Linux vsftp servers must be refined throughout the process

Linux vsftp servers must be refined throughout the entire process-Linux Enterprise applications-Linux server application information. The following is a detailed description. 1. First, check whether rpm qa | grep vsftpd is installed.
If not, download the ftp://vsftpd.beasts.org/users/cevans/ here
2. Let's download the latest version 2.01 and put it under ftp://vsftpd.beasts.org/users/cevans/
3. Then we need to unbind it [root @ zy jishu] # tar zxvf vsftpd-2.01, jishu is the user directory I created is/home/jishu
We can see that the files are decompressed in the/home/jishu directory. By the way, tar zcvf is compressed. You can try to compress a file into the tar format.
4. [root @ zy jishu] # After the cd vsftpd-2.0.1 is unlocked, go to the corresponding directory.
[Root @ zy jishu] #./whether the configure version meets the compilation requirements and other system information required for installation. Prepare for subsequent compilation. ---- If an error is found during the check, configure will prompt and stop the check. You can configure the system as prompted. Run the program again. After the check is passed, the MakeFile file for compilation will be generated. Now you can start compiling. The compilation process varies depending on the size of the software and the performance of the computer:
5. Here I will add some methods to install and uninstall software in linux.
Installation and uninstallation of Linux software has always been a problem for many beginners. Because of the significant differences between Linux and Windows in the system directory structure, system configuration methods, and other aspects, the methods for installing and uninstalling the software are also quite different. In Windows, "Add/delete programs" in the control panel is used. similar to this, there is a powerful software in Linux.
Install the uninstall tool named RPM. Its full name is "Red Hat Package Manager ". It can be used to establish, install, query, update, and uninstall software. This tool is used in the command line. Enter rpm at the Shell prompt to obtain help information for this command. Software Installation
The installation of software in Linux is mainly in two different forms. The first installation file is filename.tar.gz. The Installation File is filename. i386.rpm. Most of the software released in the first method is sent as source code. The second method is directly issued in binary format. I386 indicates that the software is compiled and generated according to the Inter 386 instruction set.
For the first method, the installation method is as follows:
First, copy the installation file to your directory. For example, if you log on as root, copy the software to/root.
# Cp filename.tar.gz/root
Because the file is compressed and packaged, decompress it. Command:
# Tar xvzf filename.tar.gz
After running this command, decompress the installation file to the current directory by path. Run the ls command to view the decompressed file. Generally, the files generated after decompression are named
"INSTALL. This file is a plain text file that describes the installation method of the software package in detail.
For most software to be compiled, the installation method is roughly the same. After decompression, an executable script program named configure is generated. It is used to check whether the system has the library required for compilation, and whether the library version meets the compilation requirements and other system information required for installation. Prepare for subsequent compilation. Command:
#./Configure
If an error is found during the check, configure will prompt and stop the check. You can configure the system as prompted. Run the program again. After the check is passed, the MakeFile file for compilation will be generated. Now you can start compiling. The compilation process varies depending on the size of the software and the performance of the computer. Command:
# Make install
After installation, clear the temporary files generated during compilation and files generated during configuration. Run the following command:
# Make clean
So far, the software installation is complete.
For the second method, the installation method is much simpler.
Copy the installation file to your directory in the same way as the first method. Then use rpm to install the file. The command is as follows:
# Rpm-I filename. i386.rpm
Rpm automatically unpacks the installation file and installs the software in the default directory. And register the software installation information to the rpm database. The role of parameter I is to enable rpm to enter the installation mode. In addition, there are some commercial software on the Linux platform. In the installation file, there is a Setup installer, which is installed in the same way as on Windows. For example, Corel WordPerfect.
Uninstall Software
The software is mainly detached using rpm. To uninstall a software package, you must first know the name registered in the system. Type the following command:
# Rpm-qa
You can query all the software packages installed in the current system. The function of the q parameter is to enable rpm to enter the query command mode. Parameter a is a subparameter of the query mode, meaning ALL ). You can use the less person screen to display more information.
After confirming the name of the software to be detached, you can start to uninstall the software. Type the following command:
# Rpm-e
You can uninstall the software. The function of parameter e is to enable rpm to enter the uninstall mode. Uninstall the software package named. Each software package in the system depends on each other. If the object cannot be detached because of dependency, the rpm prompts and stops uninstalling the object. You can run the following command to ignore the dependency and directly start uninstallation.
# When rpm-e-nodeps ignores dependency uninstallation, other software in the system may be unavailable. You can use
# Rpm-e-test
Run the rpm command to uninstall the preview, instead of detaching the preview. This allows you to check whether the software has dependencies. Whether there is an error during the uninstall process.
