Guide to the Secure Configuration of Fedora
Rules, Groups, and Values defined within the XCCDF Benchmark
-
Place the FTP Home Directory on its Own Partition
By default, the anonymous FTP root is the home directory of the FTP user account. The df command can be used to verify that this directory is on its own partition.Rule Unknown Severity -
Enable Logging of All FTP Transactions
Add or correct the following configuration options within the <code>vsftpd</code> configuration file, located at <code>/etc/vsftpd/vsftpd.conf</code>: <pre>xferlog_enable=YES xferlog_std_format=NO ...Rule Unknown Severity -
Create Warning Banners for All FTP Users
Edit the vsftpd configuration file, which resides at/etc/vsftpd/vsftpd.conf
by default. Add or correct the following configuration options:banner_file=/etc/issue
Rule Medium Severity -
Restrict the Set of Users Allowed to Access FTP
This section describes how to disable non-anonymous (password-based) FTP logins, or, if it is not possible to do this entirely due to legacy applications, how to restrict insecure FTP login to only...Group -
Limit Users Allowed FTP Access if Necessary
If there is a mission-critical reason for users to access their accounts via the insecure FTP protocol, limit the set of users who are allowed this access. Edit the vsftpd configuration file. Add o...Rule Unknown Severity -
Restrict Access to Anonymous Users if Possible
Is there a mission-critical reason for users to transfer files to/from their own accounts using FTP, rather than using a secure protocol like SCP/SFTP? If not, edit the vsftpd configuration file. A...Rule Medium Severity -
Use vsftpd to Provide FTP Service if Necessary
If your use-case requires FTP service, install and set-up vsftpd to provide it.Group -
Disable Apache if Possible
If Apache was installed and activated, but the system does not need to act as a web server, then it should be disabled and removed from the system.Group -
Uninstall httpd Package
Thehttpd
package can be removed with the following command:$ sudo dnf remove httpd
Rule Unknown Severity -
Disable NGINX if Possible
If NGINX was installed and activated, but the system does not need to act as a web server, then it should be removed from the system.Group
Node 2
The content of the drawer really is up to you. It could have form fields, definition lists, text lists, labels, charts, progress bars, etc. Spacing recommendation is 24px margins. You can put tabs in here, and can also make the drawer scrollable.
Capacity
Modules