I-ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kweseva ye-ProFTPD ftp 1.3.8

Ukukhishwa kweseva ye-ProFTPD ftp 1.3.8

Ngemva kweminyaka emibili nengxenye yokuthuthukiswa, ukukhululwa okubalulekile kweseva ye-ftp i-ProFTPD 1.3.8 kushicilelwe, amandla akho okunwebeka nokusebenza, kodwa ubuthakathaka ukuhlonza ngezikhathi ezithile ubungozi obuyingozi. Ngesikhathi esifanayo, ukukhishwa kokulungisa kwe-ProFTPD 1.3.7f kuyatholakala, okuzoba okokugcina ochungechungeni lwe-ProFTPD 1.3.7.

Okuqanjwa okusha kwe-ProFTPD 1.3.8:

  • Usekelo lomyalo we-CSID (I-ID Yeklayenti/Iseva) seluqalisiwe, olungasetshenziswa ukuthumela ulwazi ukuhlonza isofthiwe yeklayenti kuseva nokuthola impendulo enolwazi lokuhlonza iseva. Ngokwesibonelo, iklayenti lingase lithumele “CSID Name=BSD FTP; Inguqulo=7.3" futhi yamukele ngempendulo ethi "200 Name=ProFTPD; Inguqulo=1.3.8; OS=Ubuntu Linux; OSVer=22.04; I-CaseSensitive=1; DirSep=/;".
  • Ukuqaliswa kwephrothokholi ye-SFTP kungeze usekelo lwesandiso “sohlu lwasekhaya” ukuze kunwetshwe ~/ and ~user/ paths. Ukuze uyinike amandla, ungasebenzisa isiqondiso "SFTExtensions homeDirectory".
  • Kwengezwe ukusekelwa kwamaciphers e-AES-GCM ku-mod_sftp "[i-imeyili ivikelwe]"Futhi"[i-imeyili ivikelwe]", kanye nokuzungezisa ukhiye wokusingatha ("Izinketho ze-SFTPO NoHostkeyRotation") kusetshenziswa izandiso ze-OpenSSH "[i-imeyili ivikelwe]"Futhi"[i-imeyili ivikelwe]" Usekelo olungeziwe lokunika amandla ama-cipher e-AES GCM kumyalelo we-SFTPCiphers.
  • Kwengezwe inketho ethi "-enable-pcre2" yokwakha ngelabhulali ye-PCRE2 esikhundleni se-PCRE. Ikhono lokukhetha injini yokukhuluma evamile phakathi kwe-PCRE2, i-POSIX ne-PCRE yengezwe kumyalelo we-RegexOptions.
  • Umyalelo we-SFTPHostKeys wengeziwe ukukhombisa ama-algorithms wokhiye wosokhaya anikezwa amaklayenti kumojula ye-mod_sftp.
  • I-Add FactsDefault Direction ukuze ichaze ngokusobala uhlu "lwamaqiniso" azobuyiselwa ngezimpendulo ze-MLSD/MLSD FTP.
  • Kwengezwe umyalelo we-LDAPConnectTimeout ukuze kutholwe ukuphela kwesikhathi sokuxhuma kuseva ye-LDAP.
  • Kwengezwe umhlahlandlela we-ListStyle ukuze unike amandla ukufakwa kuhlu kwesitayela se-Windows kokuqukethwe kohla lwemibhalo.
  • Umyalelo we-RedisLogFormatExtra usetshenziswe ukuze wengeze okhiye bakho namanani elogu le-JSON elifakwe yi-RedisLogOnCommand kanye ne-RedisLogOnEvent.
  • Ipharamitha ye-MaxLoginAttemptsFromUser yengezwe kumyalelo we-BanOnEvent ukuze kuvinjwe izinhlanganisela ezithile zabasebenzisi namakheli e-IP.
  • Ukusekelwa kwe-TLS kwengezwe kumyalelo we-RedisSentinel lapho kuxhunywa ku-Redis DBMS. Umyalelo we-RedisServer manje usekela i-syntax yomyalo eguquliwe ye-AUTH esetshenziswe kusukela ku-Redis 6.x.
  • Ukwesekwa okwengeziwe kwe-ETM (Encrypt-Then-MAC) kuma-hashes kuya kumyalelo we-SFTPDigests.
  • Ifulegi le-ReusePort lengezwe kumyalelo we-SocketOptions ukuze kunikwe amandla imodi yesokhethi ye-SO_REUSEPORT.
  • Ifulegi le-AllowSymlinkUpload lengeziwe kusiqondiso se-TransferOptions ukuze kubuyiselwe amandla okulayisha kuzixhumanisi ezingokomfanekiso.
  • Kwengezwe usekelo lwe-algorithm yokushintsha ukhiye "curve448-sha512" kumyalelo we-SFTPKeyExchanges.
  • Ikhono lokushintsha amafayela engeziwe kumathebula okuvumela/ukuphika lengezwe kumojula ye-mod_wrap2.
  • Inani elizenzakalelayo lepharamitha ye-FSCachePolicy iguqulelwe kokuthi "cishiwe".
  • Imojuli ye-mod_sftp iguqulelwe ukuze isetshenziswe nelabhulali ye-OpenSSL 3.x.
  • Kwengezwe usekelo lokwakha ngomtapo wezincwadi we-libidn2 ukuze kusetshenziswe Amagama Esizinda Samazwe Ngamazwe (IDN).
  • Kumsebenzi we-ftpasswd, i-algorithm ezenzakalelayo yokukhiqiza ama-hashi ephasiwedi yi-SHA256 esikhundleni se-MD5.

Source: opennet.ru

Engeza amazwana