52


Chapter 5. Server Security


5.5.3. The


UserDir


Directive


The


UserDir


directive is disabled by default because it can confirm the presence of a user account on


the system. If you wish to enable user directory browsing on the server, use the following directives:


UserDir enabled


UserDir disabled root


These directives activate user directory browsing for all user directories other than


/root


. If you


wish to add users to the list of disabled accounts, add a space delimited list of users on the


UserDir


disabled


line.


5.5.4. Do Not Remove the


IncludesNoExec


Directive


By default, the server side includes module cannot execute commands. It is ill advised to change this


setting unless you absolutely have to, as it could potentially enable an attacker to execute commands


on the system.


5.5.5. Restrict Permissions for Executable Directories


Be certain to only allow write permissions for the root user only for any directory containing scripts


or CGIs. This can be accomplished by typing the following commands:


chown


directory_name


chmod 755


directory_name


Also, always verify that any scripts you are running work as intended before putting them into pro 


duction.


5.6. Securing FTP


The File Transport Protocol (FTP) is an older TCP protocol designed to transfer files over a network.


Because all transactions with the server, including user authentication, are unencrypted, it is consid 


ered an insecure protocol and should be carefully configured.


Red Hat Linux provides four FTP servers.


  gssftpd


  A kerberized FTP daemon which does not pass authentication information over the


network.


Red Hat Content Accelerator (


tux


)   A kernel space Web server with FTP capabilities.


  vsftpd


  A simplified, security oriented implementation of the FTP service.


  wu ftpd


  A highly configurable, full featured FTP daemon.


The following security guidelines are for setting up the


wu ftpd


and


vsftpd


services.


Important


If you activate both the wu ftpd and vsftpd services, xinetd will only activate vsftpd because it


comes first alphabetically.








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      web hosting comparison

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Jsp Hosting
Cheap Hosting



Visionwebhosting.net Business web hosting division of Web 
Design Plus. All rights reserved