This example shows how you might set up a (possibly large) internet facing FTP site. The emphasis will be on security and performance. We will see how by integrating vsftpd with xinetd, we get a powerful combination. Step 1) Set up your xi
This example shows how you might set up a (possibly large) internet facing
FTP site.
The emphasis will be on security and performance.
We will see how by integrating vsftpd with xinetd, we get a powerful
combination.
Step 1) Set up your xinetd configuration file.
An example xinetd configuration file "vsftpd.xinetd" is supplied.
To install it:
cp vsftpd.xinetd /etc/xinetd.d/vsftpd
Let's look at the important content in this file and see what it does:
disable = no
socket_type = stream
wait = no
This says that the service is active, and it is using standard TCP sockets.
user = root
server = /usr/local/sbin/vsftpd
The server program /usr/local/sbin/vsftpd is used to handle incoming FTP
requests, and the program is started as root (vsftpd will of course quickly
drop as much privilege as possible). NOTE! Make sure that you have the vsftpd
binary installed in /usr/local/sbin (or change the file path in the xinetd
file).
per_source = 5
instances = 200
For security, the maximum allowed connections from a single IP address is 5.
The total maximum concurrent connections is 200.
no_access = 192.168.1.3
As an example of how to ban certain sites from connecting, 192.168.1.3 will
be denied access.
banner_fail = /etc/vsftpd.busy_banner
This is the file to display to users if the connection is refused for whatever
reason (too many users, IP banned).
Example of how to populate it:
echo "421 Server busy, please try later." > /etc/vsftpd.busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST
This will log the IP address of all connection attempts - successful or not,
along with the time. If an FTP server is launched for the connection, it's
process ID and usage duration will be logged too. If you are using RedHat
like me, this log information will appear in /var/log/secure.
Step 2) Set up your vsftpd configuration file.
An example file is supplied. Install it like this:
cp vsftpd.conf /etc
Let's example the contents of the file:
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
This makes sure the FTP server is in anonymous-only mode and that all write
and upload permissions are disabled. Note that most of these settings are
the same as the default values anyway - but where security is concerned, it
is good to be clear.
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
These settings, in order
- Make sure only world-readable files and directories are served.
- Originates FTP port connections from a secure port - so users on the FTP
server cannot try and fake file content.
- Hide the FTP server user IDs and just display "ftp" in directory listings.
This is also a performance boost.
- Set a 50000-60000 port range for passive connections - may enable easier
firewall setup!
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
In order,
- Enables recording of transfer stats to /var/log/vsftpd.log
- Disables "ls -R", to prevent it being used as a DoS attack. Note - sites
wanting to be copied via the "mirror" program might need to enable this.
- Disables downloading in ASCII mode, to prevent it being used as a DoS
attack (ASCII downloads are CPU heavy).
- Enables older FTP clients to cancel in-progress transfers.
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000
In order,
- Activates a faster "one process per connection" model. Note! To maintain
security, this feature is only available on systems with capabilities - e.g.
Linux kernel 2.4.
- Boots off idle users after 2 minutes.
- Boots off idle downloads after 5 minutes.
- Boots off hung passive connects after 1 minute.
- Boots off hung active connects after 1 minute.
- Limits a single client to ~50kbytes / sec download speed.
Step 3) Restart xinetd.
(on RedHat)
/etc/rc.d/init.d/xinetd restart
If you run into problems, check:
1) Your /etc/xinetd.d directory only has one FTP service.
vsftpd.conf
# Access rights
anonymous_enable=YES
local_enable=NO
write_enable=NO
anon_upload_enable=NO
anon_mkdir_write_enable=NO
anon_other_write_enable=NO
# Security
anon_world_readable_only=YES
connect_from_port_20=YES
hide_ids=YES
pasv_min_port=50000
pasv_max_port=60000
# Features
xferlog_enable=YES
ls_recurse_enable=NO
ascii_download_enable=NO
async_abor_enable=YES
# Performance
one_process_model=YES
idle_session_timeout=120
data_connection_timeout=300
accept_timeout=60
connect_timeout=60
anon_max_rate=50000
vsftpd.xinetd
# vsftpd is the secure FTP server.
service ftp
{
disable = no
socket_type = stream
wait = no
user = root
server = /usr/local/sbin/vsftpd
per_source = 5
instances = 200
no_access = 192.168.1.3
banner_fail = /etc/vsftpd.busy_banner
log_on_success += PID HOST DURATION
log_on_failure += HOST
}

