
Try to issue this command:
/sbin/iptables -L
If you will notice the first two lines on the firewall rule RH-Firewall-1-INPUT chain,
you will see there duplicate entry
ACCEPT all -- anywhere anywhere ;this is needed for the server's services
ACCEPT all -- anywhere anywhere ; this is the hole
This one is a hole in the firewall as it allows others to enter/ to access your box from anywhere (like in ssh). To avoid this security breach/security risk, we will delete the other entry.
To do so, first you have to identify the line number in which the duplicate occurs by issuing:
/sbin/iptables -L --line-number
Take note of the line number.
Then we can now delete it. Say the duplicate occurred on line 2, we then issue the command:
/sbin/iptables -D RH-Firewall-1-INPUT 2
Then save your firewall
/sbin/service iptables save
Now you're box has a secured default firewall rulings.
Hope you find it useful. Thanks, Cheers and God Bless!!!!!
Monday, November 24, 2008
Friday, November 7, 2008
Securing FTP server on Linux
Securing Linux FTP Server
On my previous blog I've shown on how to set up a FTP server. But the default settings that are in a default installation are
not that tight or secured yet. To mention few, one of the risk is that the default settings allow anonymous logins. Another
is that the user can navigate anywhere on the server.
On this blog I'll show you on how to make your FTP server more secured.
a.) Disallow anonymous logins
1. First is to disallow anonymous logins. To do this, open the vsftpd.conf using any text editor.
vi /etc/vsftpd/vsftpd.conf
2. Change
anonymous_enable=YES
TO
anonymous_enable=NO
3. Then restart vsftpd
if sudoer
/sbin/service vsftpd restart
if root
service vsftpd restart
b.) Never allow your ftp users to navigate on other folders except the one he owns
1. Comment this line on vsftpd.conf
from:
chroot_list_file=/etc/vsftpd.chroot_list
to:
#chroot_list_file=/etc/vsftpd.chroot_list
2. Set the following settings:
chroot_local_user=YES
chroot_list_enable=NO
3. Then finally restart the vsftpd for the changes to take effect
Here is a link of other settings you can play with:
http://vsftpd.beasts.org/vsftpd_conf.html
Hope you find this helpful. Cheers!!!! and God Bless!!!!!
On my previous blog I've shown on how to set up a FTP server. But the default settings that are in a default installation are
not that tight or secured yet. To mention few, one of the risk is that the default settings allow anonymous logins. Another
is that the user can navigate anywhere on the server.
On this blog I'll show you on how to make your FTP server more secured.
a.) Disallow anonymous logins
1. First is to disallow anonymous logins. To do this, open the vsftpd.conf using any text editor.
vi /etc/vsftpd/vsftpd.conf
2. Change
anonymous_enable=YES
TO
anonymous_enable=NO
3. Then restart vsftpd
if sudoer
/sbin/service vsftpd restart
if root
service vsftpd restart
b.) Never allow your ftp users to navigate on other folders except the one he owns
1. Comment this line on vsftpd.conf
from:
chroot_list_file=/etc/vsftpd.chroot_list
to:
#chroot_list_file=/etc/vsftpd.chroot_list
2. Set the following settings:
chroot_local_user=YES
chroot_list_enable=NO
3. Then finally restart the vsftpd for the changes to take effect
Here is a link of other settings you can play with:
http://vsftpd.beasts.org/vsftpd_conf.html
Hope you find this helpful. Cheers!!!! and God Bless!!!!!
INSTALLATION and SET UP of FTP Server on Linux
On this blog I'll be showing you the steps on how to set up FTP Server in Linux specifically for CentOS/RedHat distro.
For this tutorial I'll be using VSFTP for our FTP server although you can choose to install other FTP server like ProFTP and
others.
What is VSFTPD by the way. VSFTPD is a very secure and fast FTP server for Linux. This is the reason why I chose it to be the
one to discuss in here. So let's get started.
1. First download the VSFTPD package and install it. In my case I just did it via yum
yum install vsftpd
2. Now once the vsftpd has been successfully installed, we can now start the vsftpd service. No worries the default
configuration settings of vsftpd are good to make the FTP server up and running. (But we'll do few more tweaks later on)
3. To start vsftpd issue
if sudoer
/sbin/service vsftpd start
if root
service vsftpd start
4. But don't forget to allow the necessary ports for FTP service. The following are the ports needed to be openned for FTP
Port no. Details
21 ftp port
20 ftp-data port (use for active mode FTP connection)
50000 - 50004 ftp-data (for passive mode) Note: it can be any port higher than 1024
5. Now we're going to add an FTP user
First add new group where FTP members will be in
groupadd ftp-users
6. Make directory from where FTP users will upload download anything
mkdir /home/ftp-docs
7. If the directory has been created or if a directory is already existing just set the permission and owner privileges
chmod /home/ftp-docs
chown root:ftp-users /home/ftp-docs
8. Then we'll add the ftp user
useradd -g ftp-users -d /home/ftp-docs user1
passwd user1
9. Now we can login to the FTP server via the user1 credentials we made. (You may use any FTP software client such like
Filezilla, WinSCP, ProFTP and others)
CHeers!!! And God Bless!!!!
For this tutorial I'll be using VSFTP for our FTP server although you can choose to install other FTP server like ProFTP and
others.
What is VSFTPD by the way. VSFTPD is a very secure and fast FTP server for Linux. This is the reason why I chose it to be the
one to discuss in here. So let's get started.
1. First download the VSFTPD package and install it. In my case I just did it via yum
yum install vsftpd
2. Now once the vsftpd has been successfully installed, we can now start the vsftpd service. No worries the default
configuration settings of vsftpd are good to make the FTP server up and running. (But we'll do few more tweaks later on)
3. To start vsftpd issue
if sudoer
/sbin/service vsftpd start
if root
service vsftpd start
4. But don't forget to allow the necessary ports for FTP service. The following are the ports needed to be openned for FTP
Port no. Details
21 ftp port
20 ftp-data port (use for active mode FTP connection)
50000 - 50004 ftp-data (for passive mode) Note: it can be any port higher than 1024
5. Now we're going to add an FTP user
First add new group where FTP members will be in
groupadd ftp-users
6. Make directory from where FTP users will upload download anything
mkdir /home/ftp-docs
7. If the directory has been created or if a directory is already existing just set the permission and owner privileges
chmod /home/ftp-docs
chown root:ftp-users /home/ftp-docs
8. Then we'll add the ftp user
useradd -g ftp-users -d /home/ftp-docs user1
passwd user1
9. Now we can login to the FTP server via the user1 credentials we made. (You may use any FTP software client such like
Filezilla, WinSCP, ProFTP and others)
CHeers!!! And God Bless!!!!
Subscribe to:
Posts (Atom)