ProHoster > Блог > izindaba ze-inthanethi > Ukukhishwa kweseva ye-ProFTPD ftp 1.3.8

Ukukhishwa kweseva ye-ProFTPD ftp 1.3.8

Ngemva kweminyaka emibili nengxenye yokuthuthukiswa, ukukhululwa okubalulekile kweseva ye-ftp i-ProFTPD 1.3.8 kushicilelwe, amandla akho okunwebeka nokusebenza, kodwa ubuthakathaka ukuhlonza ngezikhathi ezithile ubungozi obuyingozi. Ngesikhathi esifanayo, ukukhishwa kokulungisa kwe-ProFTPD 1.3.7f kuyatholakala, okuzoba okokugcina ochungechungeni lwe-ProFTPD 1.3.7.

Okuqanjwa okusha kwe-ProFTPD 1.3.8:

  • Kusetshenziswe ukusekelwa komyalo we-FTP CSID (Client/Server ID), ongasetshenziswa ukuthumela ulwazi lokuhlonza isofthiwe yeklayenti kuseva nokuthola impendulo enolwazi lokuhlonza iseva. Isibonelo, iklayenti lingathumela "CSID Name=BSD FTP; Version=7.3" bese lithola impendulo ethi "200 Name=ProFTPD; Version=1.3.8; OS="Ubuntu Linux; OSVer=22.04; CaseSensitive=1; DirSep=/;".
  • Ukuqaliswa kwephrothokholi ye-SFTP kungeze usekelo lwesandiso “sohlu lwasekhaya” ukuze kunwetshwe ~/ and ~user/ paths. Ukuze uyinike amandla, ungasebenzisa isiqondiso "SFTExtensions homeDirectory".
  • Kungezwe ukusekelwa kwama-ciphers e-AES-GCM "aes128-gcm@openssh.com" kanye ne-"aes256-gcm@openssh.com" kuya ku-mod_sftp, kanye nokuzungezisa ukhiye womsingathi ("SFTPOptions NoHostkeyRotation") kusetshenziswa izandiso ze-OpenSSH "hostkeys-00@openssh.com-prove00@openssh.com" kanye ne-"hostkeys.com-proveXNUMX". Usekelo olungeziwe lokunika amandla ama-cipher e-AES GCM kumyalelo we-SFTPCiphers.
  • Kwengezwe inketho ethi "-enable-pcre2" yokwakha ngelabhulali ye-PCRE2 esikhundleni se-PCRE. Ikhono lokukhetha injini yokukhuluma evamile phakathi kwe-PCRE2, i-POSIX ne-PCRE yengezwe kumyalelo we-RegexOptions.
  • Umyalelo we-SFTPHostKeys wengeziwe ukukhombisa ama-algorithms wokhiye wosokhaya anikezwa amaklayenti kumojula ye-mod_sftp.
  • I-Add FactsDefault Direction ukuze ichaze ngokusobala uhlu "lwamaqiniso" azobuyiselwa ngezimpendulo ze-MLSD/MLSD FTP.
  • Kwengezwe umyalelo we-LDAPConnectTimeout ukuze kutholwe ukuphela kwesikhathi sokuxhuma kuseva ye-LDAP.
  • Kungezwe isiqondiso se-ListStyle, esikuvumela ukuthi unike amandla ukuphuma kohlu lokuqukethwe kwesikhombisi ngesitayela Windows.
  • Umyalelo we-RedisLogFormatExtra usetshenziswe ukuze wengeze okhiye bakho namanani elogu le-JSON elifakwe yi-RedisLogOnCommand kanye ne-RedisLogOnEvent.
  • Ipharamitha ye-MaxLoginAttemptsFromUser ingeziwe kumyalelo we-BanOnEvent ukuvimba inhlanganisela ethile yabasebenzisi kanye Amakheli e-IP.
  • Ukusekelwa kwe-TLS kwengezwe kumyalelo we-RedisSentinel lapho kuxhunywa ku-Redis DBMS. Umyalelo we-RedisServer manje usekela i-syntax yomyalo eguquliwe ye-AUTH esetshenziswe kusukela ku-Redis 6.x.
  • Ukwesekwa okwengeziwe kwe-ETM (Encrypt-Then-MAC) kuma-hashes kuya kumyalelo we-SFTPDigests.
  • Ifulegi le-ReusePort lengezwe kumyalelo we-SocketOptions ukuze kunikwe amandla imodi yesokhethi ye-SO_REUSEPORT.
  • Ifulegi le-AllowSymlinkUpload lengeziwe kusiqondiso se-TransferOptions ukuze kubuyiselwe amandla okulayisha kuzixhumanisi ezingokomfanekiso.
  • Kwengezwe usekelo lwe-algorithm yokushintsha ukhiye "curve448-sha512" kumyalelo we-SFTPKeyExchanges.
  • Ikhono lokushintsha amafayela engeziwe kumathebula okuvumela/ukuphika lengezwe kumojula ye-mod_wrap2.
  • Inani elizenzakalelayo lepharamitha ye-FSCachePolicy iguqulelwe kokuthi "cishiwe".
  • Imojuli ye-mod_sftp iguqulelwe ukuze isetshenziswe nelabhulali ye-OpenSSL 3.x.
  • Ukwesekwa okwengeziwe kokwakha ngomtapo wolwazi we-libidn2 ukuze kusetshenziswe emhlabeni wonke amagama esizinda (IDN).
  • Kumsebenzi we-ftpasswd, i-algorithm ezenzakalelayo yokukhiqiza ama-hashi ephasiwedi yi-SHA256 esikhundleni se-MD5.

Source: opennet.ru

Thenga ukusingathwa okuthembekile kwamasayithi anokuvikelwa kwe-DDoS, amaseva e-VPS VDS 🔥 Thenga ukusingathwa kwewebhusayithi okuthembekile ngokuvikelwa kwe-DDoS, amaseva e-VPS VDS | ProHoster