Post
by MonMotha » Thu Mar 12, 2015 4:13 pm
Well, I'd start by taking a step back and re-evaluating your need for conventional FTP, if possible. There are numerous other ways to move files between UNIX-ish systems, most of which run over SSH, that are literally infinitely more secure since the security of FTP is essentially zero. FTP is fine for unauthenticated/anonymous transfers of public data, but it's really obsolete in terms of user-specific access scenarios. If you really need to use FTP for some reason, consider a VPN or IPSec.
Failing that, accept that you're one sniffed session away from having the user account in question completely compromised. What you then want to do is adjust the SELinux permissions for vsftpd to give it the filesystem access you need (read/write as a user) without giving it "everything", which is probably about what you did, though I don't know all the details of Redhat's SELinux policies.
Also, check your basic filesystem permissions. 0777 is basically never correct. That means any user on the system can do anything in that directory. Thus, if your homedir has 0777 permissions (rwxrwxrwx), compromising a DIFFERENT user account (say via a sniffed or MITM'd FTP session) will also get your user account compromised in short order or, at the minimum, all your data snarfed up and possibly deleted/overwritten.
A normality test:
+++ATH
If you are no longer connected to the internet, you need to apply more wax to your modem: it'll make it go faster.
If you find this funny, you're a nerd.
If neither of the above apply, you are normal. Congratulations.