Servidores de Ficheros e Impresión

Fuerte separación de procesos privilegiados y no privilegiados — Los procesos separados manejan diferentes tareas y cada uno de los procesos se ejecuta con los privilegios mínimos requeridos por la tarea.

Las tareas que requieren privilegios elevados con manejadas por procesos con los mínimos privilegios necesarios — Aprovechando las compatibilidades encontradas en la librería libcap, las tareas que normalmente necesitan privilegios completos de root pueden ser ejecutadas con mayor seguridad desde procesos con menos privilegios.

La mayoría de los procesos se ejecutan en una jaula chroot — Siempre que sea posible los procesos cambian de raíz al directorio que se comparte; este directorio es considerado entonces una jaula chroot. Por ejemplo, si el directorio /var/ftp/ es el directorio compartido primario, vsftpd reasigna /var/ftp/ al nuevo directorio raíz, conocido como /. Esto deshabilita cualquier potencial actividad maliciosa de un hacker en cualquier directorio que no esté contenido bajo el nuevo directorio raíz.

El proceso padre corre con los mínimos privilegios requeridos — El proceso padre calcula dinámicamente el nivel de privilegios que se requiere para minimizar el nivel de riesgo. Los procesos hijos manejan la interacción directa con los clientes FTP y se ejecutan casi sin privilegios si es posible.

Todas las operaciones que requieran privilegios elevados son manejadas por pequeños procesos padre — Al igual que el Servidor HTTP Apache, vsftpd lanza procesos hijo sin privilegios para manejar las conexiones entrantes. Estos permite que los procesos padre con privilegios sean tan pequeños como sea posible para manejar relativamente pocas tareas.

Todas las peticiones desde procesos hijo sin privilegios son distribuidas por los procesos padre — Las comunicaciones con los procesos hijos son recibidas por un socket y se comprueba la validez de cualquier información de los procesos hijo antes de actuar.

La mayoría de la interacción con los clientes FTP es manejada por procesos hijo sin privilegios en una jaula chroot — Como estos procesos hijo no tienen privilegios y solo tiene acceso al directorio que está siendo compartido, cualquier proceso que falle solo permite al atacante el acceso a los ficheros compartidos.

listen — When enabled, vsftpd runs in stand-alone mode. Fedora sets this value to YES. This directive cannot be used in conjunction with the listen_ipv6 directive.

listen_ipv6 — When enabled, vsftpd runs in stand-alone mode, but listens only to IPv6 sockets. This directive cannot be used in conjunction with the listen directive.

session_support — When enabled, vsftpd attempts to maintain login sessions for each user through Pluggable Authentication Modules (PAM). For more information, refer to the Using Pluggable Authentication Modules (PAM) chapter of the Red Hat Enterprise Linux 6 Managing Single Sign-On and Smart Cards and the PAM man pages. . If session logging is not necessary, disabling this option allows vsftpd to run with less processes and lower privileges.

anonymous_enable — When enabled, anonymous users are allowed to log in. The usernames anonymous and ftp are accepted.

banned_email_file — If the deny_email_enable directive is set to YES, this directive specifies the file containing a list of anonymous email passwords which are not permitted access to the server.

banner_file — Specifies the file containing text displayed when a connection is established to the server. This option overrides any text specified in the ftpd_banner directive.

cmds_allowed — Specifies a comma-delimited list of FTP commands allowed by the server. All other commands are rejected.

deny_email_enable — When enabled, any anonymous user utilizing email passwords specified in the /etc/vsftpd/banned_emails are denied access to the server. The name of the file referenced by this directive can be specified using the banned_email_file directive.

ftpd_banner — When enabled, the string specified within this directive is displayed when a connection is established to the server. This option can be overridden by the banner_file directive.

local_enable — When enabled, local users are allowed to log into the system.

pam_service_name — Specifies the PAM service name for vsftpd.

