Security Settings For vsftpd in open-source systems (III)

The first two parts of the article (http://www.bkjia.com/Article/201112/114141.html) detailed describes how to set sftpd security, and finally we summarize the configuration list of vsftpd.
(4) A complete advanced vsftpd configuration list
In order to give users a clearer understanding of the security configuration method of vsftpd, a complete advanced configuration list of vsftpd and its annotations are provided for users to refer to the actual configuration.
Part I: Basic logon and permission Configuration
Anonymous_enable = yes (Anonymous Logon Allowed)
Dirmessage_enable = yes (The. message content under the directory is displayed when the directory is switched)
Local_umask = 022 (local file permission on FTP, default: 077)
Connect_form_port_20 = yes (enable data connection on the FTP data port)
Xferlog_enable = yes (enable upload and download logs)
Xferlog_std_format = yes (use the standard log format)
Ftpd_banner = XXXXX (welcome information)
Pam_service_name = vsftpd (Verification Method )*
Listen = yes (independent VSFTPD server )*
Anon_upload_enable = yes (Open upload permission)
Anon_mkdir_write_enable = yes (you can create a directory and upload files to it)
Write_enable = yes (grant write permission to local users)
Anon_other_write_enable = yes (anonymous accounts can have the permission to delete)
Anon_world_readable_only = no (open anonymous user browsing permission)
Ascii_upload_enable = yes (enable the upload ASCII transfer mode)
Ascii_download_enable = yes (enable the ASCII transmission mode for download)
Part II: FTP Connection Control
Banner_file =/var/vsftpd_banner_file)
Idle_session_timeout = 600 (seconds) (10 minutes after the user's session is idle)
Data_connection_timeout = 120 (seconds) (idle 2 minutes)
Accept_timeout = 60 (seconds) (disconnect the client one minute later)
Connect_timeout = 60 (seconds) (disconnect again after 1 minute)
Local_max_rate = 50000 (bite) (Local User transfer rate: 50 K)
Anon_max_rate = 30000 (bite) (anonymous user transfer rate: 30 K)
Pasv_min_port = 50000
Pasv_max_port = 60000 (change the data connection port of the client)
Max_clients = 200 (maximum number of FTP connections)
Max_per_ip = 4 (maximum number of connections per IP)
Listen_port = 5555 (data connection from port 5555)
Part III: Local Account permission Control
Local_enble = yes (the local account can log on)
Write_enable = no (You are not authorized to delete or modify files after logging on to the local account)
Userlist_enable = yes (users in the specified file cannot access it)
Userlist_deny = yes
Userlist_file =/specified path/vsftpd. user_list
Banner_fail =/path/file name (the file content is displayed when the connection fails)
Ls_recurse_enable = no
Async_abor_enable = yes
One_process_model = yes
Listen_address = 10.2.2.2 (bind the virtual service to a port)
Part III: virtual user permission Control
Guest_enable = yes (Virtual users can log on)
Guest_username = User Name (ing virtual users to local users)
User_config_dir =/any specified path/folder created by the user policy
(Specify the path of different virtual user configuration files)
Part IV: other configurations
Chown_uploads = yes (change the owner of the uploaded file to root)
Chown_username = root
Deny_email_enable = yes (whether anonymous users are allowed to use certain email addresses)
Banned_email_file = // any specified path/xx/
Pasv_enable = yes (server uses passive mode)
User_config_dir =/any specified path // any file directory (specify the path where the virtual user stores the configuration file)

 

[TechTarget Chinese original]