Friday, February 22, 2013

Make FTP server secure on Linux : RHEL, CentOS, UBUNTU

To install FTP on Linux Server, click here

1) Open vsftpd.conf (/etc/vsftpd.conf or/etc/vsftpd/vsftpd.conf)
To prevent anonymous log-in, Set anonymous_enable=NO
 In vsftpd.conf, if anonymous_enable=YES, There is no need to put username & password. If you put only hostname and try to log-in, you can log-in. This situation is very dangerous.
For security purpose, Always set this attribute NO. 

2) These are the harmful content for your vsftpd.
If your vsftpd file (/etc/pam.d/vsftpd) has following content, it will allow blank or wrong password. It is a threat for your security.
auth sufficient /lib/security/pam_pwdfile.so pwdfile /home/ftp/passwd
auth required pam_shells.so
account required pam_permit.so
Never make auth sufficient , it should be required always.

Never leave your vsftpd file with above content.

3) Never allow blank or wrong password for ftp user 
Make Sure your vsftpd file has following content

If it is Debian, Ubuntu
auth required pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed
@include common-account
@include common-session
@include common-auth
auth required pam_shells.so

If it is CentOS, RHEL
session    optional     pam_keyinit.so    force revoke auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed auth       required pam_shells.so auth include password-auth session include password-auth session    required     pam_loginuid.so account include password-auth

4) When you make any changes in the file vsftpd.conf, make sure you have restarted the vsftpd.

No comments:

Post a Comment