搜索
首页数据库mysql教程vsftpd-1.1.3配制实例之一:INTERNET_SITE

This example shows how you might set up a (possibly large) internet facing FTP site. The emphasis will be on security and performance. We will see how by integrating vsftpd with xinetd, we get a powerful combination. Step 1) Set up your xi


  This example shows how you might set up a (possibly large) internet facing
  FTP site.
  The emphasis will be on security and performance.
  We will see how by integrating vsftpd with xinetd, we get a powerful
  combination.
  Step 1) Set up your xinetd configuration file.
  An example xinetd configuration file "vsftpd.xinetd" is supplied.
  To install it:
  cp vsftpd.xinetd /etc/xinetd.d/vsftpd
  Let's look at the important content in this file and see what it does:
  disable = no
  socket_type = stream
  wait = no
  This says that the service is active, and it is using standard TCP sockets.
  user = root
  server = /usr/local/sbin/vsftpd
  The server program /usr/local/sbin/vsftpd is used to handle incoming FTP
  requests, and the program is started as root (vsftpd will of course quickly
  drop as much privilege as possible). NOTE! Make sure that you have the vsftpd
  binary installed in /usr/local/sbin (or change the file path in the xinetd
  file).
  per_source = 5
  instances = 200
  For security, the maximum allowed connections from a single IP address is 5.
  The total maximum concurrent connections is 200.
  no_access = 192.168.1.3
  As an example of how to ban certain sites from connecting, 192.168.1.3 will
  be denied access.
  banner_fail = /etc/vsftpd.busy_banner
  This is the file to display to users if the connection is refused for whatever
  reason (too many users, IP banned).
  Example of how to populate it:
  echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
  log_on_success += PID HOST DURATION
  log_on_failure += HOST
  This will log the IP address of all connection attempts - successful or not,
  along with the time. If an FTP server is launched for the connection, it's
  process ID and usage duration will be logged too. If you are using RedHat
  like me, this log information will appear in /var/log/secure.
  Step 2) Set up your vsftpd configuration file.
  An example file is supplied. Install it like this:
  cp vsftpd.conf /etc
  Let's example the contents of the file:
  # Access rights
  anonymous_enable=YES
  local_enable=NO
  write_enable=NO
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  anon_other_write_enable=NO
  This makes sure the FTP server is in anonymous-only mode and that all write
  and upload permissions are disabled. Note that most of these settings are
  the same as the default values anyway - but where security is concerned, it
  is good to be clear.
  # Security
  anon_world_readable_only=YES
  connect_from_port_20=YES
  hide_ids=YES
  pasv_min_port=50000
  pasv_max_port=60000
  These settings, in order
  - Make sure only world-readable files and directories are served.
  - Originates FTP port connections from a secure port - so users on the FTP
  server cannot try and fake file content.
  - Hide the FTP server user IDs and just display "ftp" in directory listings.
  This is also a performance boost.
  - Set a 50000-60000 port range for passive connections - may enable easier
  firewall setup!
  # Features
  xferlog_enable=YES
  ls_recurse_enable=NO
  ascii_download_enable=NO
  async_abor_enable=YES
  In order,
  - Enables recording of transfer stats to /var/log/vsftpd.log
  - Disables "ls -R", to prevent it being used as a DoS attack. Note - sites
  wanting to be copied via the "mirror" program might need to enable this.
  - Disables downloading in ASCII mode, to prevent it being used as a DoS
  attack (ASCII downloads are CPU heavy).
  - Enables older FTP clients to cancel in-progress transfers.
  # Performance
  one_process_model=YES
  idle_session_timeout=120
  data_connection_timeout=300
  accept_timeout=60
  connect_timeout=60
  anon_max_rate=50000
  In order,
  - Activates a faster "one process per connection" model. Note! To maintain
  security, this feature is only available on systems with capabilities - e.g.
  Linux kernel 2.4.
  - Boots off idle users after 2 minutes.
  - Boots off idle downloads after 5 minutes.
  - Boots off hung passive connects after 1 minute.
  - Boots off hung active connects after 1 minute.
  - Limits a single client to ~50kbytes / sec download speed.
  Step 3) Restart xinetd.
  (on RedHat)
  /etc/rc.d/init.d/xinetd restart
  If you run into problems, check:
  1) Your /etc/xinetd.d directory only has one FTP service.
  vsftpd.conf
  # Access rights
  anonymous_enable=YES
  local_enable=NO
  write_enable=NO
  anon_upload_enable=NO
  anon_mkdir_write_enable=NO
  anon_other_write_enable=NO
  # Security
  anon_world_readable_only=YES
  connect_from_port_20=YES
  hide_ids=YES
  pasv_min_port=50000
  pasv_max_port=60000
  # Features
  xferlog_enable=YES
  ls_recurse_enable=NO
  ascii_download_enable=NO
  async_abor_enable=YES
  # Performance
  one_process_model=YES
  idle_session_timeout=120
  data_connection_timeout=300
  accept_timeout=60
  connect_timeout=60
  anon_max_rate=50000
  vsftpd.xinetd
  # vsftpd is the secure FTP server.
  service ftp
  {
  disable = no
  socket_type = stream
  wait = no
  user = root
  server = /usr/local/sbin/vsftpd
  per_source = 5
  instances = 200
  no_access = 192.168.1.3
  banner_fail = /etc/vsftpd.busy_banner
  log_on_success += PID HOST DURATION
  log_on_failure += HOST
  }
  
