Make FTP server secure on Linux : RHEL, CentOS, UBUNTU

To install FTP on Linux Server, click here

1) Open vsftpd.conf (/etc/vsftpd.conf or/etc/vsftpd/vsftpd.conf)
To prevent anonymous log-in, Set anonymous_enable=NO
 In vsftpd.conf, if anonymous_enable=YES, There is no need to put username & password. If you put only hostname and try to log-in, you can log-in. This situation is very dangerous.
For security purpose, Always set this attribute NO. 

2) These are the harmful content for your vsftpd.
If your vsftpd file (/etc/pam.d/vsftpd) has following content, it will allow blank or wrong password. It is a threat for your security.
auth sufficient /lib/security/ pwdfile /home/ftp/passwd
auth required
account required
Never make auth sufficient , it should be required always.

Never leave your vsftpd file with above content.

3) Never allow blank or wrong password for ftp user 
Make Sure your vsftpd file has following content

If it is Debian, Ubuntu
auth required item=user sense=deny file=/etc/ftpusers onerr=succeed
@include common-account
@include common-session
@include common-auth
auth required

If it is CentOS, RHEL
session    optional    force revoke auth required item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth       required auth include password-auth session include password-auth session    required account include password-auth

4) When you make any changes in the file vsftpd.conf, make sure you have restarted the vsftpd.

No comments:

Post a Comment

Related Posts Plugin for WordPress, Blogger...