Python中的支持向量机(SupportVectorMachine,SVM)是一个强大的有监督学习算法,可以用来解决分类和回归问题。SVM在处理高维度数据和非线性问题的时候表现出色,被广泛地应用于数据挖掘、图像分类、文本分类、生物信息学等领域。在本文中,我们将介绍在Python中使用SVM进行分类的实例。我们将使用scikit-learn库中的SVM模

Golang是一门功能强大且高效的编程语言,可以用于开发各种应用程序和服务。在Golang中,指针是一种非常重要的概念,它可以帮助我们更灵活和高效地操作数据。指针转换是指在不同类型之间进行指针操作的过程,本文将通过具体的实例来学习Golang中指针转换的最佳实践。1.基本概念在Golang中,每个变量都有一个地址,地址就是变量在内存中的位置。

随着互联网的普及,验证码已经成为了登录、注册、找回密码等操作的必要流程。在Gin框架中,实现验证码功能也变得异常简单。本文将介绍如何在Gin框架中使用第三方库实现验证码功能,并提供示例代码供读者参考。一、安装依赖库在使用验证码之前,我们需要安装一个第三方库goCaptcha。安装goCaptcha可以使用goget命令:$goget-ugithub

随着新一代前端框架的不断涌现,VUE3作为一个快速、灵活、易上手的前端框架备受热爱。接下来,我们就来一起学习VUE3的基础知识,制作一个简单的视频播放器。一、安装VUE3首先,我们需要在本地安装VUE3。打开命令行工具,执行以下命令:npminstallvue@next接着,新建一个HTML文件,引入VUE3:<!doctypehtml>

VAE是一种生成模型,全称是VariationalAutoencoder,中文译作变分自编码器。它是一种无监督的学习算法,可以用来生成新的数据,比如图像、音频、文本等。与普通的自编码器相比,VAE更加灵活和强大,能够生成更加复杂和真实的数据。Python是目前使用最广泛的编程语言之一,也是深度学习的主要工具之一。在Python中,有许多优秀的机器学习和深度

生成对抗网络(GAN,GenerativeAdversarialNetworks)是一种深度学习算法,它通过两个神经网络互相竞争的方式来生成新的数据。GAN被广泛用于图像、音频、文字等领域的生成任务。在本文中,我们将使用Python编写一个GAN算法实例,用于生成手写数字图像。数据集准备我们将使用MNIST数据集作为我们的训练数据集。MNIST数据集包含

随着互联网的迅速发展,数据已成为了当今信息时代最为重要的资源之一。而网络爬虫作为一种自动化获取和处理网络数据的技术,正越来越受到人们的关注和应用。本文将介绍如何使用PHP开发一个简单的网络爬虫,并实现自动化获取网络数据的功能。一、网络爬虫概述网络爬虫是一种自动化获取和处理网络资源的技术,其主要工作过程是模拟浏览器行为,自动访问指定的URL地址并提取所

快速上手Django框架:详细教程和实例引言:Django是一款高效灵活的PythonWeb开发框架,由MTV(Model-Template-View)架构驱动。它拥有简单明了的语法和强大的功能,能够帮助开发者快速构建可靠且易于维护的Web应用程序。本文将详细介绍Django的使用方法,并提供具体实例和代码示例,帮助读者快速上手Django框架。一、安装D


热AI工具

Undresser.AI Undress
人工智能驱动的应用程序,用于创建逼真的裸体照片

AI Clothes Remover
用于从照片中去除衣服的在线人工智能工具。

Undress AI Tool
免费脱衣服图片

Clothoff.io
AI脱衣机

AI Hentai Generator
免费生成ai无尽的。

热门文章

热工具

ZendStudio 13.5.1 Mac
功能强大的PHP集成开发环境

适用于 Eclipse 的 SAP NetWeaver 服务器适配器
将Eclipse与SAP NetWeaver应用服务器集成。

EditPlus 中文破解版
体积小,语法高亮,不支持代码提示功能

DVWA
Damn Vulnerable Web App (DVWA) 是一个PHP/MySQL的Web应用程序,非常容易受到攻击。它的主要目标是成为安全专业人员在合法环境中测试自己的技能和工具的辅助工具,帮助Web开发人员更好地理解保护Web应用程序的过程,并帮助教师/学生在课堂环境中教授/学习Web应用程序安全。DVWA的目标是通过简单直接的界面练习一些最常见的Web漏洞,难度各不相同。请注意,该软件中

Atom编辑器mac版下载
最流行的的开源编辑器