Vsftpd server configuration in RHEL5.7

Vsftpd is the most popular FTP server program in the Linux release. Features: small, light, secure, and easy to use. The name of vsftpd stands for "verysecureFTPdaemon". Security is one of the top concerns of its developer ChrisEvans. At the beginning of the FTP server design and development, high security is a goal. Before building a vsftpd server, first understand FT

Vsftpd is the most popular FTP server program in the Linux release. Features: small, light, secure, and easy to use. The name of vsftpd stands for "very secure FTP daemon". Security is one of the top concerns of Chris Evans, its developer. At the beginning of the FTP server design and development, high security is a goal.
Before building a vsftpd server, first understand how FTP works.
FTP transmission uses reliable TCP protocol and two connections are used: Command Channel and data stream channel. In general, the FTP service occupies two ports: 20 and 21. Port 21 is used to establish a command channel, and Port 20 is used to establish a data channel. FTP can be established in two modes: Active Mode and passive mode.
In active mode, a client uses a random port greater than 1024 to initiate a request to port 21 on the server and uses a three-way handshake to establish a command channel. If a file is uploaded or downloaded at this time, the server uses Port 20 to initiate a request to another port greater than 1024 of the client. After three handshakes, a data channel is established.
Active Mode diagram:

In passive mode, the command channel is created on port 21 in the same way as in active mode. When there is a data transmission command, the client will initiate a request to the server in the Command Channel; at this time, the server will enable a port to listen, but not Port 20, but a random port greater than 1024. In this way, the data channels at both ends of the server and client are established between ports greater than 1024.
Passive Mode:

Now we can talk about vsftpd. The full name of vsftpd is "very secure FTP Daemon", which means a very secure FTP server. With regard to its functions and security, we will be able to understand it in subsequent experiments.

Test basic functions of the vsftpd Server
By default, the vsftpd server has been installed in RHEL5, And the vsftpd service can be enabled without any configuration.
 
In this case, go to the windows client and log on to the ftp server using the command line. log on to the ftp server using the anonymous account anonymous or ftp. The password is blank. You can log in successfully! The default anonymous FTP root directory is/var/ftp.
 
At this time, you can use some simple commands to view the user directory information. For example, dir is to view the folder under the root directory of the server. You can find a folder named pub .! Dir is the folder under the root directory of your computer, as shown in.
Like in linux, pwd can be used to view the path of the current directory of the server. Here, we find that the path to the ftp directory accessed by an anonymous user is a relative path, that is, it can only be accessed in the/var/ftp directory, without the permission to access other paths on the server. The LCD can be used to view the current path of the local computer.
 
By default, anonymous users only have the download permission, but do not have the upload permission ., When the ipmsg.rar file is uploaded, it is rejected by the server, but the install. log file can be downloaded successfully. In addition, you can use the bye command to exit the ftp server.
 
Vsftpd configuration file introduction: 
/Etc/vsFTPd. confMain configuration file of vsftpd
/Etc/pam. d/vsFTPdThis is the file used when PAM-related modules are used for identity authentication.
/Etc/vsFTPd. ftpusersThis file is equivalent to a black name and contains users who cannot log on to FTP.
/Etc/vsFTPd. ftpuser_listThis file can be blacklisted or used as a whitelist. It mainly depends on how to set policies.
/Etc/vsFTPd. Chroot_listThis file does not exist by default and needs to be created manually. It is used to lock some users' root directories in the default directory and cannot enter other directories on the server.
/Etc/sbin/vsFTPdThe Startup File of vsftpd.
/Var/FTPThe default root directory for anonymous users to log on to vsftpd.

Description of vsFTPd. conf file setting values 
Anonymous_enable = YESAllow anonymous users to log on
Local_enable = YESAllow local users to log on
Write_enable = YES Allow users to upload
Local_umask = 022By default, the permission of the uploaded folder is 777, and the permission of the file is 666,022, which means that the default permission is deducted from the permission of 022, that is, the writable permission of the file is removed, in this way, others can only read files, but cannot modify files.
Anno_upload_enable = YESAllows anonymous users to upload files, which are commented out by default.
Anno_mkdir_write_enable = YESAllows anonymous users to create folders, which are commented out by default.
Dirmessage_enable = YESWhen a user enters a directory, the contents that need attention are displayed. The default file is. message.
Xferlog_enable = YESEnable Logging for client upload and download
Connect_from_port_20 = YESFTP Data Channel port number
Xferlog_std_enable = YESStandard log format
Pam_service_name = vsftpdThe user's authentication file is vsftpd
Userlist_enable = YESIt can be used to check whether users in the userlist_file file can access the server.
Listen = YESWork in standalone Mode
Tcp_wrappers = YESLinux built-in security protection program