FTP offers a convenient method to automate the transfer of files and
directories from a remote computer to the dedicated server and vice versa. It is vital
that the Unix chroot feature is implemented for each ftp user so that the home directory
of each user becomes the root directory. This makes it impossible for one user to access
other user's directories even though they are all organized under /home. You need to make
sure that the login user can never launch any executables, either scripts or programs
from any restricted directories (/bin, /sbin, /usr/local/bin, etc.).
If anonymous login is unavoidable, make sure that there are limits on ftp transfer
activities (read only, no write access to anonymous directory, daily bandwith limit, etc.)
to minimize the chance of a major denial-of-service attack. If there are suspected unauthorized
activities recorded in the server log (excessive transfers, repeated attempts of illegal
operations, etc. from the same IP address), the firewall should ban the IP address from
accessing the dedicated server.
This section of the condensed guide explains the following topics in details.
Choose your favorite ftp client.
Transfer your website directories.
Use soft links to remove duplicates.
Disable anonymous access.
Allow specific ftp from a list of users.
Set up anonymous as nobody and password with very restricted access.
Typical setup parameters for secure vsftpd deployment.
Start and stop the ftp service.