Dell Bare Metal installed red Flag 6 and set up to install SSH, FTP process records (II)

Second, install the configuration vsftpd

1, download vsftpd-2.0.5-8.i386.rpm
2, installation
3, configuration
/etc/vsftpd.vsftpd.conf

Anonymous server connection (standalone server)
Add the following items to the/etc/vsftpd/vsftpd.conf configuration file:

Anonymous_enable=yes (Allow anonymous login)
Dirmessage_enable=yes (Displays the contents of the directory. Message when the directory is switched)
local_umask=022 (local file permissions on FTP, default is 077)
Connect_form_port_20=yes (data connection with FTP data port enabled) *
Xferlog_enable=yes (activation of upload and next log)
Xferlog_std_format=yes (using standard log format)
FTPD_BANNER=XXXXX (Welcome information)
PAM_SERVICE_NAME=VSFTPD (Verification method) *
Listen=yes (Standalone VSFTPD server) *
Function: can only connect FTP server, cannot upload and send down
Note: All of which are related to the log welcome information is optional, the asterisk is no matter what account to add, is the basic FTP option

Turn on anonymous FTP server upload permissions
Add the following information to the configuration file:

Anon_upload_enable=yes (open upload permission)
Anon_mkdir_write_enable=yes (You can create a directory and upload files in this directory)
Write_enable=yes (open Local user write permission)
Anon_other_write_enable=yes (anonymous account can have permission to delete)
To turn on permissions under anonymous server
Add the following information to the configuration file:

Anon_world_readable_only=no
Note: To note the properties of the folder, the anonymous account is another (other) user to open its read and write permission to execute
(R) Read-----down (W) write----upload (X) execution----If you do not open the FTP directory will not go

Normal User FTP server connection (standalone server)
Add the following information to the configuration file:

Local_enble=yes (local account can log in)
Write_enable=no (local account does not have permission to delete and modify files after landing)
Function: Can log on to VSFTPD server with local account, have permission to download and upload
Note: Anonymous servers can still log on without anonymous login, but not above

User login restricted to other directories, only into its home directory
Set all local users to perform chroot

Chroot_local_user=yes (all local accounts are available in their own directory)
Set the specified user execution chroot

Chroot_list_enable=yes (the list in the file can be called)
chroot_list_file=/any specified path/vsftpd.chroot_list
Note: Vsftpd.chroot_list is not created need to add their own, to control the account directly in the file add an account can

Restrict local user access to FTP
Userlist_enable=yes (use Userlistlai to restrict user access)
Userlist_deny=no (people on the list are not allowed to visit)
userlist_file=/specifies the path to which the file is stored/(the path where the file is placed)
Note: Open userlist_enable=yes Anonymous account cannot log in

Security options
idle_session_timeout=600 (seconds) (10 minutes after user session idle)
data_connection_timeout=120 (seconds) (Disconnect data connection for 2 minutes)
accept_timeout=60 (seconds) (Idle 1 minutes after the client is disconnected)
connect_timeout=60 (seconds) (1 minutes after interruption and reconnect)
local_max_rate=50000 (bite) (Local user transfer rate 50K)
anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)
pasv_min_port=50000 (change the client's data connection port to
Between pasv_max_port=60000 50000-60000)
MAX_CLIENTS=200 (maximum number of connections to FTP)
Max_per_ip=4 (maximum number of connections per IP)
listen_port=5555 (data connection from Port 5555)

Parameters for vsftpd.conf:
Anonymous_enable=yes allows anonymous login
Dirmessage_enable=yes When you switch directories, the contents of the directory. Message is displayed.
local_umask=022 local file permissions on FTP, default is 077
Connect_form_port_20=yes Enable data connections for FTP data ports *
Xferlog_enable=yes activation of upload and down logs
Xferlog_std_format=yes Use standard log format
Ftpd_banner=xxxxx Welcome Information
PAM_SERVICE_NAME=VSFTPD Verification Method *
Listen=yes Standalone VSFTPD Server *
Anon_upload_enable=yes Open Upload permission
Anon_mkdir_write_enable=yes can create a directory while uploading files in this directory
Write_enable=yes Open Local User write permissions
Anon_other_write_enable=yes Anonymous account can have permission to delete
Anon_world_readable_only=no Open Anonymous user browsing rights
Ascii_upload_enable=yes enable upload of ASCII transfer mode
Ascii_download_enable=yes enable the download of ASCII transfer mode
Banner_file=/var/vsftpd_banner_file the user is connected to the welcome information using the information in this file
idle_session_timeout=600 (SEC) 10 minutes after user session idle
data_connection_timeout=120 (SEC) Data connection idle 2 minutes break
accept_timeout=60 (seconds) to idle the client 1 minutes after the break
Connect_timeout=60 (sec) interrupted for 1 minutes and reconnected
local_max_rate=50000 (bite) Local user transfer rate 50K
anon_max_rate=30000 (bite) Anonymous user transfer rate 30K
pasv_min_port=50000 the client's data connection port to
Between pasv_max_port=60000 50000-60000
Maximum number of connections for max_clients=200 FTP
max_per_ip=4 maximum number of connections per IP
listen_port=5555 data connection from Port 5555
Local_enble=yes local account can log in
Write_enable=no local account does not have permission to delete and modify files after landing
Here's a set of
Chroot_local_user=yes local all accounts can only be in their own directory
The list in the Chroot_list_enable=yes file can call
chroot_list_file=/any specified path/vsftpd.chroot_list the premise is Chroot_local_user=no
This is another group
Userlist_enable=yes users in the specified file are not allowed to access the
Userlist_deny=yes
userlist_file=/the specified path/vsftpd.user_list
It's on the list again.
Display the contents of a file when a banner_fail=/path/file name connection fails
Ls_recurse_enable=no
Async_abor_enable=yes
One_process_model=yes
listen_address=10.2.2.2 bind a virtual service to a port
Guest_enable=yes Virtual users can login
User name set by guest_username= the virtual user is mapped to a local user
user_config_dir=/any specified path/specifies the path to a different virtual user profile for the user policy's own folder
It's a group again.
Chown_uploads=yes change the owner of the uploaded file as root
Chown_username=root
It's a group again.
Deny_email_enable=yes allow anonymous users to be prevented from using certain mail addresses
banned_email_file=//any specified path/xx/
Another one.
Pasv_enable=yes server-side Passive mode
user_config_dir=/any specified path//directory specifies the path of the virtual user to store the configuration file

VSFTPD whether the server is running;

We can see if VSFTPD is running by Pgrep vsftpd.

[Root@localhost ~]# pgrep vsftpd
4248

The above shows that the VSFTPD server is running, you can test the connection via FTP command, LFTP tool or GFTP or other FTP client;

VSFTPD Server shutdown:

We use Pkill vsftpd to kill the VSFTPD process, so that the vsftpd is closed, psgrep vsftpd to view the process, if there is no process, the VSFTPD has been turned off, and of course, root permissions are used.

[Root@localhost ~]# Pkill vsftpd
[Root@localhost ~]# pgrep vsftpd

Set boot from: Chkconfig--level 2345 vsftpd on