Centos 6.2 vsftpd Server Installation (switch)

Install vsftpd server in centos 6.2

My centos 6.2 is installed in the hyper-V Virtual Machine of win 2008 R2 server.
Centos is installed on a CD. It is installed in minimal mode. After installation, use Putty to log on to SSH and then use
# Yum Update-y
Upgrade to the latest version. Now we will install vsftp and configure it in real time. I hope it will be helpful to you.
The FTP server is installed for internal users to upload files through FTP. Anonymous Users and virtual users are not set for the moment.

1. Install
Use chkconfig -- list to check whether the vsftpd service is installed or use rpm-Qa | grep FTP to check whether the vsftpd service is installed. The system is Mini and no FTP is installed.

Server.
Use the yum command to directly install:
Yum-y install vsftpd
Then create a log file for it:
Touch/var/log/vsftpd. Log

In this way, the installation of vsftp is completed with two simple commands. However, if you want to access the ftp: // your_ip, you still need to configure permissions!

2. Start and configure auto-start
Use chkconfig -- list to view the startup items of the vsftpd service;
If the following result is displayed:
Vsftpd 0: off 1: off 2: off 3: off 4: off 5: off 6: Off
All services are off. Note that off indicates whether the service will be started automatically when the server is started. We use the following command to configure its own startup:
Chkconfig -- level 235 vsftpd on #2345 corresponds to the above 0-6 items

To view and manage the FTP service, run the following command:
Start FTP service: Service vsftpd start
View FTP service status: Service vsftpd status
Restart the FTP service: Service vsftpd restart
Disable ftp service: Service vsftpd stop

3. Configure the vsftp Service
Edit the/etc/vsftpd. conf file and configure the vsftp service:
# Vi/etc/vsftpd. conf
3.1 Edit and modify the following items:
Anonymous_enable = No # Set that anonymous access is not allowed
Local_enable = yes # Set the local user to access. Note: If a virtual host user is used, all virtual users cannot access the project if the project is set to No.
Chroot_list_enable = yes # prevents the user from leaving the main directory

Modify these options for the moment. For more settings and usage, please use Baidu.

4. Start vsftpd
Service vsftpd start

Use netstat-Tl to check whether the ftp port is listening.

5. Check SELinux settings

Centos is installed with SELinux to enhance security. Now, if you log on to FTP using a user account, you will be prompted that you cannot switch to the user directory.
Run the following command to check SELinux settings:
# Getsebool-A | grep FTP
Allow_ftpd_anon_write --> off
Allow_ftpd_full_access --> off
Allow_ftpd_use_cifs --> off
Allow_ftpd_use_nfs --> off
Ftp_home_dir --> off
Ftpd_connect_db --> off
Ftpd_use_passive_mode --> off
Httpd_enable_ftp_server --> off
Tftp_anon_write --> off

The default value is off. To enable the local user to log on to the FTP directory normally, run:

# Setsebool-P ftp_home_dir on

You can also edit the/etc/SELinux/config file to modify different security levels. However, this operation is not recommended.

You can use the getsebool-A | grep FTP command to check whether it is set.

Now, close the firewall to see if the FTP server is working properly.
# Service iptables stop
Connect to FTP and check whether it works properly.
Next we will set up a tricky firewall.

6. Set iptables Firewall
The FTP server has been started. Of course, you need to set up a firewall to enable ftp. (Closing the firewall is also a way, but it is strongly recommended not to do so)

By default, iptables of the newly installed system disables all ports (except port 22 of SSH). After an access policy is set, FTP cannot be accessed normally in most cases.

There are two active and passive connection modes for FTP. If you add less policies, problems will occur.

6.1 first load:
# Modprobe ip_conntrack_ftp
# Modprobe ip_nat_ftp

6.2 then load the iptables Policy
# Iptables-A output-M state -- state related, established-J accept
# Iptables-A input-M state -- state related, established-J accept
# Iptables-I input-P TCP -- dport 21-J accept
# Iptables-I output-P TCP -- dport 21-J accept

After setting these rules, ftp should be able to access (log in with an account and a prompt will appear that the user directory cannot be switched. This problem must be solved in step 1 ).
These iptables rule settings are not saved after the system restarts. To ensure that these settings are made at each start, follow these steps:
Edit the iptables configuration file
# Vi/etc/sysconfig/iptables-config
Iptables_modules = "" changed:
Iptables_modules = "ip_conntrack_ftp ip_nat_ftp"

If a module exists, you only need to add ip_conntrack_ftp ip_nat_ftp to the end of the original module and use spaces for separation.

Restart iptables
# Service iptables restart

Add iptable rules:
Iptables-A output-M state -- state related, established-J accept
Iptables-A input-M state -- state related, established-J accept
Iptables-I input-P TCP -- dport 21-J accept
Iptables-I output-P TCP -- dport 21-J accept

Use another computer to connect to the FTP for testing. Normally, save the rules to iptables.

# Service iptables save

You can also edit the iptables rule file and add

Edit the/etc/sysconfig/iptales File

Added:

-A output-M state -- state related, established-J accept
-A input-M state -- state related, established-J accept
-I input-P TCP -- dport 21-J accept
-I output-P TCP -- dport 21-J accept

 

 

Now, you can use an FTP program to access centos. For the moment, the Internet Explorer is not tested to access FTP. It will be tested later.

Centos 6.2 vsftpd Server Installation (switch)