知识大全 INTERNET

Posted 2022-07-15 知

篇首语：壮心未与年俱老，死去犹能作鬼雄。本文由小常识网(cha138.com)小编为大家整理，主要介绍了知识大全 INTERNET相关的知识，希望对你有一定的参考价值。

vsftpd-1.1.3配制实例之一：INTERNET 以下文字资料是由(全榜网网www.cha138.com)小编为大家搜集整理后发布的内容，让我们赶快一起来看一下吧！

　　This example shows how you might set up a (possibly large) internet facing　　FTP site 　　The emphasis will be on security and performance 　　We will see how by integrating vsftpd with xinetd we get a powerful　　bination 　　Step ) Set up your xinetd configuration file 　　An example xinetd configuration file vsftpd xinetd is supplied 　　To install it:　　cp vsftpd xinetd /etc/xinetd d/vsftpd　　Let s look at the important content in this file and see what it does:　　disable = no　　socket_type = stream　　wait = no　　This says that the service is active and it is using standard TCP sockets 　　user = root　　server = /usr/local/sbin/vsftpd　　The server program /usr/local/sbin/vsftpd is used to handle ining FTP　　requests and the program is started as root (vsftpd will of course quickly　　drop as much privilege as possible) NOTE! Make sure that you have the vsftpd　　binary installed in /usr/local/sbin (or change the file path in the xinetd　　file) 　　per_source = 　　instances = 　　For security the maximum allowed connections from a single IP address is 　　The total maximum concurrent connections is 　　no_access = 　　As an example of how to ban certain sites from connecting will　　be denied access 　　banner_fail = /etc/vsftpd busy_banner　　This is the file to display to users if the connection is refused for whatever　　reason (too many users IP banned) 　　Example of how to populate it:　　echo Server busy please try later > /etc/vsftpd busy_banner　　log_on_success += PID HOST DURATION　　log_on_failure += HOST　　This will log the IP address of all connection attempts successful or not 　　along with the time If an FTP server is launched for the connection it s　　process ID and usage duration will be logged too If you are using RedHat　　like me this log information will appear in /var/log/secure 　　Step ) Set up your vsftpd configuration file 　　An example file is supplied Install it like this:　　cp nf /etc　　Let s example the contents of the file:　　# Access rights　　anonymous_enable=YES　　local_enable=NO　　write_enable=NO　　anon_upload_enable=NO　　anon_mkdir_write_enable=NO　　anon_other_write_enable=NO　　This makes sure the FTP server is in anonymous only mode and that all write　　and upload permissions are disabled Note that most of these settings are　　the same as the default values anyway but where security is concerned it　　is good to be clear 　　# Security　　anon_world_readable_only=YES　　connect_from_port_ =YES　　hide_ids=YES　　pasv_min_port= 　　pasv_max_port= 　　These settings in order　　 Make sure only world readable files and directories are served 　　 Originates FTP port connections from a secure port so users on the FTP　　server cannot try and fake file content 　　 Hide the FTP server user IDs and just display ftp in directory listings 　　This is also a performance boost 　　 Set a port range for passive connections may enable easier　　firewall setup!　　# Features　　xferlog_enable=YES　　ls_recurse_enable=NO　　ascii_download_enable=NO　　async_abor_enable=YES　　In order 　　 Enables recording of transfer stats to /var/log/vsftpd log　　 Disables ls R to prevent it being used as a DoS attack Note sites　　wanting to be copied via the mirror program might need to enable this 　　 Disables downloading in ASCII mode to prevent it being used as a DoS　　attack (ASCII downloads are CPU heavy) 　　 Enables older FTP clients to cancel in progress transfers 　　# Performance　　one_process_model=YES　　idle_session_timeout= 　　data_connection_timeout= 　　accept_timeout= 　　connect_timeout= 　　anon_max_rate= 　　In order 　　 Activates a faster one process per connection model Note! To maintain　　security this feature is only available on systems with capabilities e g 　　Linux kernel 　　 Boots off idle users after minutes 　　 Boots off idle downloads after minutes 　　 Boots off hung passive connects after minute 　　 Boots off hung active connects after minute 　　 Limits a single client to ~ kbytes / sec download speed 　　Step ) Restart xinetd 　　(on RedHat)　　/etc/rc d/init d/xinetd restart　　If you run into problems check:　　 ) Your /etc/xinetd d directory only has one FTP service 　　nf 　　# Access rights　　anonymous_enable=YES　　local_enable=NO　　write_enable=NO　　anon_upload_enable=NO　　anon_mkdir_write_enable=NO　　anon_other_write_enable=NO　　# Security　　anon_world_readable_only=YES　　connect_from_port_ =YES　　hide_ids=YES　　pasv_min_port= 　　pasv_max_port= 　　# Features　　xferlog_enable=YES　　ls_recurse_enable=NO　　ascii_download_enable=NO　　async_abor_enable=YES　　# Performance　　one_process_model=YES　　idle_session_timeout= 　　data_connection_timeout= 　　accept_timeout= 　　connect_timeout= 　　anon_max_rate= 　　vsftpd xinetd　　# vsftpd is the secure FTP server 　　service ftp　　　　disable = no　　socket_type = stream　　wait = no　　user = root　　server = /usr/local/sbin/vsftpd　　per_source = 　　instances = 　　no_access = 　　banner_fail = /etc/vsftpd busy_banner　　log_on_success += PID HOST DURATION　　log_on_failure += HOST　　　　 cha138/Article/program/Oracle/201311/18877