CentOS7 + vsftpd (1) Anonymous, centos7vsftpd Anonymous

CentOS7 + vsftpd (1) Anonymous, centos7vsftpd Anonymous

Anonymous CentOS7 + vsftpd (1)

The establishment of ftp is a basic task. CentOS7 + vsftpd is a relatively easy-to-implement platform, but there are many problems during the construction. This series will be shared with you through four articles.

I. CentOS7

1. The experiment environment is VMware Workstation Pro + CentOS 7 64-bit minimal installation (omitted) (the network adopts bridging mode ).

2. network settings after installation (if the network is not enabled, follow these steps)

[Root @ localhost pub] # ifconfigens33: flags = 4163 <UP, BROADCAST, RUNNING, MULTICAST> mtu 1500 inet 192.168.1.21 netmask 255.255.255.0 broadcast 192.168.1.255 <======================================not enabled network devices, if these IP addresses are not available, run ifup ens33 inet6 fe80: ccbe: f76: f63f: 8270 prefixlen 64 scopeid 0x20 <link> ether 00: 0c: 29: 09: 37: 0a txqueuelen 1000 (Ethernet) RX packets 4721 bytes 426895 (416.8 KiB) RX errors 0 dropped 0 overruns 0 frame 0 TX packets 3090 bytes 384658 (375.6 KiB) TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0 [root @ localhost pub] # ifup ens33 <=========== === ens33 your network device name,

3. Install the VIM Tool

Yum install-y vim

4. Set static IP addresses

[Root @ localhost ~] # Vim/etc/sysconfig/network-scripts/ifcfg-ens33 <==================================== ens33 your network device Name TYPE = EthernetPROXY_METHOD = noneBROWSER_ONLY = noDEFROUTE = Nobody = notes6init = Nobody = stable-privacyNAME = ens33UUID = Nobody = ens33ONBOOT = yes <= ===================== start BOOTPROTO = static static IP address mode: IPADDR = 192.168.1.21 <=================== IPNETMASK = 255.255.255.0 <==================== === subnet mask DNS1 = 192.168.1.1 ======================== DNS1DNS2 = 114.114.114.114 <====== === DNS2GATEWAY = 192.168.1.1 <=============== Gateway

5. Test the network

[root@localhost pub]# ping baidu.comPING baidu.com (123.125.114.144) 56(84) bytes of data.64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=1 ttl=52 time=46.7 ms64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=2 ttl=52 time=48.8 ms64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=3 ttl=52 time=46.6 ms64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=5 ttl=52 time=40.8 ms64 bytes from 123.125.114.144 (123.125.114.144): icmp_seq=6 ttl=52 time=40.9 ms^C--- baidu.com ping statistics ---6 packets transmitted, 5 received, 16% packet loss, time 5023msrtt min/avg/max/mdev = 40.880/44.798/48.869/3.288 ms

Ii. vsftp Installation

1. Install and test on the server

 

[root@localhost ~]# yum install -y vsftpd[root@localhost ~]# systemctl start vsftpd[root@localhost ~]# systemctl enable vsftpdCreated symlink from /etc/systemd/system/multi-user.target.wants/vsftpd.service to /usr/lib/systemd/system/vsftpd.service.[root@localhost ~]# systemctl status vsftpd● vsftpd.service - Vsftpd ftp daemon   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)   Active: active (running) since Thu 2017-10-05 22:36:52 EDT; 50s ago Main PID: 1661 (vsftpd)   CGroup: /system.slice/vsftpd.service           └─1661 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.confOct 05 22:36:52 localhost.localdomain systemd[1]: Starting Vsftpd ftp daemon...Oct 05 22:36:52 localhost.localdomain systemd[1]: Started Vsftpd ftp daemon.Hint: Some lines were ellipsized, use -l to show in full. [root@localhost ~]# yum install -y ftp[root@localhost ~]# ftp 192.168.1.21Connected to 192.168.1.21 (192.168.1.21).220 (vsFTPd 3.0.2)Name (192.168.1.21:root): anonymous331 Please specify the password.Password:230 Login successful.Remote system type is UNIX.Using binary mode to transfer files.ftp> ls227 Entering Passive Mode (192,168,1,21,244,190).150 Here comes the directory listing.drwxr-xr-x    2 0        0               6 Aug 03 06:10 pub226 Directory send OK.ftp> quit221 Goodbye.

 

2. Advanced Settings

The installation in step 1 shows that vsftpd is running on the server and can be accessed on the server. The following settings are used to access a and firewall from the network.

[root@localhost ~]# firewall-cmd --zone=public --add-service=ftp --permanent[root@localhost ~]# firewall-cmd --reload

B. Anonymous User Permissions

[Root @ localhost ~] # Cd/etc/vsftpd/[root @ localhost vsftpd] # lsftpusers user_list vsftpd. conf vsftpd_conf_migrate.sh [root @ localhost vsftpd] # cp vsftpd. conf vsftpd. conf _ 'date + % F' [root @ localhost vsftpd] # lsftpusers vsftpd. conf vsftpd_conf_migrate.shuser_list vsftpd. conf_2017-10-05 [root @ localhost vsftpd] # mkdir/www
[Root @ localhost vsftpd] # mkdir/www/ftp
[Root @ localhost vsftpd] # mkdir/www/ftp/pub
[Root @ localhost vsftpd] # chmod 777/www/ftp/pub <===================== upload directory of the anonymous user account
[Root @ localhost pub] # vim/etc/vsftpd. conf <================== modify the content of this configuration file as follows:
[Root @ localhost pub] # grep-Ev '(^ # \ s. * | ^ # | ^ $)'/etc/vsftpd. conf
Anonymous_enable = YES
Anon_mkdir_write_enable = YES
Anon_root =/www/ftp
Local_enable = YES
Write_enable = YES
Local_umask = 022
Anon_upload_enable = YES
Dirmessage_enable = YES
Xferlog_enable = YES
Connect_from_port_20 = YES
Xferlog_std_format = YES
Listen = YES
Pam_service_name = vsftpd
Userlist_enable = YES
Tcp_wrappers = YES

C. SElinux settings

550 errors are the most common errors in vsftpd, mostly set by SElinux and vsftpd. the conf and FTP directory permissions are caused. It is clear that vsftpd is easy to set. If an error occurs, check the three permissions.

[Root @ localhost ~] # Getsebool-a | grep ftpd <===========================minimize installation of Selinux Level 1 that is ==> Current mode: offline --> offline --> offftpd_connect_db --> offftpd_full_access --> offftpd_use_cifs --> offftpd_use_fusefs --> offftpd_use_nfs --> offftpd_use_passive_mode --> off
[Root @ localhost ~] # Setsebool-P ftpd_full_access on <====================================== enable full ftpd Access Permissions



#===================================================== = If the above still does not work, setenforce 0 can be used to temporarily lower Selinux levels. 0 is equivalent to disabling Selinux ==== possible fault points ====

[Root @ localhost ~] # Setenforce 1 <============================== re-enable Selinux
[Root @ localhost pub] # systemctl restart vsftpd

 

Iii. Key

1. Firewall

2. FTP directory permissions

3. For vsftpd. conf settings, see http://yuanbin.blog.51cto.com/363003/108262/.

4. Selinux level and switch