Ensuring Secure Logging

Logging is very important to security. In fact, logs are a nearly flawless view of history of your server, and while exceptions do apply, logging is simply the right thing to do.

You'll learn about logging in greater detail in Chapter 8. However, because logging is an important part of hardening your server, the following sections touch on it briefly.

VSFTP Logging

When using VSFTP, ensure that you are logging all transactions. Open the vsftpd.conf configuration file in either the /etc/ directory, or the etc/vsftpd/ directory. Check whether the following lines are in the configuration file, or you'll need to add them:

xferlog_std_format=NO
log_ftp_protocol=YES

These lines ensure that all commands sent to the FTP server are logged using the verbose vsftpd log format. The log file located at /var/log/vsftpd.log is the default log to which VSFTP will write.

Syslog

Syslog is the function that writes your log files out. Platforms such as Apache will write messages to it. In turn, it places the message (the log entry) into the appropriate log file.

Access Logs

Your access log lists all requests for individual files made from your website. This file can become very large, very quickly. It includes the HTML files, any graphic files, and other files that are associated with them. Thus, a single request for a page may encompass several lines in a log file.

Access logs provide vital information such as the visitors to the IP address, potentially who referred them ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with the O’Reilly learning platform.

O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.