CEntOS: Securing FTP (vsftpd) and SSH

Administration, Info.Tech, Operating Systems Add comments

SECURING FTP

Use chroot_local_user=YES then the vsftpd.chroot_list becomes a list of users to NOT chroot. So… you said chroot ALL users but ftpuser.

Notice the commented out lines.
In /etc/vsftpd/vsftpd.conf:

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

edited /etc/vsftpd.chroot_list:
add users only that DO NOT NOT NOT NOT get chrooted.

use /sbin/nologin
edited /etc/passwd entry for ftpuser:

ftpuser:X:#:#:FTP User Account:/home/ftpuser/./:/sbin/nologin

————

chroot_local_user=YES
chroot_list_enable=YES

means that by default ALL users get chrooted except users in the file

chroot_local_user=NO
chroot_list_enable=YES

means that by default ONLY users in the file get chrooted.

See the difference?

Article by: JordanH

Final Configuration:

pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES

chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list

pasv_enable=YES
port_enable=NO
pasv_min_port=60000
pasv_max_port=64000

# ftp settings
connect_from_port_20=YES

# User Settings
pasv_promiscuous=YES
dirlist_enable=YES
download_enable=YES

SECURING SSH

Edit /etc/ssh/sshd_config and at the bottom of the file, add these lines…

# Allowed users to login SSH
#AllowUsers root user002
# Disallow users in logging in at SSH
#DenyUsers user001
  • faiz

    hi i am computer engineer i wnat linux group pls.

WP Theme & Icons by N.Design Studio
Entries RSS Comments RSS Log in