Ensuring Secure Logging

Logging is very important to security. In fact, logs are a nearly flawless view of history of your server, and while exceptions do apply, logging is simply the right thing to do.

You'll learn about logging in greater detail in Chapter 8. However, because logging is an important part of hardening your server, the following sections touch on it briefly.

VSFTP Logging

When using VSFTP, ensure that you are logging all transactions. Open the vsftpd.conf configuration file in either the /etc/ directory, or the etc/vsftpd/ directory. Check whether the following lines are in the configuration file, or you'll need to add them:

xferlog_std_format=NO
log_ftp_protocol=YES

These lines ensure that all commands sent to the FTP server are logged using the verbose vsftpd log format. The log file located at /var/log/vsftpd.log is the default log to which VSFTP will write.

Syslog

Syslog is the function that writes your log files out. Platforms such as Apache will write messages to it. In turn, it places the message (the log entry) into the appropriate log file.

Access Logs

Your access log lists all requests for individual files made from your website. This file can become very large, very quickly. It includes the HTML files, any graphic files, and other files that are associated with them. Thus, a single request for a page may encompass several lines in a log file.

Access logs provide vital information such as the visitors to the IP address, potentially who referred them ...

Get CMS Security Handbook: The Comprehensive Guide for WordPress®, Joomla!®, Drupal™, and Plone® now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.