16. File transfer protocol, vsftpd service

Want to make APP Same thing as WeChat , Can run small programs smoothly ？ | Experience will send you to Xinjiang 、 Huawei 、 Cherry keyboard ！>>>

SELinux Security subsystem

• Three models ：
  • enforcing： Force security policy mode on , Illegal requests for services will be blocked .
  • permissive： In case of unauthorized access to the service , Just give a warning and not force intercept .
  • disabled： Don't warn or intercept ultra vires .
• getenforce- Get the current SELinux The mode of operation of the service
• setenforce0 / 1 - temporary modify SELinux Current operating mode （0 To disable ,1 To enable ）
• semanage<options>__<file>- management SELinux The strategy of
  • [-l] - Inquire about ;
  • [-a] - add to ;
  • [-m] - modify ;
  • [-d] - Delete
• restorecon- Will set up SELinux The security context takes effect immediately

File transfer protocol （FTP）

• Package: vsftpd, ftp
• Working mode
  • Active mode ：FTP The server initiates the connection request to the client
  • Passive mode ：FTP The server waits for the client to initiate a connection request （FTP The default working mode of ）
  • systemctl enable_<serviceName>_ Application configuration

vsftpd Working mode

• Anonymous open mode （ unsafe ）【 Anonymous users ：anonymous】
• Local user mode
• Virtual user mode （ Security , But the configuration is complicated , Want to use PAM）
• -6 Use IPv6 agreement

Simple file transfer protocol （TFTP）

• Package: tftp_server, tftp

TFTP Service is to use xinetd Service program to manage .xinetd Services can be used to manage a variety of lightweight network services , And it has powerful log function . Simply speaking , In the installation TFTP After the package , Still need to be in xinetd Open it in the service program , Disable by default （disable） Parameter is modified as no

TFTP The command function of is not as good as FTP Powerful service , You can't even traverse directories , It's also less secure than FTP service . and , because TFTP When transferring files, we use UDP agreement , The port number occupied is 69, So the file transfer process is not like FTP The agreement is so reliable . however , because TFTP There is no need for client authentication , It also reduces unnecessary system and network bandwidth consumption , So the transmission is trivial （trivial） Small documents , More efficient .