security vulnerability

6 posts / 0 new
Topic locked
Last post
#1 Mon, 05/04/2015 - 08:43
obus18

security vulnerability

When creating a virtual host, the FTP server was enabled (port 21), if you log in using the credentials of SFTP (port 22) virtualhost, you can see the entire server tree ! Can you address this security vulnerability in your installation script? thank you

(Translation with Google)

Mon, 05/04/2015 - 09:45
andreychek

Howdy,

You may want to review the section of the documentation here titled "How can I prevent FTP Users from Browsing the Entire Filesystem?":

https://www.virtualmin.com/documentation/security/faq

Mon, 05/04/2015 - 10:29
obus18

Yes, I know that and I always does but if you put port 22 to port 21 pace, you have access to the whole server

Mon, 05/04/2015 - 12:43
obus18

In Webmin, System, Users & groups, /bin/false

Tue, 05/05/2015 - 09:16
Rhandy

Read this:

https://www.digitalocean.com/community/tutorials/how-to-configure-proftp...

sudo nano /etc/proftpd/proftpd.conf

JAIL THE USER IN HOME DIR Remove the # from in front of the DefaultRoot parameter to uncomment it:

DefaultRoot ~

Tue, 05/05/2015 - 10:09
obus18

I always do, despite that one can visualize the whole server

Topic locked