当前位置:网站首页>16. File transfer protocol, vsftpd service

16. File transfer protocol, vsftpd service

2020-11-07 22:18:22 Sword emperor Xiao Jian

SELinux Security subsystem

  • Three models :
    • enforcing: Force security policy mode on , Illegal requests for services will be blocked .
    • permissive: In case of unauthorized access to the service , Just give a warning and not force intercept .
    • disabled: Don't warn or intercept ultra vires .
  • getenforce- Get the current SELinux The mode of operation of the service
  • setenforce0 / 1 - temporary modify SELinux Current operating mode (0 To disable ,1 To enable )
  • semanage<options>__<file>- management SELinux The strategy of
    • [-l] - Inquire about ;
    • [-a] - add to ;
    • [-m] - modify ;
    • [-d] - Delete
  • restorecon- Will set up SELinux The security context takes effect immediately

File transfer protocol (FTP)

  • Package: vsftpd, ftp
  • Working mode
    • Active mode :FTP The server initiates the connection request to the client
    • Passive mode :FTP The server waits for the client to initiate a connection request (FTP The default working mode of )
    • systemctl enable_<serviceName>_ Application configuration

vsftpd Working mode

  • Anonymous open mode ( unsafe )【 Anonymous users :anonymous】
  • Local user mode
  • Virtual user mode ( Security , But the configuration is complicated , Want to use PAM)
  • -6 Use IPv6 agreement

Simple file transfer protocol (TFTP)

  • Package: tftp_server, tftp

TFTP Service is to use xinetd Service program to manage .xinetd Services can be used to manage a variety of lightweight network services , And it has powerful log function . Simply speaking , In the installation TFTP After the package , Still need to be in xinetd Open it in the service program , Disable by default (disable) Parameter is modified as no

TFTP The command function of is not as good as FTP Powerful service , You can't even traverse directories , It's also less secure than FTP service . and , because TFTP When transferring files, we use UDP agreement , The port number occupied is 69, So the file transfer process is not like FTP The agreement is so reliable . however , because TFTP There is no need for client authentication , It also reduces unnecessary system and network bandwidth consumption , So the transmission is trivial (trivial) Small documents , More efficient .

版权声明
本文为[Sword emperor Xiao Jian]所创,转载请带上原文链接,感谢