Shulou(Shulou.com)06/01 Report--

This article mainly explains "how to control host and user access by Vsftpd+tcp_wrappers". Interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how Vsftpd+tcp_wrappers controls host and user access.

Vsftpd in RHEL4 already supports tcp_wrappers at compile time, so you can use tcp_wrappers to implement host access control.

Before the experiment, let's first talk about the execution order of tcp-wrappers:

Execute hosts.allow first. If there is a list in hosts.allow, the machine in the list is allowed to access; otherwise, look down for hosts.deny. If there is a list in hosts.deny, the machine access in the list is denied. If there is no list in allow and deny, then the host is allowed to access.

In real life, host.allow can also set the "deny" function, so generally only / etc/hosts.allow can be used to control the access of the host.

(1) Host access control

Configure the vsftpd service on the host (192.168.1.102) so that hosts other than 192.168.1.100 are allowed to access this FTP service on the 24 network segment.

The plan is quite simple, edit / etc/hosts.allow

Vsftpd:192.168.1.100:DENY

Vsftpd:192.168.1.

Restarting vsftpd can achieve the purpose of the experiment, and we can complicate the experiment with tcp_wrappers in the experiment.

(2) user access control

Vsftpd has flexible user access control function. In the specific implementation, the user access control of vsftpd is divided into two categories: the first is the traditional user list / etc/vsftpd/ftpusers, which I understand as the system list (that is, the system forbids); the second is the improved user list file / etc/vsftpd/user_list, which I understand as the list I want to prohibit

In order to achieve the second type of list control, it must be in the vsftpd.conf

Userlist_enable=YES

Userlist_deny=YES / / this exists by default, that is, if you don't need to add the system, it also defaults to YES.

Userlist_file=/etc/vsftpd/usrer_list

Through the above simple experiments, the powerful control ability of vsftpd can be achieved.

At this point, I believe you have a deeper understanding of "how Vsftpd+tcp_wrappers controls host and user access". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.