Ftp security settings and ftp Security

Ftp security settings and ftp Security

1. File Introduction

Description of ftpuser and user_list files in/etc/pam. d/vsftpd; (ADD and change the file path after file =)
Description of userlist_enable and userlist_deny in/etc/vsftpd. conf.

For the sake of security, the Administrator does not want accounts with excessive permissions (such as root) or accounts that are not commonly used in the system (to prevent exploitation) to log on to FTP, to upload or download insecure files.

Ftpuser: stores files that prohibit access to ftp users. It is a blacklist and is not affected by any configuration items;
User_list: stores ftp user files, which can be blacklisted and whitelist, which is affected by userlist_enable and userlist_deny.

[Anti-brainless malicious reprint, source: http://customsec.cn]

2. Related Configuration

(1) Because ftpuser is not affected by other configurations, you can directly add users who are not allowed to log on to ftp to this list, and use more, but you can only configure access to the ftp blacklist, the whitelist cannot be created. (Only configure the blacklist. recommended)
(2) user_list is affected by the configuration of userlist_enable and userlist_deny in vsftpd. conf:

When userlist_enable = YES, the configuration of userlist_deny takes effect. If userlist_enable = NO, the configuration of userlist_deny does not take effect.

Eg 1: userlist_enable = YES, userlist_deny = YES
In this case, user_list is blacklisted and users in this list cannot access ftp

Eg 2: userlist_enable = YES, userlist_deny = NO
In this case, user_list is a white list. Users in this list can access ftp, but other users cannot.

Eg 3: userlist_enable = NO, userlist_deny = YES
Eg 4: userlist_enable = NO, userlist_deny = NO
The third and fourth types are equivalent to no configuration and do not take effect. All users can access the ftp