Configure the vsftpd server in RedHat Linux

FTP Server

1. share files between Linux and other machines (install FTP in Linux)

2. installation steps:

A) first check whether my redhat5 has been installed

Rpm-Qa | grep vsftpd

B) view the service running status;

Service iptables status

C)InstallIf no installation is available, select a method for installation.

I. You can download it from the official website.
Http://vsftpd.beasts.org
You can also install it on a CD, which is included in the RedHat 5 security disk.

II. (1) Attach the disc to the system first:
Mount/dev/CDROM/mnt
In this way, the content of the CD is mounted to the/mnt device, and now the content on the CD can be accessed through/MNT.

III .. enter the CD, find the installation package, CD/mnt/Packages

Iv. 4. Find the installation package vsftp-0.17-17.i386.rpm

V. 5. Installation Program, rpm-IVH vsftp-0.17-17.i386.rpm

Vi. Then rpm-Qa | grep vsftpd check for installation (rpm-IVH vsftp-0.17-17.i386.rpm appears indicating installation is complete)

3. The command for starting and disabling the FTP service is service vsftpd strat/Stop/restart.

4. Default FTP server command:

A) Start: Service vsftpd start (the D at the end of vsftpd indicates a process in the background)

B) Logon: ftp localhost

C) Exit: Bye

5. Linux IP address query (ifconfig)

6. After VMware is installed, there will be three connections, two of which are virtual (also used for Windows), and the virtual Nic is also virtual, as long as the NIC is placed, any CIDR block can be connected.

7. Ping Linux in windows. If a firewall is installed in Linux, Ping is not allowed. By default, a firewall is installed in Linux, and the firewall also blocks the FTP server.

The solution is to open the port or disable the firewall.

8. Disable the firewall: Service iptables stop

9. If you do not know whether to allow or not, you can view the main FTP configuration file:

Vsftpd. conf under/etc/vsftpd

In Linux, most of them have a configuration file.

10,Vsftp configuration file

A)/etc/vsftpd. conf ---------- main configuration file

B)/etc/rc. d/init. d/vsftpd ---------- start the script

C)/etc/PAM. d/vsftpd ----------- PAM Authentication file (the file =/etc/vsftpd/ftpusers field in this file indicates that the user blocking access is from the/etc/vsftpd/ftpusers file)

D)/etc/vsftpd/ftpusers ------------- disable vsftpd user list files. Record the user name list that is not allowed to access the FTP server. The administrator can record some user accounts that are threatening system security in this file, this prevents the user from getting the right to upload or download more after logging on from ftp, which may cause damage to the system.

E)/etc/vsftpd/user_list ------------- disable or allow vsftpd user list files. The Default User information specified in this file (in/etc/vsftpd. if userlist_deny = yes is set in Conf, the FTP server cannot be accessed. When userlist_deny = No is set, only the user specified in user_list can access the FTP server.

F)/var/FTP --------------------------- anonymous user home directory; local user home directory:/home/user home directory, that is, log on to your home directory

G)/var/FTP/pub ---------------------- download directory for anonymous users. The root chmod 1777 pub must be authorized for this directory (1 is a special permission so that it cannot be deleted after upload)

H)/etc/logrotate. d/vsftpd. log --- vsftpd Log File

11. The following describes the main configuration files:

# Example config file/etc/vsftpd. conf

# Thedefault compiled in settings are fairly paranoid. This sample file

# Loosens things up a bit, to make the FTP daemon more usable.

# Please see vsftpd. CONF.5 forall compiled in defaults.

# Readthis: This example file is not an exhaustive list of vsftpd options.

# Please read the vsftpd. CONF.5 manualpage to get a full idea of vsftpd's

# Capabilities.

# Allow Anonymous FTP? (Beware-allowed by default if you comment this out ).

ØAnonymous_enable = Yes(Whether anonymous logon to the FTP server is allowed. The default value is yes. That is, you can use the username FTP or anonymous to log on to the FTP server. The password is the user's e-mail address. If anonymous access is not allowed, remove the front # and set it to No)

# Uncomment this to allow local users to log in.

ØLocal_enable = Yes(Whether to allow a local user (that is, a user account in Linux) to log on to the FTP server. The default value is yes. After a local user logs on, the user's home directory is displayed, after anonymous users log on, they enter the download directory/var/FTP/pub of anonymous users. If only anonymous users are allowed to access the FTP server, add # above to prevent local users from accessing the FTP server .)

