F-Secure Internet Gatekeeper for Linux/Administrator’s Guide
53
Quarantine
Quarantine(keep)
(quarantine)
Quarantines viruses. The viruses are quarantined in the directory that you can set in
Quarantine directory
under “Common settings”.
Specify this setting only if sufficient disk space is available.
Defining parent server by user
User Selective Parent
(self_proxy)
Allows the client to select the FTP server.
The user can specify the FTP server from the FTP client by specifying their user name in the
format <user name>@<FTP server name> (or <user name>#<FTP server name>).
FTP user restriction
PAM-based Account verification
(proxyauth_pam_account)
Restricts which users can connect.
Authentication is performed using PAMs (Pluggable Authentication Modules). You can change
the authentication method in the /etc/pam.d/fsigk_ftp file.
For more information, see "
Proxy authentication using Internet Gatekeeper
", 102.
Add or remove users
User DB
Edits the database of users who are permitted to connect. You can add, delete, and modify
users. The FTP service uses the user database only to check user names. Because the FTP
server performs password authentication, the password in the user database is not used.
Maximum number of simultaneous connections
Maximum connections
(pre_spawn)
Specifies the maximum number of simultaneous connections from clients. The specified
number of processes listen for connections from clients.
You can check the number of connections used in “Internal process ID” in the access log
(access.log).
■
If you increase the value of this setting, the number of simultaneous connections is
increased, but it requires more memory. Approximately 500 KB of memory is used per
process.
■
A warning is output to the error log if the maximum number of connections is reached.
■
We recommend that you set an initial value of approximately 10 and then monitor the
performance. The setting is usually set to a value of less than 50. (The setting itself
permits values up to 9999.)
)
Access control
Access Control
From these hosts
From:
(acl_from)
Only accepts connections from the designated list of hosts.
If you have enabled
DNS Reverse Lookup
, you can also specify <host name>.<domain
name>.
For examples, see “
Access Control
”, 65.
If you edit the
From these hosts
setting by using the web console, the ftp from
field is updated in /opt/f-secure/fsigk/conf/hosts.allow.
To these hosts