# To prevent DoS attacks, set the maximum number of child processes
# to 30. If you need to allow more than 30 concurrent connections
# at once, simply increase this value. Note that this ONLY works
# in standalone mode, in inetd mode you should use an inetd server
# that allows you to limit maximum number of processes per service
# (such as xinetd)
MaxInstances 30
# Set the user and group that the server normally runs at.
User nobody
Group nobody
# Normally, we want files to be overwriteable.
<Directory /*>
AllowOverwrite on
</Directory>
# A basic anonymous configuration, no upload directories.
<Anonymous ~ftp>
User ftp
Group ftp
# We want clients to be able to login with "anonymous" as well as "ftp"
UserAlias anonymous ftp
# Limit the maximum number of anonymous logins
MaxClients 10
# We want 'welcome.msg' displayed at login, and '.message' displayed
# in each newly chdired directory.
DisplayLogin welcome.msg
DisplayFirstChdir .message
# Limit WRITE everywhere in the anonymous chroot
<Limit READ>
AllowAll
</Limit>
<Limit WRITE>
DenyAll
</Limit>
</Anonymous>
<Anonymous ~>
AnonRequirePassword on
User %U
Group ftp
RequireValidShell off
<Limit READ WRITE>
AllowAll
</Limit>
</Anonymous>
3.4.2 配置sshd
采用SSH公钥和私钥方式验证
#cd /etc/sshd
#ssh-keygen
(生成root帐号SSH公钥和私钥,位于/root/.shh目录中)
Generating public/private rsa1 key pair.
Enter file in which to save the key (/root/.ssh/identity):(回车键)
Enter passphrase (empty for no passphrase):(输入私钥)
Enter same passphrase again:(重输)
#vi /etc/ssh/sshd_config
增加下列两项设置如下:
AllowHosts *.zist.edu.cn 192.168.1.*
AllowGroups root qxh
设置为系统自启动的standalone服务进程:
#cd /etc/rc.d/init.d
#chkconfig --level 345 sshd on
You can customize your firewall in two ways. First, you can select to x
x allow all traffic from certain network interfaces. Second, you can allow x
x certain protocols explicitly through the firewall. Specify additional x
x ports in the form 'service:protocol', such as 'imap:tcp'. x
x x
x Trusted Devices:
eth0 x
x x
x Allow incoming:
[ ] DHCP
SSH
[ ] Telnet x
x
WWW
(HTTP) [ ] Mail (SMTP)
FTP x
x Other ports _________________________ x
x x
x x
x x OK x x
x x
x x
x
设置完成选择“ok”退出
设置启动服务程序:
进入"System services",设置xinetd程序启动的服务选项:把
3.3.2 配置proftp
#cd /usr/local/proftp/etc/
#vi proftp.conf
配置如下:
# This is a basic ProFTPD configuration file
(rename it to
# 'proftpd.conf' for actual use. It establishes a single server
# and a single anonymous login. It assumes that you have a user/group
# "nobody" and "ftp" for normal operation and anon.
ServerName "ProFTPD Default Installation"
ServerType standalone
DefaultServer on
# Port 21 is the standard FTP port.
Port 21
# Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable.
Umask 022