  
声明
本文内容由网友自发贡献,版权归原作者所有,本站不承担相应法律责任。如您发现有涉嫌抄袭侵权的内容,请联系admin@php.cn
Python中的SVM实例Python中的SVM实例Jun 11, 2023 pm 08:42 PM

Python中的支持向量机(SupportVectorMachine,SVM)是一个强大的有监督学习算法,可以用来解决分类和回归问题。SVM在处理高维度数据和非线性问题的时候表现出色,被广泛地应用于数据挖掘、图像分类、文本分类、生物信息学等领域。在本文中,我们将介绍在Python中使用SVM进行分类的实例。我们将使用scikit-learn库中的SVM模

学习Golang指针转换的最佳实践示例学习Golang指针转换的最佳实践示例Feb 24, 2024 pm 03:51 PM

Golang是一门功能强大且高效的编程语言,可以用于开发各种应用程序和服务。在Golang中,指针是一种非常重要的概念,它可以帮助我们更灵活和高效地操作数据。指针转换是指在不同类型之间进行指针操作的过程,本文将通过具体的实例来学习Golang中指针转换的最佳实践。1.基本概念在Golang中,每个变量都有一个地址,地址就是变量在内存中的位置。

Gin框架中的验证码使用实例Gin框架中的验证码使用实例Jun 23, 2023 am 08:10 AM

随着互联网的普及,验证码已经成为了登录、注册、找回密码等操作的必要流程。在Gin框架中,实现验证码功能也变得异常简单。本文将介绍如何在Gin框架中使用第三方库实现验证码功能,并提供示例代码供读者参考。一、安装依赖库在使用验证码之前,我们需要安装一个第三方库goCaptcha。安装goCaptcha可以使用goget命令:$goget-ugithub

VUE3入门实例:制作一个简单的视频播放器VUE3入门实例:制作一个简单的视频播放器Jun 15, 2023 pm 09:42 PM

随着新一代前端框架的不断涌现,VUE3作为一个快速、灵活、易上手的前端框架备受热爱。接下来,我们就来一起学习VUE3的基础知识,制作一个简单的视频播放器。一、安装VUE3首先,我们需要在本地安装VUE3。打开命令行工具,执行以下命令:npminstallvue@next接着,新建一个HTML文件,引入VUE3:<!doctypehtml>