El valor predeterminado es NO. Observe que, en Fedora, el valor se establece a YES.

userlist_deny — When used in conjunction with the userlist_enable directive and set to NO, all local users are denied access unless the username is listed in the file specified by the userlist_file directive. Because access is denied before the client is asked for a password, setting this directive to NO prevents local users from submitting unencrypted passwords over the network.

userlist_enable — When enabled, the users listed in the file specified by the userlist_file directive are denied access. Because access is denied before the client is asked for a password, users are prevented from submitting unencrypted passwords over the network.

userlist_file — Specifies the file referenced by vsftpd when the userlist_enable directive is enabled.

anon_mkdir_write_enable — When enabled in conjunction with the write_enable directive, anonymous users are allowed to create new directories within a parent directory which has write permissions.

anon_root — Specifies the directory vsftpd changes to after an anonymous user logs in.

anon_upload_enable — When enabled in conjunction with the write_enable directive, anonymous users are allowed to upload files within a parent directory which has write permissions.

anon_world_readable_only — When enabled, anonymous users are only allowed to download world-readable files.

ftp_username — Specifies the local user account (listed in /etc/passwd) used for the anonymous FTP user. The home directory specified in /etc/passwd for the user is the root directory of the anonymous FTP user.

no_anon_password — When enabled, the anonymous user is not asked for a password.

secure_email_list_enable — When enabled, only a specified list of email passwords for anonymous logins are accepted. This is a convenient way to offer limited security to public content without the need for virtual users.

chmod_enable — When enabled, the FTP command SITE CHMOD is allowed for local users. This command allows the users to change the permissions on files.

chroot_list_enable — When enabled, the local users listed in the file specified in the chroot_list_file directive are placed in a chroot jail upon log in.

chroot_list_file — Specifies the file containing a list of local users referenced when the chroot_list_enable directive is set to YES.

chroot_local_user — When enabled, local users are change-rooted to their home directories after logging in.

guest_enable — When enabled, all non-anonymous users are logged in as the user guest, which is the local user specified in the guest_username directive.

guest_username — Specifies the username the guest user is mapped to.

local_root — Specifies the directory vsftpd changes to after a local user logs in.

local_umask — Specifies the umask value for file creation. Note that the default value is in octal form (a numerical system with a base of eight), which includes a “0” prefix. Otherwise the value is treated as a base-10 integer.

passwd_chroot_enable — When enabled in conjunction with the chroot_local_user directive, vsftpd change-roots local users based on the occurrence of the /./ in the home directory field within /etc/passwd.

user_config_dir — Specifies the path to a directory containing configuration files bearing the name of local system users that contain specific setting for that user. Any directive in the user’s configuration file overrides those found in /etc/vsftpd/vsftpd.conf.

dirlist_enable — When enabled, users are allowed to view directory lists.

dirmessage_enable — When enabled, a message is displayed whenever a user enters a directory with a message file. This message resides within the current directory. The name of this file is specified in the message_file directive and is .message by default.

force_dot_files — When enabled, files beginning with a dot (.) are listed in directory listings, with the exception of the . and .. files.

hide_ids — When enabled, all directory listings show ftp as the user and group for each file.

message_file — Specifies the name of the message file when using the dirmessage_enable directive.

text_userdb_names — When enabled, text usernames and group names are used in place of UID and GID entries. Enabling this option may slow performance of the server.

use_localtime — When enabled, directory listings reveal the local time for the computer instead of GMT.

download_enable — When enabled, file downloads are permitted.

chown_uploads — When enabled, all files uploaded by anonymous users are owned by the user specified in the chown_username directive.

chown_username — Specifies the ownership of anonymously uploaded files if the chown_uploads directive is enabled.

write_enable — When enabled, FTP commands which can change the file system are allowed, such as DELE, RNFR, and STOR.

dual_log_enable — When enabled in conjunction with xferlog_enable, vsftpd writes two files simultaneously: a wu-ftpd-compatible log to the file specified in the xferlog_file directive (/var/log/xferlog by default) and a standard vsftpd log file specified in the vsftpd_log_file directive (/var/log/vsftpd.log by default).

log_ftp_protocol — When enabled in conjunction with xferlog_enable and with xferlog_std_format set to NO, all FTP commands and responses are logged. This directive is useful for debugging.

