Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
A learner here. I'll be running a basic WWW/SSH/FTP system for my family members to upload their own website on this debian box.
Each of them will have a user account:
- user1 (Samuel)
- user2 (Steven)
- user3 (Adeline)
- user4 (a friend of mine, unix guy)
- nistelrooy (root, myself)
I'll be running, FTP, SSH, WWW on this box. However, due to this user4 inclusion, it makes me want to secure my box.
I've already locked down SSH to myself only.
But how do i do FTP lockdown to the users above, and all the new users created infuture will not have a ftp account automatically created.
Secondly, i realise these users accounts i created are able to download the configuration files on the boxes. That includes very sensitive files like, /etc/proftpd.conf, /etc/apache2/*. There will be so many files&folders exposed to my users with this ftp opened. How do i make sure that i've locked down all these sensitive files and they're locked down to their own directory?
There are many things to do to properly harden a Linux system, and each of the services you're running are potential holes. You need to read the documentation for the service and read about the ways to harden it as well.
I guess that a more relevant question is: why use ftp at all?
If you are running ssh you can do file transfers (like you would do with ftp) with scp. It's secure, encrypted (passwords that is) and takes care of your security concerns.
While I agree scp/sftp are more secure, I can imagine that you would need to run FTP for compatibility or other reasons. If you're bound to use FTP, at least use Vsftpd and not another ftpd. It has a near-perfect track record as far as security is concerned (unlike other ftpd's), is in use with many high volume hosts, is actively maintained, will allow you to use a separate password database and allows you to chroot people to their home etc, etc.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.