# Uncomment this to enable any form of FTP write command.

ØWrite_enable = Yes(Whether to allow local users to write FTP server files. The default value is yes)

# Default umask for local users is 077. You may wish to change this to 022,

# Ifyour users CT that (022 is used by most other ftpd's)

Ø# Local_umask = 022(For other values, set the local user's file mask to the default value of 022. You can also set it to another value based on your preferences. The default value is 077)

# Uncomment this to allow the anonymous FTP user to upload files. This only

# Hasan effect if the above global write enable is activated. Also, you will

# Obviously need to create a Directory Writable By the FTP user.

Ø# Anon_upload_enable = Yes(Whether anonymous users are allowed to upload filesWrite_enable = Yes, Yes by default)

# Uncomment this if you want the anonymous FTP user to be able to create

# Newdirectories.

Ø# Anon_mkdir_write_enable = Yes(Whether anonymous users are allowed to create new folders. The default value is yes)

# Activate directory messages-messages given to remote users when they

# Gointo a certain directory.

Ø# Dirmessage_enable = Yes(Whether to activate the directory welcome information function. When you access a directory on the server for the first time in cmd mode, the FTP server displays the welcome information. By default, the welcome information is in this directory. message file, which stores custom welcome information and is created by the user)

# Activate logging of uploads/downloads.

ØXferlog_enable = Yes(Default value: No. If this option is enabled, the system will maintain a log file that records server uploads and downloads. The default value is/var/log/vsftpd. log, you can also set it through the xferlog_file option below .)

# Makesure port transfer connections originate from Port 20 (ftp-data ).

ØConnect_from_port_20 = Yes(Set the FTP server to enable the FTP data port connection request, ftp-data transmission, and 21 as the connection control port)

# Ifyou want, you can arrange for uploaded anonymous files to be owned

# Adifferent user. Note! Using "root" for uploaded files is not

# Recommended! -Note: it is not recommended to use the root user to upload files.

Ø# Chown_uploads = Yes(Set whether the owner of the uploaded file can be changed and used with the following configuration item)

Ø# Chown_username = whoeveR (set the owner of the file to be uploaded. If necessary, enter a system user name. For example, you can change all uploaded files to the root owner. Whoever: Anyone)

# Youmay override where the log file goes if you like. The default is shown

# Below.

Ø# Xferlog_file =/var/log/vsftpd. Log(Set the log file for system maintenance record uploading and downloading on the FTP server./var/log/vsftpd. log is the default one. You can also set another one)

# Ifyou want, you can have your log file in standard ftpd xferlog format

Ø# Xferlog_std_format = Yes(If this option is enabled, the transferred log file is written in the standard xferlog format. The default log file format is/var/log/xferlog, you can also set it using the xferlog_file option. The default value is no)

Ø# Dual_log_enable(If this option is added and enabled, two similar log files are generated, which are in the/var/log/xferlog and/var/log/vsftpd. Log directories by default. The former is a transfer log of the wu_ftpd type, which can be analyzed using a standard log tool; the latter is a log of the vsftpd type)

Ø# Syslog_enable(If this option is added and enabled, logs originally exported to/var/log/vsftpd. log will be output to system logs)

# Youmay change the default value for timing out an idle session.

Ø# Idle_session_timeout = 600(Set the data transmission interruption interval. This statement indicates that the idle user session interruption time is 600 seconds. That is, after the data transmission is completed, the user's connection time to the FTP server should not exceed 600 seconds, you can modify the value according to the actual situation)

