Saturday, October 23, 2010

Vsftpd + tcp_wrappers host and user access control



RHEL4 in vsftpd support at compile time has tcp_wrappers, so you can use tcp_wrappers to achieve the host access control.

Before the experiment, first said the implementation of the next order of tcp-wrappers:

First implementation of the hosts.allow, if hosts.allow inside the list, the list of the machine is allowed access; otherwise, then scroll down to hosts.deny, if the hosts.deny list inside, then refused to list the machine access, if also not (that is, which do not allow and deny list) is allowed access to the host.

Real life, host.allow can also set "Reject" feature, so generally only use / etc / hosts.allow for access control can host.

(A) of the host access control

The host (192.168.1.102) to configure vsftpd service, so in addition to 192.168.1.100 192.168.1.0/24 network segment other than to allow other hosts to access the FTP service.

Program very simple, edit / etc / hosts.allow

vsftpd: 192.168.1.100: DENY

vsftpd: 192.168.1.

Restart vsftpd, experimental purposes can be achieved, we can tcp_wrappers in the experiment will do more complex experiments.

(B) User Access Control

vsftpd flexible user access control. In the specific implementation, vsftpd user access control is divided into two categories: the first is the traditional list of users / etc / vsftpd / ftpusers, I understand it as the system list (that is, the system prohibited); second is to improve the user list file / etc / vsftpd / user_list, I understand it as they want to ban list

To realize the second list control must be inside vsftpd.conf

userlist_enable = YES

userlist_deny = YES / / This article is the system default exists, that is also unnecessary to add the system defaults to YES

userlist_file = / etc / vsftpd / usrer_list

The above simple experiment can be achieved vsftpd powerful control.







Recommended links:



LiveMotion font production: Shadow word



DAT to 3GP



Yum 2007 "Ten key words"



"Batman Arkham Asylum" after playing a little bit of getting



With SNS to create individual LEARNING ecosystem



H.264 to AVI



CorelDRAW Filter Characteristics Show



AVI to iPod



evaluation Multimedia Creation Tools



How Can We Know That You AutoCad Screen Shown On The Graphs Of 1:1



Comment Gallery And Cataloging Tools



Leaders Must Be Good To Know People



Free high voice on "desktop" Open source enclosure busy



The Best Drm Removal Software Review



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)