Is my linux box secure with these to options on.
What are you actually asking? Could you be more specific what you how "secure" is defined in this case?
Both directives allow anyone who has access to your FTP server to control your FTP server to send any data to any remote port on remote server, which is, from a "Bad" Thing from an admin point of view because it makes transactions opaque in the sense that your box volunteers to be an intermediate for any transaction.
General restrictions, without addressing the necessity of site-to-site or FXP transfers could be blocking traffic originating from "non-routables" and rate limiting in/outbound traffic.
More specific restrictions depend on auditing your server capabilities for allowing something along the lines of an ftp bounce attack and if you need to provide access: to any remote server or a finite and determinable group of FTP/FXP servers, for anon users or a determinable group of users and maybe if you need to allow bi-directional FXP or "one way" (but then I don't use FXP so I don't know if that's feasable, OK).
|