# Youmay change the default value for timing out a data connection.

Ø# Data_connection_timeout = 120(Set the data connection timeout value. This statement indicates that the data connection timeout value is 120 seconds. You can modify the value based on the actual situation)

# Itis recommended that you define on your system a unique user which

# Ftpserver can use as a totally isolated and unprivileged user.

Ø# Nopriv_user = ft1_cure(Non-privileged system users required to run vsftpd. The default value is nobody)

# Enable this and the server will recognize asynchronous Abor requests. Not

# Recommended for Security (the code is non-trivial). Not enabling it,

# However, may confuse older FTP clients.

Ø# Async_abor_enable = Yes(If ftpclient issues the "async Abor" command, this setting must be enabled. Generally, this setting is not safe, so it is usually canceled)

# Bydefault the server will pretend to allow ASCII mode but in fact ignore

# Therequest. Turn on the below options to have the server actually do ASCII

# Mangling on files when in ASCII mode.

# Beware that on some FTP servers, ASCII support allows a Denial of Service

# Attack (DOS) via the command "size/big/file" in ASCII mode. vsftpd

# Predicted this attack and has always been safe, reporting the size of

# Rawfile.

# ASCII mangling is a horrible feature of the Protocol.

Ø# Ascii_upload_enable = Yes(Most FTP servers transmit data in ASCII mode. You can use ASCII mode to upload and download files by removing)

Ø# Ascii_download_enable = Yes(Remove # to download files in ASCII mode)

# Youmay fully customise the login banner string:

Ø# Ftpd_banner = welcome to blah FTP service.(Remove the welcome information that can be set to display when you log on to the FTP server. You can modify the welcome information after =. In addition, if you create a file named. Message under the directory where you want to set and change the welcome information, and write the welcome information to save it, the custom welcome information will be displayed when you enter this directory)

# Youmay specify a file of disallowed anonymous e-mail addresses. Apparently

# Useful for combatting certain DoS attacks.

Ø# Deny_email_enable = Yes(Some special email addresses can be blocked. If you use anonymous to log on to the server, you are required to enter the password, that is, your email address. If you hate some email addresses, you can use this setting to cancel the logon permission, but must work with the following settings)

# (Default follows)

Ø# Banned_email_file =/etc/vsftpd/banned_emails(When the preceding deny_email_enable = yes, you can use this setting to specify that the email address cannot be used to log on to the vsftpd server. This file must be created by the user and one email address line is required! )

# Youmay specify an explicit list of local users to chroot () to their home

# Directory. If chroot_local_user is yes, then this list becomes a list

# Users to not chroot ().

Ø# Chroot_list_enable = Yes(When set to no, the user has the permission to access files other than his directory after logging on to the FTP server. When set to yes, the user is locked in his/her home directory, vsftpd searches for the chroot_list file in the location of the value of the chroot_list_file option below. This file needs to be created by the user, and users that need to be locked in their home directory should be included in the file, with one user per line)

# (Default follows)

Ø# Chroot_list_file =/etc/vsftpd/chroot_list(This file must be created by yourself. Users listed in this file cannot switch to a directory other than their own directory after logon, the FTP server automatically redirects chrooted to the Home Directory of the user, so that the user in the chroot_list file cannot be transferred to the FTP home directory of other users at will, this facilitates FTP server security management and privacy protection)

# Youmay activate the "-R" option to the builtin ls. This is disabled

# Default to avoid remote users being able to cause excessive I/O on large

# Sites. However, some broken FTP clients such as "ncftp" and "mirror" assume

# Thepresence of the "-R" option, so there is a strong case for enablingit.

Ø# Ls_recurse_enable = Yes (Whether recursive query is allowed. This option is enabled on the FTP server of a large site to facilitate remote user query.)

