Wednesday, July 28, 2010

Vsftpd + tcp_wrappers host and user access control



RHEL4 in vsftpd support at compile time has tcp_wrappers, so you can use tcp_wrappers to achieve the host access control.

Before the experiment, first said the implementation of the next order of tcp-wrappers:

First implementation of the hosts.allow, if hosts.allow inside the list, the list of the machine is allowed access; otherwise, then scroll down to hosts.deny, if the hosts.deny list inside, then refused to list the machine access, if also not (that is, which do not allow and deny list) is allowed access to the host.

Real life, host.allow can also set "Reject" feature, so generally only use / etc / hosts.allow for access control can host.

(A) of the host access control

The host (192.168.1.102) to configure vsftpd service, so in addition to 192.168.1.100 192.168.1.0/24 network segment other than to allow other hosts to access the FTP service.

Program very simple, edit / etc / hosts.allow

vsftpd: 192.168.1.100: DENY

vsftpd: 192.168.1.

Restart vsftpd, experimental purposes can be achieved, we can tcp_wrappers in the experiment will do more complex experiments.

(B) User Access Control

vsftpd flexible user access control. In the specific implementation, vsftpd user access control is divided into two categories: the first is the traditional list of users / etc / vsftpd / ftpusers, I understand it as the system list (that is, the system prohibited); second is to improve the user list file / etc / vsftpd / user_list, I understand it as they want to ban list

To realize the second list control must be inside vsftpd.conf

userlist_enable = YES

userlist_deny = YES / / This article is the system default exists, that is also unnecessary to add the system defaults to YES

userlist_file = / etc / vsftpd / usrer_list

The above simple experiment can be achieved vsftpd powerful control.







Recommended links:



When Faced with salesman salesman



CorelDRAW based cartoon series (3)



mkv video format



Chinese input method commonly used FAST switching



Wealth-WinRAR Extract slimming feature to answer



Simple Trace And Ping Tools



Background to Ren Zhengfei



mp4 to mp3 CONVERTER



Thunder Has More Than 100 Million Users Targeting NASDAQ



Best Help Tools



converting mp3 to Aac



J2ME Game NORMAL-FRAME



matroska file



Posted by at

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)