[ Pobierz całość w formacie PDF ]
.The"/home/ftp/etc/group" file has entries for each of these allowed groups, each of which has just onemember.It s important that the guestgroup appears one per line in the configuration file.452Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingServer Software (File Sharing Network Services) 2CHAPTER 1log security real,guestThe option  log security specifies to enable logging of violations of security rules for real, guestand/or anonymous FTP clients.In our example, we specify to log violations for users using theFTP server to access real accounts, and for users using the FTP server to access guest accounts.guest-root /home/ftp ftpadmin webmasterrestricted-uid ftpadmin webmasterrestricted-gid ftpadmin webmasterThese clauses,  guest-root ,  restricted-uid ,  restricted-gid specify and control whether or notguest users will be allowed access to areas on the FTP server outside their home directories(this is an important security feature).In our example, we specified the chroot() path for usersto be , and that they cannot access each other's filesbecause they are restricted to their home directories ,.Multiple UID ranges may be given on the line.If a guest-root is chosen for the user, the user's home directory in the  /etc/passwd file is used todetermine the initial directory, and their home directory, in the system-wide  /etc/passwd , is notused.This is a security feature.greeting terseThe option  greeting specifies how much system information will be displayed before the remoteuser logs in.There are three parameters you can chose: is the default and shows thehostname and daemon version of the server, which shows only the hostname, and, which will simply says "FTP server ready" to your terminal.keepalive yesThe option  keepalive specifies whether the system should send keep alive messages to theremote FTP server.If set to  yes , then death of the connection or crash of remote machines willbe properly noticed.Configuration of the  /etc/ftphosts fileThe  /etc/ftphosts file is used to define whether users are allowed to log in from certain hosts orwhether there are denied access.Step 1Create the ftphosts file (touch /etc/ftphosts) and add for example in this file the following lines:# Example host access file## Everything after a '#' is treated as comment,# empty lines are ignoredallow ftpadmin 208.164.186.1 208.164.186.2 208.164.186.4deny ftpadmin 208.164.186.5In the example below, we allow the user to connect via FTP from the explicitly listedaddresses , and deny the specifieduser to connect from the site.Step 2Now, change its default permission to be 600:[root@deep /]# chmod 600 /etc/ftphosts453Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingServer Software (File Sharing Network Services) 2CHAPTER 1Configuration of the  /etc/ftpusers fileThe  /etc/ftpusers file specifies those users that are NOT allowed to connect to your FTP server.Step 1Create the ftpusers file (touch /etc/ftpusers) and add in this file the following users for securityreasons:rootbindaemonadmlpsyncshutdownhaltmailnewsuucpoperatorgamesnobodyStep 2Now, change its default permission to be 600:[root@deep /]# chmod 600 /etc/ftpusersConfiguration of the  /etc/ftpconversions fileThe  /etc/ftpconversions file contains instructions that permit you to compress files on demandbefore the transfer.Step 1Edit the ftpconversions file (vi /etc/ftpconversions) and add in this file the following lines::.Z: : :/bin/compress -d -c %s:T_REG|T_ASCII:O_UNCOMPRESS:UNCOMPRESS: : :.Z:/bin/compress -c %s:T_REG:O_COMPRESS:COMPRESS:.gz: : :/bin/gzip -cd %s:T_REG|T_ASCII:O_UNCOMPRESS:GUNZIP: : :.gz:/bin/gzip -9 -c %s:T_REG:O_COMPRESS:GZIP: : :.tar:/bin/tar -c -f - %s:T_REG|T_DIR:O_TAR:TAR: : :.tar.Z:/bin/tar -c -Z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+COMPRESS: : :.tar.gz:/bin/tar -c -z -f - %s:T_REG|T_DIR:O_COMPRESS|O_TAR:TAR+GZIP: : :.crc:/bin/cksum %s:T_REG::CKSUM: : :.md5:/bin/md5sum %s:T_REG::MD5SUMStep 2Now, change its default permissions to be 600:[root@deep /]# chmod 600 /etc/ftpconversionsConfiguration of the  /etc/pam.d/ftp fileConfigure your  /etc/pam.d/ftp file to use pam authentication.Create the ftp file (touch /etc/pam.d/ftp) and add the following lines:#%PAM-1.0auth required /lib/security/pam_listfile.so item=user sense=deny file=/etc/ftpusers onerr=succeed454Copyright 1999 - 2000 Gerhard Mourani, Open Network Architecture ® and OpenDocs PublishingServer Software (File Sharing Network Services) 2CHAPTER 1auth required /lib/security/pam_pwdb.so shadow nullokauth required /lib/security/pam_shells.soaccount required /lib/security/pam_pwdb.sosession required /lib/security/pam_pwdb.soConfiguration of the  /etc/logrotate.d/ftpd fileConfigure your  /etc/logrotate.d/ftpd file to automatically rotate your log files each week.Create the ftpd file (touch /etc/logrotate.d/ftpd) and add the following lines:/var/log/xferlog {# ftpd doesn't handle SIGHUP properlynocompress}Configure ftpd to use tcp-wrappers inetd super serverTcp-wrappers should be enabled to start and stop the ftpd server.Upon execution, inetd reads itsconfiguration information from a configuration file which, by default, is  /etc/inetd.conf.Theremust be an entry for each field of the configuration file, with entries for each field separated by atab or a space.Step 1Edit the inetd.conf file (vi /etc/inetd.conf) and add or verify the existence of the following line:ftp stream tcp nowait root /usr/sbin/tcpd in.ftpd -l -aNOTE: Update your  inetd.conf file by sending a SIGHUP signal (killall -HUP inetd) after addingthe above line in the file." To update your  inetd.conf file, use the following command:[root@deep /]# killall -HUP inetdStep 2Edit the hosts.allow file (vi /etc/hosts.allow) and add, for example, the following line:in.ftpd: 192.168.1.4 win.openna.comWhich means client IP  192.168.1.4 with host name  win.openna.com is allowed to FTP on tothe server.FTP Administrative ToolsftpwhoThe ftpwho program utility displays all active ftp users, and their current process information onthe system.The output of the command is in the format of the  /bin/ps command.The format ofthis command is:" To displays all active ftp users and their current process, use the following command:[root@deep /]# ftpwhoService class openna:5443 ? S 0:00 ftpd: win.openna [ Pobierz caÅ‚ość w formacie PDF ]

zanotowane.pl

doc.pisz.pl

pdf.pisz.pl

rozszczep.opx.pl