Archive for the tag 'vsftpd'

SBDavid
Oct 7th, 2009

How to enable write-only directory for Anonymous Upload in vsftpd.

To allow anonymous users to upload, it is recommended that a write-only directory be created within /var/ftp/pub/.

To do this, type:

mkdir /var/ftp/pub/upload

Next change the permissions so that anonymous users cannot see what is within the directory by typing:

chmod 730 /var/ftp/pub/upload

A long format listing of the directory should look like this:

drwx-wx— 2 root ftp 4096 Feb 13 20:05 upload

Additionally, under vsftpd, add the following line to the /etc/vsftpd/vsftpd.conf file:

anon_upload_enable=YES

Because FTP passes unencrypted usernames and passwords over insecure networks for authentication, it is a good idea to deny system users access to the server from their user accounts.

To disable user accounts in vsftpd, add the following directive to /etc/vsftpd/vsftpd.conf:

local_enable=NO
SBDavid
Oct 7th, 2009

Securing vsftpd Server

The File Transport Protocol, or FTP, is an older TCP protocol designed to transfer files over a network. Because all transactions with the server, including user authentication, are unencrypted, it is considered an insecure protocol and should be carefully configured.

vsftpd - A standalone, security oriented implementation of the FTP service.

Change the FTP Greeting Banner:

To change the greeting banner for vsftpd, add the following directive to the /etc/vsftpd/vsftpd.conf file:

ftpd_banner=[insert_greeting_here]

To simplify management of multiple banners, place all banners in a new directory called /etc/banners/.

To reference this greeting banner file for vsftpd, add the following directive to the /etc/vsftpd/vsftpd.conf file:

banner_file=/etc/banners/ftp.msg