6. [root @ zy vsftpd-2.0.1] # make to generate binary data
7. [root @ zy vsftpd-2.0.1] # make INSTALL installation command. The binary data generated by installation is equivalent to running the exe file in windows.
7. [root @ zy vsftpd-2.0.1] # Check that vsftpd is installed in which vsftpd.
8. Now that the server has been installed, We have to modify the configuration file.
[Root @ zy vsftpd-2.0.1] # more install. Let's take a look at the installation help.
To see how to configure it, you should pay attention to how to configure the document during installation.
First, copy the master configuration file to the/etc directory.
[Root @ zy vsftpd-2.0.1] # cp vsftpd. conf/etc
[Root @ zy etc] # cp RedHat/vsftpd. pam/etc/pam. d/ftp. This cp is used for ftp authentication, that is, the user needs to log on through pm. d.
A lot of content in "more INSTALL" is to teach us how to set up a successful vsftpd server.
[Root @ zy etc # vi vsftpd. conf
We need to add the listen = YES statement at the end. The reason for this is to let the server run independently, let the server listen on its own, and wq save and exit.
[Root @ zy vsftpd-2.0.1] # create an anonymous logon user directory using mkdir/var/ftp
[Root @ zy vsftpd-2.0.1] # chown root. root/var/ftp: Change the directory owner to root, and change the group to root.
[Root @ zy vsftpd-2.0.1] # If the chmod og-w/var/ftp permission is set to another user or root group, the user cannot write data, but can only read and enter
[Root @ zy vsftpd-2.0.1] # confirm anonymous users with finger ftp
[Root @ zy vsftpd-2.0.1] #/usr/local/sbin/vsftpd, in this way, the server runs in the background when it is started. Cocould not bind listening IPv4 socket?
In the/etc/xinetd. d/vsftpd file, change disable = no to YES!
Also, add listen = yes to the/etc/vsftpd. conf file and change it to STANDALONE independent mode!
Because xinetd has started vsftpd and vsftpd is set to stardalone mode, stop the xinetd service, stop the service xinetd, and then
/Usr/local/sbin/vsftpd & start ftp service
[Root @ zy vsftpd-2.0.1] # netstat-tnl check whether a port of 21 is opened. If yes, if the process is using port 21, use the kill-9 process pid to delete the process.
[Root @ zy vsftpd-2.0.1] # Set the ftp localhost to test the link. It will allow you to enter the user name and password. We will try to leave the anonymous password blank, it is found that the logon is successful now,
[Root @ zy vsftpd-2.0.1] # vi/etc/rc. local to enable the ftp server to start automatically, We need to write it to the/etc/rc. local directory.
We write/usr/local/sbin/vsftpd &
Wq save and exit
9. Have vsftpd servers, http://www.linuxdiyf.com/bbs/viewthread.php? Tid = 53105 is set up. We 'd better restart the server to see if there is a chance to automatically enable vsftp.
10. by default, the previously installed server will create a vsftpd daemon under [root @ zy root] # ls/usr/local/sbin, also in [root @ zy root] # ls/etc/xinetd. d/vsftpd also has a vsftpd STARTUP script, so the server can be started in two ways, but we want it to run independently, so we need to disable this startup, [root @ zy root] # chkconfig -- list vsftpd
[Root @ zy root] # chkconfig vsftpd off
[Root @ zy root] # chkconfig -- list vsftpd
[Root @ zy root] # netstat-tnl check whether port 21 is occupied. If it is occupied, the process will be killed.
[Root @ zy root] # ps-aux | grep ftp
[Root @ zy root] # kill-9 process pid Number
[Root @ zy root] #/etc/rc. local run the sbin command under rc. local
[Root @ zy root] # view the port again in netstat-tnl
3. [root @ zy root] # vi/etc/vsftpd. conf modify the server configuration file
First, let's explain several common commands in vsftpd. conf configuration.
Anonymous_enable = YES: Allow Anonymous Users to comment out and remove it #
Local_enable = YES allow local users to log on and remove #
Write_enable = YES: allow local users to write data to remove #
Local_umask = 022 remove the umask value of the new local user file #
Abon_upload_enable = YES allows anonymous users to delete uploaded files #
Anon_mkdir_write_enable = YES: allows anonymous users to create directories.
Dirmessage_enable = YES. directory information can be removed #
Ftpd_banner = welcome to zy ftp server login welcome word removed #
Ls_recurse_enable = YES allows the client to use the ls-r command
Listen = YES listening mode add this sentence wq at the end to save and quit
[Root @ zy root] # killall-9 vsftpd our server runs independently and we need to kill it.
[Root @ zy root] #/usr/local/sbin/vsftpd & restart vsftpd
[Root @ zy root] # useradd redhat create a user
[Root @ zy root] # Set password for passwd redhat
[Root @ zy root] # log on to your ftp server through ftp 192.168.1.144
Enter the redhat password.
