Linux system improves FTP server security _ftp Server

Source: Internet
Author: User
Tags anonymous file upload ftp protocol least privilege
How to prevent an attacker from illegally stealing important information from an FTP server, and how to prevent an attacker from using an FTP server to spread trojans and viruses. These are issues that the system administrator needs to focus on. This time I'm going to talk about how to improve the security of the FTP server, as an example of the broadest vsftp used on Linux operating system platforms.

Prohibit system level users from logging on to an FTP server.

In order to improve the security of the FTP server, the system administrator would be better able to set up a separate FTP account for employees, rather than the system-level users to the ordinary user to use, which will bring great security risks. In the VSFTP server, you can manage the login account through the configuration file vsftpd.ftpusers. However, this account is a blacklist, the person listed on this account will not be able to use their account to log on to the FTP server. After deploying the VSFTP server, we can use the VI command to view this profile and find that it already has a number of default accounts. Among them, the system's Superuser root is also in it. Visible for security reasons, the VSFTP server by default prohibits the root account from landing on the FTP server. If the system administrator wants the system account such as root to log on to the FTP server, it is necessary to delete the user name such as root in this configuration file. However, allowing the system account to log on to the FTP server adversely affects its security, and I do not recommend that the system administrator do so. For the relevant system account administrator in this file, do not change the best one, keep these account settings.

If, for other reasons, you need to disable other accounts, you can add the account name to the file. If the FTP server and the database server may be deployed at the same time on the server. So for security reasons, it's a good idea to include the database administrator's account on this blacklist.

Second, to strengthen the control of anonymous users.

Anonymous users are those accounts that are not defined in the FTP server, and FTP system administrators still need them to log in for ease of administration. However, after all, they do not have access to the server's authorization, in order to improve the security of the server, they must be limited to their permissions. There are also many parameters on the VSFTP server that can be used to control the permissions of anonymous users. The system administrator needs to do the relevant configuration work according to the security level of the FTP server. It should be explained that the more restrictive the permissions of the anonymous user, the higher the security of the FTP server, but the lower the convenience of the user access. So the end system administrator still needs to achieve a balance in the security and convenience of the server.

Here are a few of my recommended configurations for anonymous users, and you can refer to these configurations if you don't know how to configure them. These configurations balance the security of the server with the convenience of the user.

One is the parameter anon_world_readable_only. This parameter is primarily used to control whether anonymous users can download readable files from the FTP server. If the FTP server is deployed within the enterprise and is primarily used by internal employees of the enterprise, it is best to set this parameter to Yes. You can then place files that are publicly available, such as common forms, and so on, so that employees can download the files anonymously. This does not affect the security of the FTP server, but also facilitates the convenience of other employees ' operations.

The second is the parameter anon_upload_enable. This parameter indicates whether anonymous users can upload files to the FTP server without anonymous access. In general, this parameter should be set to No. That is, users are not allowed to upload files on anonymous access. Otherwise, any person can upload files, if the other party upload a virus file, the enterprise is not going to suffer. Therefore, anonymous users should be prohibited from uploading files. But there are exceptions. If some enterprises use FTP protocol to back up files. At this point, if the security of the corporate network is guaranteed, you can set this parameter to Yes, which allows the operating system to invoke the FTP command to back up files on the FTP server. In this case, anonymous access is often used to simplify the deployment of the backup program. It is necessary to allow anonymous users to upload files on the FTP server.

The third is parameter anon_other_write_enable and parameter anon_mkdir_write_enable. These two parameters are primarily concerned with some of the more advanced permissions of anonymous users. If the first parameter indicates that an anonymous user has permission to upload and establish a subdirectory, you can change the name of the file on the FTP server, and so on. The second argument indicates that anonymous users can create subdirectories in specific cases. These features can affect the security of the FTP server and the security of the files. For this reason, these permissions should be disabled unless there is a particular need for them. That is, set the value of these parameters to No. I think that unless the FTP server is a system administrator to play with, you can turn on these parameters. Otherwise, it is better to set these parameters to No to improve the security of the FTP server.

In general, the control of anonymous users should follow the principle of least privilege. Because anonymous users are users who are not authorized by the FTP server, deep level permission access control is not possible. To this end, only through these basic parameters to achieve control.

Third, completes the catalogue the control.

Typically, a system administrator needs to set a different root directory for each different user. For security reasons, instead of interfering with each other, the system administrator needs to set up a root directory that does not allow users to access other users. For example, some enterprises set up an FTP account for each department to facilitate their exchange of files. Then the sales department has a root directory of sale; The warehouse department has a root directory ware. As sales employees, they can access any subdirectories under their root directory, but they cannot access the root directory ware of the warehouse user. In this case, the sales department employees will not be able to access the warehouse user's files. Visible, by restricting access to directories other than the root directory, users can be prevented from interfering with each other to improve the security of files on the FTP server. To achieve this, you can set the parameter Chroot_local_user to No. Once this is set up, all users who log on locally are not allowed to enter directories other than the root directory. However, in this control, it is best to set up a directory that everyone can access to store some of the public files. We should not only protect the security of the server, nor can it affect the normal sharing of files.

Four, the transmission rate limit.

Sometimes in order to ensure the stable operation of the FTP server, it is necessary to download the file upload speed limit. If on the same server, the FTP server, mail server, and so on are deployed separately. In order for these application services to coexist peacefully, it is necessary to control the maximum transmission rate. Because the maximum bandwidth of the same server is limited. If an application service occupies a larger bandwidth, it will adversely affect other application services, or even cause other application services to be unable to function properly for the needs of the corresponding users. Again, as with the different FTP uses, you also need to set the maximum rate limit. such as FTP at the same time as a file backup and file upload and download purposes, so in order to improve the efficiency of file backup, shorten the backup time to the file upload download rate of the maximum limit.

In order to achieve the transfer rate limit, the system administrator can set the Local_max_rate parameter. By default, this parameter is not enabled, that is, there is no maximum rate limit. However, for these reasons, I suggest that the system administrator can set up this parameter before putting the FTP server into production operation. To prevent the use of excessive bandwidth upload download to other application services have a negative impact. The system administrator needs to achieve a balanced and reasonable allocation of bandwidth between the various application services. At a minimum, make sure that each application service responds properly to the customer's request. In addition, if possible, it is necessary to perform the wrong peak operation. If you are deploying both a mail server and an FTP server on a single host. The FTP server is used primarily for file backup. So in order to prevent file backup has a negative impact on the delivery of mail (because file backup requires a large amount of bandwidth will greatly reduce the speed of mail delivery), it is best to be able to file backup and send and receive the peak period of separation. If you are in the morning when the mail is sent to the peak period, then do not use the FTP service for file backup. And at the noon break generally send and receive mail is relatively few. In this case, FTP can be used for file backup. So the FTP server and other application services to run the wrong peak, then you can set this rate to a larger point to improve the efficiency of the FTP service operation. Of course, this puts a higher demand on the system administrator. Because the system administrator needs to analyze a variety of applications, and then combine the deployment of the server, to carry out a comprehensive planning. Unless there are higher measures and better conditions, otherwise the maximum rate of transfer to the FTP server is necessary. Otherwise, the enterprise will be deployed in other information services to bring a very large adverse impact, will cause network congestion.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.