Chapter 5. Server Security
53
5.6.1. FTP Warning Banner
Returning a customized banner to FTP clients when they connect is a good idea, as it helps disguise
what system the FTP server is running on. You can send banners to incoming connections either using
TCP wrappers as described in Section 5.1.1.1 or as described below.
For
vsftpd
, add the following line to its
xinetd
configuration file,
/etc/xinetd.d/vsftpd
:
banner /etc/banners/warning.msg
For
wu ftpd
add the exact same line to its configuration file,
/etc/ftpaccess
.
The contents of the banner file for
vsftpd
should look something like this:
220 Hello, all activity on ftp.example.com is logged.
Note
The 220 is not necessary when in the banner file for wu ftpd.
5.6.2. FTP Greeting Banner
After login all users are presented with a greeting banner. By default, this banner includes version
information useful to crackers trying to identify weaknesses in a system.
To change the greeting banner for
wu ftpd
, add the following directive to
/etc/ftpusers
:
greeting text
insert_greeting_here
To change the greeting banner for
vsftpd
, add the following directive to
/etc/vsftpd.conf
:
ftpd_banner= insert_greeting_here
5.6.3. Anonymous Access
For both
wu ftpd
and
vsftpd
, the presence of the
/var/ftp/
directory activates the anonymous
account.
The easiest way to create this directory is to install the
anonftp
package. This package sets the
directory tree up for the anonymous user and sets up the permissions to read only for anonymous
users.
By default the anonymous user cannot write to any directories.
Caution
If enabling anonymous access to an FTP server, be careful where you store sensitive data.
footer
Our partners:
PHP: Hypertext Preprocessor Best Web Hosting
Java Web Hosting
Inexpensive Web Hosting
Jsp Web Hosting
Cheapest Web Hosting
Jsp Hosting
Cheap Hosting
Visionwebhosting.net Business web hosting division of Web
Design Plus. All rights reserved