Linux FTP server security completely Raiders

When learning Linux system, you may encounter network service problems, here will introduce the Linux FTP server security and DHCP service implementation solutions, here to share with you.

Linux system is relatively safe compared to Windows. There are fewer system vulnerabilities. There are fewer viruses for this system, and the outside is not easy to attack. Therefore, it is very desirable to use Linux system to do various network services. The following is a detailed description of the FTP and DHCP services under the Linux system.

System: Redflag Linux 4.1 FTP service implementation First download the FTP service package vsFTPd-1.1.3-8.i386.rpm, install the package. The command is as follows: [root@localhost lxjun]# rpm -ivh vsFTPd-1.1.3-8.i386.rpm. After the installation is complete, the vsFTPd.conf file is automatically generated in the /etc/vsFTPd directory. Start ntsysv, vsFTPd items will appear in the list of services. Check this option to restart the server.

vsFTPd.conf author profile settings as follows: anonymous_enable = YESlocal_enable = YESwrite_enable = YESlocal_umask = 022anon_upload_enable = noanon_mkdir_write_enable = nodirmessage_enable = YESxferlog_enable = YESconnect_from_port_20 = YESxferlog_file = /var /log /vsFTPd.logascii_upload_enable = YESascii_download_enable = YESpam_service_name = vsFTPduserlist_enable=YESlisten=YEStcp_wrappers=YES After the configuration is complete, the basic FTP service can be implemented. Now let me explain the following issues.

Question 1: Can not download /var /FTP file in the pub /, FTP client display & rdquo; file can not be opened server & rdquo ;.! Solution: Check the other file attributes that can be downloaded in the directory, which is 644, and the file attribute is 600, and the file attribute is changed to 644,. Execute the following command [root@localhost pub]# chmod 644 vsFTPd.conf or [root@localhost pub]# chmod go+r vsFTPd.conf ie all users have read access to the file. Re-downloading is normal.

Question 2: How to achieve anonymous user upload? Most linux FTP server security does not allow anonymous users to upload, for the security of the server, of course, this can be understood. But technically, anonymity can implement uploading. The description is as follows: Add the following command line to the vsFTPd.conf file: anon_upload_enable=yesanon_mkdir_write_enable=yesanon_world_readable_only=noanon_other_write_enable=yes to open the maximum permissions for anonymous users. 1. Create an anonymous user upload directory [root@localhost FTP]# mkdir incoming2. Modify the permissions of the upload directory [root@localhost FTP]# chmod o+w incoming3. REBOOT server Note: It is best to set a directory for anonymous users. Do not upload the file to the /var/FTP/pub directory. SxS asks for prompts, which will bring great convenience to file management. Approach is not to /var /FTP /pub directory gives & rdquo; o + w & rdquo; permission.

Question 3: Can I use a different port instead of the default FTP port to provide services? FTP server default port number 21, in order to reduce external attacks, can not provide a common port number for the service to port 10021 as an example. The method is as follows: Add the statement in /etc/vsFTPd/vsFTPd.conf: listen_port=10021 so that the FTP service can be provided through the server port 10021. Close port 21 to use the command to view the port number used by FTP, as follows: [root@localhost vsFTPd]# netstat -anp | Grep 21tcp 000.0.0.0:100210.0.0.0:*LISTEN 562/vsFTPdtcp 000.0.0.0:210.0.0.0:*LISTEN 549/xinetd It can be seen that both port 10021 and port 21 are in the listening state, and port 21 is closed. [root@localhost vsFTPd]# kill -9 549 (PID) This FTP client can only log in with port 10021. Some illegal users cannot force a login through the guess port. Enhanced system security.

The above is for everyone to explain the Linux FTP server security solution.