syslog_enable — When enabled in conjunction with xferlog_enable, all logging normally written to the standard vsftpd log file specified in the vsftpd_log_file directive (/var/log/vsftpd.log by default) is sent to the system logger instead under the FTPD facility.

vsftpd_log_file — Specifies the vsftpd log file. For this file to be used, xferlog_enable must be enabled and xferlog_std_format must either be set to NO or, if xferlog_std_format is set to YES, dual_log_enable must be enabled. It is important to note that if syslog_enable is set to YES, the system log is used instead of the file specified in this directive.

xferlog_enable — When enabled, vsftpd logs connections (vsftpd format only) and file transfer information to the log file specified in the vsftpd_log_file directive (/var/log/vsftpd.log by default). If xferlog_std_format is set to YES, file transfer information is logged but connections are not, and the log file specified in xferlog_file (/var/log/xferlog by default) is used instead. It is important to note that both log files and log formats are used if dual_log_enable is set to YES.

xferlog_file — Specifies the wu-ftpd-compatible log file. For this file to be used, xferlog_enable must be enabled and xferlog_std_format must be set to YES. It is also used if dual_log_enable is set to YES.

xferlog_std_format — When enabled in conjunction with xferlog_enable, only a wu-ftpd-compatible file transfer log is written to the file specified in the xferlog_file directive (/var/log/xferlog by default). It is important to note that this file only logs file transfers and does not log connections to the server.

accept_timeout — Specifies the amount of time for a client using passive mode to establish a connection.

anon_max_rate — Specifies the maximum data transfer rate for anonymous users in bytes per second.

connect_from_port_20 When enabled, vsftpd runs with enough privileges to open port 20 on the server during active mode data transfers. Disabling this option allows vsftpd to run with less privileges, but may be incompatible with some FTP clients.

connect_timeout — Specifies the maximum amount of time a client using active mode has to respond to a data connection, in seconds.

data_connection_timeout — Specifies maximum amount of time data transfers are allowed to stall, in seconds. Once triggered, the connection to the remote client is closed.

ftp_data_port — Specifies the port used for active data connections when connect_from_port_20 is set to YES.

idle_session_timeout — Specifies the maximum amount of time between commands from a remote client. Once triggered, the connection to the remote client is closed.

listen_address — Specifies the IP address on which vsftpd listens for network connections.

listen_address6 — Specifies the IPv6 address on which vsftpd listens for network connections when listen_ipv6 is set to YES.

listen_port — Specifies the port on which vsftpd listens for network connections.

local_max_rate — Specifies the maximum rate data is transferred for local users logged into the server in bytes per second.

max_clients — Specifies the maximum number of simultaneous clients allowed to connect to the server when it is running in standalone mode. Any additional client connections would result in an error message.

max_per_ip — Specifies the maximum of clients allowed to connected from the same source IP address.

pasv_address — Specifies the IP address for the public facing IP address of the server for servers behind Network Address Translation (NAT) firewalls. This enables vsftpd to hand out the correct return address for passive mode connections.

pasv_enable — When enabled, passive mode connects are allowed.

pasv_max_port — Specifies the highest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.

pasv_min_port — Specifies the lowest possible port sent to the FTP clients for passive mode connections. This setting is used to limit the port range so that firewall rules are easier to create.

pasv_promiscuous — When enabled, data connections are not checked to make sure they are originating from the same IP address. This setting is only useful for certain types of tunneling.

port_enable — When enabled, active mode connects are allowed.

The /usr/share/doc/vsftpd/ directory — This directory contains a README with basic information about the software. The TUNING file contains basic performance tuning tips and the SECURITY/ directory contains information about the security model employed by vsftpd.

vsftpd related man pages — There are a number of man pages for the daemon and configuration files. The following lists some of the more important man pages.

https://security.appspot.com/vsftpd.html — The vsftpd project page is a great place to locate the latest documentation and to contact the author of the software.

https://slacksite.com/other/ftp.html — This website provides a concise explanation of the differences between active and passive mode FTP.

https://www.ietf.org/rfc/rfc0959.txt — The original Request for Comments (RFC) of the FTP protocol from the IETF.