# When "listen" directive is enabled, vsftpd runs in standalone mode and

# Listens on IPv4 Sockets. This directive cannot be used in Conjunction

# Withthe listen_ipv6 directive.

ØListen = Yes(If set to yes, vsftpd runs in standalone mode. vsftpd listens to and processes connection requests by itself)

# Thisdirective enables listening on IPv6 Sockets. To listen on IPv4 and IPv6

# Sockets, you must run two copies of vsftpd whith two configuration files.

# Makesure, that one of the listen options is commented !!

Ø# Listen_ipv6 = Yes(Set whether IPv6 is supported)

Ø# Pam_service_name = vsftpd(Set the configuration file name used by the authentication service provided by the PAM plug-in module, that is,/etc/PAM. d/vsftpd file. The file =/etc/vsftpd/ftpusers field in this file indicates that the account content that the PAM module can resist comes from the file/etc/vsftpd/ftpusers)

Ø# Userlist_enable = yes/no(The default value of this option is no. In this case, users in the ftpusers file are prohibited from logging on to the FTP server. If this parameter is set to yes, users in the user_list file are allowed to log on to the FTP server, if userlist_deny = yes is set at the same time, the user in the user_list file will not be allowed to log on to the FTP server, or even enter the password prompt information, which is directly rejected by the FTP server)

Ø# Userlist_deny = yes/no(This option is yes by default and sets whether to block users in the user_list file from logging on to the FTP server)

ØTcp_wrappers = Yes(This indicates that the server uses TCP_WRAPPERS as the host access control method. TCP_WRAPPERS can implement host address-Based Access Control for network services in Linux systems and hosts in the/etc directory. allow and hosts. the deny files are used to set TCP_WRAPPERS Access Control. The former is used to set the allowed access records, and the latter is used to set the denied access records. For example, If You Want To Restrict Anonymous Access from some hosts to the FTP server 192.168.57.2/Etc/hosts. AllowFile, for example, add two lines of commands below:Vsftpd: 192.168.57.1: denyAndVsftpd: 192.168.57.9: denyIt indicates that the IP address is 192.168.57.1/192.168.57.9 and the IP address is 192.168.57.2. At this time, the FTP server can be pinged but cannot be connected)

12. Anonymous: Anonymous, no password

13. vsftp root directory/var/FTP/

A) download the file from the following Pub:

B) If you want to upload an object, it is not allowed by default. The object is uploaded anonymously by anonymous.

14. Many FTP users are managed together with Linux users.

15. allow root users to upload files (generally not required)

16. allow root upload

A) you only need to change two configuration files. (/etc/vsftpd)

B) change the configuration file vsftpd. user_list (delete the root user or use # comment, # root)

C) change the configuration file vsftpd. user_ftpusers (delete the root user or use # comment, # root)

D) Restart vsftp service vsftpd restart.

In this case, log on to the root directory with the root account by default.

17. default startup settings:

A) Method 1: chkconfig vsftpdon or chkconfig-Level 5 vsftpd on

B) at which level can be started randomly as long as the 2-5 is on,

C) view the startup method: chkconfig -- list | grep vsftpd

D) Method 2: Use VI to enable/etc/rc. Local. Add/user/local/bin/vsftpd to it.

18. During vsftpd configuration, SELinux of Linux is started by default. Sometimes this feature enhances security and is annoying. For example, it makes the configured vsftpd unable to log on normally or upload. In this case, two methods can be used.

I. One method:

# Setsebool-P ftpd_disable_trans 1

Restart the vsftpd service.

Ii. Another method is to directly disable SELinux.
Vim/etc/sysconfig/SELinux

SELinux = Disable

Restart the instance.

19. You can also check the status of SELinux: getsebool-A or sestatus-v.

A) use the setsebool command to enable the corresponding attributes:Setsebool ftpd_disable_trans on

B)Setsebool uses the-p parameter. You do not need to enter this command every time you start the system:Setsebool-pftpd_disable_trans on

C)Gets the SELinux policy value of the Local Machine, also known as the bool value. :Getsebool-a command or sestatus-B