FreeBSD6.1入门级Web服务器配置手记(5)

ftp stream tcp nowait root /usr/local/sbin/pure-ftpd pure-ftpd -A -b -c50 -C2 -D -E -fftp -H -i -I15 -lmysql:/usr/local/etc/pureftpd-mysql.conf -m4 -s -u100 -j -k99 -Z -4

如果以standalone（独立进程）方式运行


QUOTE:
# ee /usr/local/etc/rc.d/pure-ftpd.sh




[Copy to clipboard] [ - ]CODE:
#!/bin/sh
case "$1" in
start)
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
echo ‘pure-ftpd started!’
echo ‘’
;;
stop)
killall pure-ftpd
echo ‘pure-ftpd stopped!’
echo ‘’
;;
restart)
killall pure-ftpd
/usr/local/sbin/pure-config.pl /usr/local/etc/pure-ftpd.conf
echo ‘pure-ftpd restarted!’
echo ‘’
;;
*)
echo ‘Usage: {start|stop|restart}’ >&2
exit 64
;;
esac
exit 0




QUOTE:
# chmod u+x /usr/local/etc/rc.d/pure-ftpd.sh
# ee /etc/rc.conf




[Copy to clipboard] [ - ]CODE:
pure-ftpd_enable=”YES”

安装配置pureftpdadmin


QUOTE:
# mount /cdrom
# cp –R /cdrom/pureftpdadmin /usr/www/pureftpdadmin
# ee /usr/www/pureftpdadmin/pureftp.config.php




[Copy to clipboard] [ - ]CODE:
$PUREFTP_CONFIG_FILE = '/usr/local/etc/pureftpd-mysql.conf';
$DefaultUser = "ftpadmin";
$DefaultPass = "adminpassword";




QUOTE:
# ee /usr/www/pureftpdadmin/goodies/Quota_Checker.php




[Copy to clipboard] [ - ]CODE:
$PUREFTP_CONFIG_FILE = '/usr/local/etc/pureftpd-mysql.conf';




QUOTE:
# chmod 755 /usr/local/sbin/pure-ftpwho
# chmod ug+s /usr/local/sbin/pure-ftpwho

设置pureftpdadmin安全


QUOTE:
# ee /usr/local/etc/apache22/httpd.conf




[Copy to clipboard] [ - ]CODE:
<Directory "/usr/www/pureftpdadmin">
deny from all
Options None
AllowOverride AuthConfig
Order deny,allow
</Directory>




QUOTE:
# ee /usr/www/pureftpdadmin/.htaccess




[Copy to clipboard] [ - ]CODE:
AuthType Basic
AuthUserFile /usr/local/ftpadmin.pwd
AuthName “操作前请登录”
require valid-user
satisfy any




QUOTE:
# htpasswd -bc /usr/local/ftpadmin.pwd ftpadmin adminpassword

系统安全

防火墙IPFW

启用防火墙


QUOTE:
# ee /etc/rc.conf




[Copy to clipboard] [ - ]CODE:
firewall_enable="YES"
firewall_type="open"
firewall_script="/etc/ipfw.rules"
firewall_logging="YES"




QUOTE:
# ee /etc/sysctl.conf




[Copy to clipboard] [ - ]CODE:
net.inet.ip.fw.verbose=1
net.inet.ip.fw.verbose_limit=5

编辑防火墙规则


QUOTE:
# ee /etc/ipfw.rules




[Copy to clipboard] [ - ]CODE:
# 具体语法请参考http://cnsnap.cn.freebsd.org/doc/zh_CN.GB2312/books/handbook/firewalls-ipfw.html
#
##################
#启动时重载规则列表#
##################
ipfw -q -f flush
#
#############
#设置命令前缀#
#############
cmd="ipfw -q add"
#
#############
#设置DNS地址#
#############
dns="192.168.163.2"
#
################
#公网网卡界面名称#
################
pif="lnc0"
#
################
#不限制loopback#
################
$cmd 00100 allow all from any to any via lo0
#
###############
#允许自定义规则#
###############
$cmd 00200 check-state
#
###############
#允许与DNS通讯#
###############
$cmd 00300 allow tcp from any to $dns 53 out via $pif keep-state
$cmd 00400 allow udp from any to $dna 53 out via $pif keep-state
#
#####################################################
#允许http连接（limit src-addr意为限制同一地址连接数量）#
#####################################################
$cmd 00500 allow tcp from any to any 80 out via $pif setup keep-state
$cmd 00600 allow tcp from any to me 80 in via $pif setup limit src-addr 10
#
######################################################
#允许https连接（limit src-addr意为限制同一地址连接数量）#
######################################################
$cmd 00700 allow tcp from any to any 443 out via $pif setup keep-state
$cmd 00800 allow tcp from any to me 443 in via $pif setup limit src-addr 10
#
#######################################################