Pure-FTPd is a free, secure, production-quality and standard-conformant FTP daemon that was designed with security in mind. This cheatsheet provides instructions how to harden this FTP daemon.
Usually, the configuration parameters for Pure-FTPd are stored in file /etc/pure-ftpd.conf:
ChrootEveryone yes NoAnonymous yes MaxClientsNumber 50 MaxClientsPerIP 3 MaxIdleTime 10 LimitRecursion 500 8 Umask 133:022
Below is description for each directive which affect security:
ChrootEveryone
Will make PureFTPd users people to see only their home directory and their own files. The feature is called "chroot"
NoAnonymous
The directive disallow anonymous connections. This means that in order to login to the server, users must have an account
MaxClientsNumber
Directive allows to specify the number of simultaneous users connected to PureFTPd. The above value is acceptable for most servers
MaxClientsPerIP
Sets the number of simultaneous connections from the same IP address. Reducing the number will increase security.
MaxIdleTime
The directive sets the idle time in minutes. When the time expires, PureFTPd disconnects inactive user
LimitRecursion
Sets the FTP daemon to display the number of files and directories in response to 'ls' command. This option helps avoid DoS service attacks which can consume CPU resources.
Umask
Sets the creation mask for files and directories. For security reasons it is recommended to have the value of umask 133 for files and 022 for directories.