search
HomeDatabaseMysql Tutorialvsftpd-1.1.3配制实例之一:INTERNET_SITE

This example shows how you might set up a (possibly large) internet facing FTP site. The emphasis will be on security and performance. We will see how by integrating vsftpd with xinetd, we get a powerful combination. Step 1) Set up your xi


  This example shows how you might set up a (possibly large) internet facing
  FTP site.
  The emphasis will be on security and performance.
  We will see how by integrating vsftpd with xinetd, we get a powerful
  combination.
  Step 1) Set up your xinetd configuration file.
  An example xinetd configuration file "vsftpd.xinetd" is supplied.
  To install it:
  cp vsftpd.xinetd /etc/xinetd.d/vsftpd
  Let's look at the important content in this file and see what it does:
  disable = no
  socket_type = stream
  wait = no
  This says that the service is active, and it is using standard TCP sockets.
  user = root
  server = /usr/local/sbin/vsftpd
  The server program /usr/local/sbin/vsftpd is used to handle incoming FTP
  requests, and the program is started as root (vsftpd will of course quickly
  drop as much privilege as possible). NOTE! Make sure that you have the vsftpd
  binary installed in /usr/local/sbin (or change the file path in the xinetd
  file).
  per_source = 5
  instances = 200
  For security, the maximum allowed connections from a single IP address is 5.
  The total maximum concurrent connections is 200.
  no_access = 192.168.1.3
  As an example of how to ban certain sites from connecting, 192.168.1.3 will
  be denied access.
  banner_fail = /etc/vsftpd.busy_banner
  This is the file to display to users if the connection is refused for whatever
  reason (too many users, IP banned).
  Example of how to populate it:
  echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
  log_on_success += PID HOST DURATION
  log_on_failure += HOST
  This will log the IP address of all connection attempts - successful or not,
  along with the time. If an FTP server is launched for the connection, it's
  process ID and usage duration will be logged too. If you are using RedHat
  like me, this log information will appear in /var/log/secure.
  Step 2) Set up your vsftpd configuration file.
  An example file is supplied. Install it like this:
  cp vsftpd.conf /etc
  Let's example the contents of the file:
  # Access rights
  anonymous_enable=YES
  local_enable=NO
  write_enable=NO
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  anon_other_write_enable=NO
  This makes sure the FTP server is in anonymous-only mode and that all write
  and upload permissions are disabled. Note that most of these settings are
  the same as the default values anyway - but where security is concerned, it
  is good to be clear.
  # Security
  anon_world_readable_only=YES
  connect_from_port_20=YES
  hide_ids=YES
  pasv_min_port=50000
  pasv_max_port=60000
  These settings, in order
  - Make sure only world-readable files and directories are served.
  - Originates FTP port connections from a secure port - so users on the FTP
  server cannot try and fake file content.
  - Hide the FTP server user IDs and just display "ftp" in directory listings.
  This is also a performance boost.
  - Set a 50000-60000 port range for passive connections - may enable easier
  firewall setup!
  # Features
  xferlog_enable=YES
  ls_recurse_enable=NO
  ascii_download_enable=NO
  async_abor_enable=YES
  In order,
  - Enables recording of transfer stats to /var/log/vsftpd.log
  - Disables "ls -R", to prevent it being used as a DoS attack. Note - sites
  wanting to be copied via the "mirror" program might need to enable this.
  - Disables downloading in ASCII mode, to prevent it being used as a DoS
  attack (ASCII downloads are CPU heavy).
  - Enables older FTP clients to cancel in-progress transfers.
  # Performance
  one_process_model=YES
  idle_session_timeout=120
  data_connection_timeout=300
  accept_timeout=60
  connect_timeout=60
  anon_max_rate=50000
  In order,
  - Activates a faster "one process per connection" model. Note! To maintain
  security, this feature is only available on systems with capabilities - e.g.
  Linux kernel 2.4.
  - Boots off idle users after 2 minutes.
  - Boots off idle downloads after 5 minutes.
  - Boots off hung passive connects after 1 minute.
  - Boots off hung active connects after 1 minute.
  - Limits a single client to ~50kbytes / sec download speed.
  Step 3) Restart xinetd.
  (on RedHat)
  /etc/rc.d/init.d/xinetd restart
  If you run into problems, check:
  1) Your /etc/xinetd.d directory only has one FTP service.
  vsftpd.conf
  # Access rights
  anonymous_enable=YES
  local_enable=NO
  write_enable=NO
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  anon_other_write_enable=NO
  # Security
  anon_world_readable_only=YES
  connect_from_port_20=YES
  hide_ids=YES
  pasv_min_port=50000
  pasv_max_port=60000
  # Features
  xferlog_enable=YES
  ls_recurse_enable=NO
  ascii_download_enable=NO
  async_abor_enable=YES
  # Performance
  one_process_model=YES
  idle_session_timeout=120
  data_connection_timeout=300
  accept_timeout=60
  connect_timeout=60
  anon_max_rate=50000
  vsftpd.xinetd
  # vsftpd is the secure FTP server.
  service ftp
  {
  disable = no
  socket_type = stream
  wait = no
  user = root
  server = /usr/local/sbin/vsftpd
  per_source = 5
  instances = 200
  no_access = 192.168.1.3
  banner_fail = /etc/vsftpd.busy_banner
  log_on_success += PID HOST DURATION
  log_on_failure += HOST
  }
  
  
Statement
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn
Explain the role of InnoDB redo logs and undo logs.Explain the role of InnoDB redo logs and undo logs.Apr 15, 2025 am 12:16 AM

InnoDB uses redologs and undologs to ensure data consistency and reliability. 1.redologs record data page modification to ensure crash recovery and transaction persistence. 2.undologs records the original data value and supports transaction rollback and MVCC.