Python中的VAE算法实例Python中的VAE算法实例Jun 11, 2023 pm 07:58 PM

VAE是一种生成模型,全称是VariationalAutoencoder,中文译作变分自编码器。它是一种无监督的学习算法,可以用来生成新的数据,比如图像、音频、文本等。与普通的自编码器相比,VAE更加灵活和强大,能够生成更加复杂和真实的数据。Python是目前使用最广泛的编程语言之一,也是深度学习的主要工具之一。在Python中,有许多优秀的机器学习和深度

Python中的GAN算法实例Python中的GAN算法实例Jun 10, 2023 am 09:53 AM

生成对抗网络(GAN,GenerativeAdversarialNetworks)是一种深度学习算法,它通过两个神经网络互相竞争的方式来生成新的数据。GAN被广泛用于图像、音频、文字等领域的生成任务。在本文中,我们将使用Python编写一个GAN算法实例,用于生成手写数字图像。数据集准备我们将使用MNIST数据集作为我们的训练数据集。MNIST数据集包含

PHP 简单网络爬虫开发实例PHP 简单网络爬虫开发实例Jun 13, 2023 pm 06:54 PM

随着互联网的迅速发展,数据已成为了当今信息时代最为重要的资源之一。而网络爬虫作为一种自动化获取和处理网络数据的技术,正越来越受到人们的关注和应用。本文将介绍如何使用PHP开发一个简单的网络爬虫,并实现自动化获取网络数据的功能。一、网络爬虫概述网络爬虫是一种自动化获取和处理网络资源的技术,其主要工作过程是模拟浏览器行为,自动访问指定的URL地址并提取所

快速上手Django框架:详细教程和实例快速上手Django框架:详细教程和实例Sep 28, 2023 pm 03:05 PM

快速上手Django框架:详细教程和实例引言:Django是一款高效灵活的PythonWeb开发框架,由MTV(Model-Template-View)架构驱动。它拥有简单明了的语法和强大的功能,能够帮助开发者快速构建可靠且易于维护的Web应用程序。本文将详细介绍Django的使用方法,并提供具体实例和代码示例,帮助读者快速上手Django框架。一、安装D

See all articles

热AI工具

Undresser.AI Undress

Undresser.AI Undress

人工智能驱动的应用程序,用于创建逼真的裸体照片

AI Clothes Remover

AI Clothes Remover

用于从照片中去除衣服的在线人工智能工具。

Undress AI Tool

Undress AI Tool

免费脱衣服图片

Clothoff.io

Clothoff.io

AI脱衣机

AI Hentai Generator

AI Hentai Generator

免费生成ai无尽的。

热门文章

R.E.P.O.能量晶体解释及其做什么(黄色晶体)
2 周前By尊渡假赌尊渡假赌尊渡假赌
仓库:如何复兴队友
4 周前By尊渡假赌尊渡假赌尊渡假赌
Hello Kitty Island冒险:如何获得巨型种子
3 周前By尊渡假赌尊渡假赌尊渡假赌

热工具

ZendStudio 13.5.1 Mac

ZendStudio 13.5.1 Mac

功能强大的PHP集成开发环境

适用于 Eclipse 的 SAP NetWeaver 服务器适配器

适用于 Eclipse 的 SAP NetWeaver 服务器适配器

将Eclipse与SAP NetWeaver应用服务器集成。

EditPlus 中文破解版

EditPlus 中文破解版

体积小,语法高亮,不支持代码提示功能

DVWA

DVWA

Damn Vulnerable Web App (DVWA) 是一个PHP/MySQL的Web应用程序,非常容易受到攻击。它的主要目标是成为安全专业人员在合法环境中测试自己的技能和工具的辅助工具,帮助Web开发人员更好地理解保护Web应用程序的过程,并帮助教师/学生在课堂环境中教授/学习Web应用程序安全。DVWA的目标是通过简单直接的界面练习一些最常见的Web漏洞,难度各不相同。请注意,该软件中

Atom编辑器mac版下载

Atom编辑器mac版下载

最流行的的开源编辑器