Ftp> pwd to view the current directory/home/redhat
Ftp> help view all available commands
Ftp> put/etc/services ftpservices: Upload/etc/services to the ftp server.
Ftp> ls view the directory of the ftp server
Ftp> quit exit ftp Server
Next, let's try uploading an article with an anonymous user. The key cause of the failure is/var/ftp, which does not belong to anonymous users.
[Root @ zy root] # cd/var/ftp/
[Root @ zy ftp] # mkdir/var/ftp/shangchuan create a new directory
[Root @ zy ftp] # chmod g + w shangchuan/make the Group Writable
[Root @ zy root] # chgrp ftp shangchuan/hand over the directory to the group ftp
In this way, you can use anonymous users to create directories.
Ftp> cd shangchuan to enter the upload directory
Then you can upload the article.
Then let's try another security of vsftp and lock the user directory.
First, we use the redhat user to log on to ftp
Ftp> pwd current directory/home/redhat
Ftp> cd/etc
OK to exit ftp quit
Then modify [root @ zy root] # vi/etc/vsftpd. conf
Set chroot_list_enable = YES
Chroot_list_file =/etc/vsftpd. chroot_list comment out the two lines
[Root @ zy root] # vi/etc/vsftpd. chroot_list
Redhat writes the user name into, wq
Then we log on to the ftp server again.
Log On with the redhat user this time
Ftp> pwd: The/directory is actually the user's locked directory.
Ftp> cd/etc will display a prompt indicating a failed change to the directory.
11. If we want to control user access to the ftp server
[Root @ zy root] # vi/etc/ftpuesrs
Redhat
Zy
Wq is saved and exited. By default, the two users redhat and zy cannot access the ftp server. etc/ftpuesrs is the blacklist of an ftp server.
We just successfully logged on with redhat. Now we add redhat to ftpusers.
[Root @ zy root] # echo "redhat">/etc/ftpusers
If you log on again, you will find that the logon fails.
[Root @ zy root] # vi/etc/passwd is sensitive to system users, that is, persons with uid less than 500 under the passwd directory are generally retained by the system, we should add them to/etc/ftpusers, which is very troublesome.
However, in turn, we can allow only designated persons to access the ftp server, while others are denied.
[Root @ zy root] # cp RedHat/vsftpd. pam/etc/pam. d/ftp
[Root @ zy root] # more/etc/pam. d/ftp users are controlled by the pam. d file.
We only need to change the pam. d/ftp file.
[Root @ zy root] # vi/etc/pam. d/ftp Replace the default denied command sense = deny with sense = allow so that only redhat and zy users can log on to the ftp server.
12. For the sake of security, we do not want the ftp user to be a system user, so we need to establish a virtual ftp user to ensure that the system does not have users, such as tom
First, edit users.txt, [root @ zy root] # vi users.txt
Enter user tom
Password 123 user and password do not enter, the first line is the user tom, the second line is the password 123
[Root @ zy root] # id tom: check if the tom user does not exist.
[Root @ zy root] # db_load-T-t hash-f users.txt/etc/vsftpd_login.db to explain-T is the command to write a simple txt file into the db database-t is written type: hash, -f indicates the file name, and/etc/vsftpd_login.db indicates the location where the file is written.
[Root @ zy root] # chmod 600/etc/vsftpd_login.db change the permission of this file to 600
[Root @ zy root] # vi/etc/pam. d/ftp modify the pam. d service file
First, we need to comment out the previous one and add # comment out before all.
Then let's add a few more words.
Auth required pam_userdb.so db =/etc/vsftpd_login.db
Account required pam_userdb.so db =/etc/vsftpd_login.db
Auth is authentication, and required is a control method. We use the pam_user.db.so module and load a db =/etc/vsftpd_login.db
The account type is
[Root @ zy root] # useradd vuser creates a virtual account for ing. This user does not need to set a password.
[Root @ zy root] # vi/etc/vsftpd. conf edit Server Configuration
We want to disable all commands starting with anon, prohibit anonymous users from logging on and then
We need to add two Commands: guest_enable = YES
Guest_username = vuser
Wq save and exit
Then, in the experiment, we use redhat to log on and the response is logon Failure de.
Ftp> user we use virtual user to log on
(Username) tom
Enter Password 123
OK
Let's take a look at the next file. get. bashrc is successfully downloaded. ls, but we cannot see quit.
[Root @ zy root] # cp install. log/home/vuser/copy install. log
[Root @ zy root] # chmod o + r/home/vuser/change the directory to be readable by others
We can see install. log On from tom again.
Note that each modification to the/etc/vsftpd. conf file must be initiated again. This command can be used to replace [root @ zy root] # killall-HUP vsftpd