What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?What are the key metrics to look for in an EXPLAIN output (type, key, rows, Extra)?Apr 15, 2025 am 12:15 AM

Key metrics for EXPLAIN commands include type, key, rows, and Extra. 1) The type reflects the access type of the query. The higher the value, the higher the efficiency, such as const is better than ALL. 2) The key displays the index used, and NULL indicates no index. 3) rows estimates the number of scanned rows, affecting query performance. 4) Extra provides additional information, such as Usingfilesort prompts that it needs to be optimized.

What is the Using temporary status in EXPLAIN and how to avoid it?What is the Using temporary status in EXPLAIN and how to avoid it?Apr 15, 2025 am 12:14 AM

Usingtemporary indicates that the need to create temporary tables in MySQL queries, which are commonly found in ORDERBY using DISTINCT, GROUPBY, or non-indexed columns. You can avoid the occurrence of indexes and rewrite queries and improve query performance. Specifically, when Usingtemporary appears in EXPLAIN output, it means that MySQL needs to create temporary tables to handle queries. This usually occurs when: 1) deduplication or grouping when using DISTINCT or GROUPBY; 2) sort when ORDERBY contains non-index columns; 3) use complex subquery or join operations. Optimization methods include: 1) ORDERBY and GROUPB

Describe the different SQL transaction isolation levels (Read Uncommitted, Read Committed, Repeatable Read, Serializable) and their implications in MySQL/InnoDB.Describe the different SQL transaction isolation levels (Read Uncommitted, Read Committed, Repeatable Read, Serializable) and their implications in MySQL/InnoDB.Apr 15, 2025 am 12:11 AM

MySQL/InnoDB supports four transaction isolation levels: ReadUncommitted, ReadCommitted, RepeatableRead and Serializable. 1.ReadUncommitted allows reading of uncommitted data, which may cause dirty reading. 2. ReadCommitted avoids dirty reading, but non-repeatable reading may occur. 3.RepeatableRead is the default level, avoiding dirty reading and non-repeatable reading, but phantom reading may occur. 4. Serializable avoids all concurrency problems but reduces concurrency. Choosing the appropriate isolation level requires balancing data consistency and performance requirements.

MySQL vs. Other Databases: Comparing the OptionsMySQL vs. Other Databases: Comparing the OptionsApr 15, 2025 am 12:08 AM

MySQL is suitable for web applications and content management systems and is popular for its open source, high performance and ease of use. 1) Compared with PostgreSQL, MySQL performs better in simple queries and high concurrent read operations. 2) Compared with Oracle, MySQL is more popular among small and medium-sized enterprises because of its open source and low cost. 3) Compared with Microsoft SQL Server, MySQL is more suitable for cross-platform applications. 4) Unlike MongoDB, MySQL is more suitable for structured data and transaction processing.

How does MySQL index cardinality affect query performance?How does MySQL index cardinality affect query performance?Apr 14, 2025 am 12:18 AM

MySQL index cardinality has a significant impact on query performance: 1. High cardinality index can more effectively narrow the data range and improve query efficiency; 2. Low cardinality index may lead to full table scanning and reduce query performance; 3. In joint index, high cardinality sequences should be placed in front to optimize query.

MySQL: Resources and Tutorials for New UsersMySQL: Resources and Tutorials for New UsersApr 14, 2025 am 12:16 AM

The MySQL learning path includes basic knowledge, core concepts, usage examples, and optimization techniques. 1) Understand basic concepts such as tables, rows, columns, and SQL queries. 2) Learn the definition, working principles and advantages of MySQL. 3) Master basic CRUD operations and advanced usage, such as indexes and stored procedures. 4) Familiar with common error debugging and performance optimization suggestions, such as rational use of indexes and optimization queries. Through these steps, you will have a full grasp of the use and optimization of MySQL.

Real-World MySQL: Examples and Use CasesReal-World MySQL: Examples and Use CasesApr 14, 2025 am 12:15 AM

MySQL's real-world applications include basic database design and complex query optimization. 1) Basic usage: used to store and manage user data, such as inserting, querying, updating and deleting user information. 2) Advanced usage: Handle complex business logic, such as order and inventory management of e-commerce platforms. 3) Performance optimization: Improve performance by rationally using indexes, partition tables and query caches.

See all articles

Hot AI Tools

Undresser.AI Undress

Undresser.AI Undress

AI-powered app for creating realistic nude photos

AI Clothes Remover

AI Clothes Remover

Online AI tool for removing clothes from photos.

Undress AI Tool

Undress AI Tool

Undress images for free

Clothoff.io

Clothoff.io

AI clothes remover

AI Hentai Generator

AI Hentai Generator

Generate AI Hentai for free.

Hot Article

R.E.P.O. Energy Crystals Explained and What They Do (Yellow Crystal)
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. Best Graphic Settings
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
R.E.P.O. How to Fix Audio if You Can't Hear Anyone
4 weeks agoBy尊渡假赌尊渡假赌尊渡假赌
WWE 2K25: How To Unlock Everything In MyRise
1 months agoBy尊渡假赌尊渡假赌尊渡假赌

Hot Tools

MantisBT

MantisBT

Mantis is an easy-to-deploy web-based defect tracking tool designed to aid in product defect tracking. It requires PHP, MySQL and a web server. Check out our demo and hosting services.

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

Powerful PHP integrated development environment

Dreamweaver CS6

Dreamweaver CS6

Visual web development tools

SublimeText3 English version

SublimeText3 English version

Recommended: Win version, supports code prompts!

SublimeText3 Linux new version

SublimeText3 Linux new version

SublimeText3 Linux latest version