Home PC Games Linux Windows Database Network Programming Server Mobile  
  Home \ Linux \ VSFTPD Security     - Graphing tool: Gnuplot (Linux)

- To install the Oracle process notes on Oracle Linux 4u4 (Database)

- Installation and Configuration ISC DHCP server on Debian Linux (Server)

- Oracle how to maintain the consistency of read? (Database)

- Hadoop2.0 configuration yarn success (Server)

- Changes in C # asynchronous programming model (Programming)

- Netcat Example (Linux)

- Objective-C basic program structure (Programming)

- Linux Programming memory mapping (Programming)

- RedHat Linux 9.0 under P4VP-MX motherboard graphics resolution of problems (Linux)

- Hanoi problem Java Solution (Programming)

- Create your own YUM repository (Linux)

- Nginx log cutting and MySQL script regular backup script (Server)

- How to use the character in C ++ without pressing the Enter key to enter the Show (Programming)

- Hibernate Performance Optimization of reusing SessionFactory (Programming)

- Zabbix using Omsa monitor hardware information of Dell server (Server)

- Postgres-X2 deployment steps (Database)

- There is sort of a directed acyclic graph topology (Programming)

- Using Linux stat command to view the files (Linux)

- HAProxy performance under high concurrency (Server)

  VSFTPD Security
  Add Date : 2017-08-31      
  In order to construct a security-based FTP server, vsftpd "Privileges program (privilege)" operating system concepts for the design, if you read the program and resource management section of the Basics, you should know that the implementation of the above systems the program will lead to a program that we call him PID (Process ID), the PID in the system above tasks can be performed with his own permissions. That is, PID has the authority level, the more he was able to multi-task performed. For example, using the root identity triggered PID usually have to carry out any work permission level.

However, if the trigger PID program (program) that have vulnerabilities that result in network cracker (cracker) the attacks achieved this PID use right, then the network will achieve this PID Vendetta has permission na! Therefore, the recent development kit will reduce the PID will try to get permission to service, making the service even accidentally been compromised, the intruder can not get effective system management authority, which would allow our systems more secure it. vsftpd is based on this idea and design.

In addition to the privileges PID aspects, vsftpd chroot This function also supports the function, chroot name suggests is the "change root directory" means, that the root refers to "the root" instead of the system administrator. He can be a particular directory into the root directory, so the directory has no relationship other directories will not be misused.

For example, if you logged in as our anonymous ftp service, then you will usually be defined in / var / ftp directory, and you can see the root directory is actually just / var / ftp, as for other systems such as / etc, / home, / usr ... other directory you can not see it! Thus even if the ftp service is compromised, there is no relationship or only intruder in / var / ftp running around inside of it, but can not use the full functionality of Linux. Natural our system will be more secure it!

vsftpd is based on the above description to design a more secure FTP server software, he has the characteristics of the underlying Oh:

* Vsftpd start the identity service for the general user, so for lower permissions Linux systems, Linux systems for harm reduction on the opposite. In addition, vsftpd also use chroot () function of this change were the root of the action, so that the system will not be vsftpd this tool misuse services;

* Any vsftpd command needs to have a high execute permissions are a special program of the upper (parent process) under the control of the upper program enjoyed a higher authority to perform functions already quite low is limited, and does not affect Linux itself the system shall prevail;

* Most of the ftp command will use the extra functions (dir, ls, cd ...) have been integrated into the main program which vsftpd, so theoretically vsftpd does not require additional instruction to the system, so in the case of the chroot, vsftpd can only operate smoothly and does not require additional functions for the system is also more secure.

* All end and want to use vsftpd higher instruction execution competence of this top program offered by the demand from customers, are considered "untrusted request" to deal with, will need to go through a considerable degree of identification, the party available functions of the upper program. Such as chown (), Login requirements, and so the action;

* In addition, the above-mentioned upper program, still using the chroot () function to restrict user permissions to execute.

With such features, so vsftpd will become relatively safer strategy!
- Ubuntu 10.10 install Oracle 10g Installation Guide (Database)
- MySQL5.7.10 installation documentation (Database)
- Talk about jsonp (Programming)
- Linux Command-line MySQL summary (Database)
- C ++ 11 smart pointers (Programming)
- Apache Spark1.1.0 deployment and development environment to build (Server)
- Apache Web Security Linux systems (Linux)
- Memcached distributed caching (Server)
- cursor_sharing induced error ORA-00600 (Database)
- gzip, bzip2, xz, tar, zip compression, archive Detailed (Linux)
- CentOS 7 Change Hostname (Linux)
- Python cause yum upgrade error (Linux)
- Linux, Oracle listen address modification (Database)
- Modify MySQL character encoding under Linux (Database)
- Linux under HAProxy + Keepalived dual-availability program (Server)
- 10 example of the detection memory usage free Linux commands (Linux)
- Several Ceph performance optimization of new methods and ideas (2015 SH Ceph Day after flu reference) (Server)
- Installation and Configuration rsync server under CentOS 6.3 (Server)
- Replace font under Linux (Linux)
- Python regular expressions: how to use regular expressions (Programming)
  CopyRight 2002-2020 newfreesoft.com, All Rights Reserved.