Security

SELinux can temporarily be disabled on a Linux server using the following command as admin.

echo 0 > /selinux/enforce

The above is very useful for checking whether SELinux is the cause of an issue. To permanently disable SELinux you need to add the following line to /etc/sysconfig/selinux.

SELINUX=disabled

If you are looking for ways to lock-down your ProFTPD server without using iptables this may help. I recently had to find a way of securing a VPS without iptables. The ftp server only needed to be accessed by a few known users so I ended up with two reasonable possibilities.

I had to track down this problem when I found that my cgi scripts were failing with a 500 Server Error.

The problem is with SUExec which normall requires the cgi scripts to be in the document root.

The fix is to recompile the SUExec with the document root set to /home. Follow these instructions ...

The importance of understanding how to secure your linux server has never been more important. From the moment your server goes live it will become the target of numerous attacks.  Most are automated script attacks that randomly select an ip and probe it for obvious weaknesses. The consequences of a hacker getting access to your server can be catastrophic. 

I was able to establish a connection, but directory listing failed. With a firewall (20,21) it is necessary to enable ip_conntrack_ftp. The following should work ...

$ modprobe -v ip_conntrack_ftp insmod /lib/modules/2.6.9-5.ELsmp/kernel/net/ipv4/netfilter/ip_conntrack_ftp.ko $vi /etc/sysconfig/iptables_config IPTABLES_MODULES="ip_conntrack_ftp"