Vsftpd for short: Very Secure FTP is a secure FTP server with many functions and features.
Functions and features:
1. It is a safe, fast, and stable server.
2. You can set multiple IP address-based virtual FTP hosts.
3. It is very easy to set up anonymous FTP services.
4. You do not need to execute any external programs to reduce security risks.
5. Supports virtual users.
6. bandwidth restrictions are supported.
Vsftpd installation and configuration
Installation environment: cent OS 6.5 server disables SELinux.
Installation:
# Yum install-y vsftpd Server File/usr/sbin/vsftpd execution file/etc/rc. d/init. d/vsftpd STARTUP script/etc/vsftpd/vsftp. conf main configuration file/etc/vsftpd. ftpusers: Disable ftp user list/etc/vsftpd. user_list: User List for disabling and allowing FTP/var/FTP Anonymous user's home directory/var/FTP/pub anonymous user's download directory also contains some other files, please refer to them. Vsftpd main configuration file anonymous_enable = Yes allows anonymous users to access local_enable = Yes allows local users to access write_enable = Yes allows local users to read and write local_umask = 022 default mask # anon_upload_enable = Yes allows anonymous users, by default, # anon_mkdir_write_enable = Yes allows anonymous users to create folders. By default, dirmessage_enable = yes is not allowed if the directory does not exist. message file, the file content is displayed. xferlog_enable = yes. Enable upload and download logging connect_from_port_20 = yes. enable the data connection port # chown_uploads = yes. Use both lines together. # chown_username = whoever allows the owner whoeverxferlog_file =/var/log/ Xferlog upload/download log file/var/log/xferlogxferlog_std_format = yes use standard format to record upload/download records # idle_session_timeout = 600 connection establishment timeout # data_connection_timeout = 120 data transmission latency # nopriv_user = ftbench cure uses special user ftbench cure # Secure = yes after the download is canceled, the client is not suspended # ascii_upload_enable = yes # ascii_download_enable = Yes enable ASCII transfer file ftpd_banner = welcome to bLH FTP service. login prompt # deny_email_enable = yes # banned_email_file =/etc/vsftpd/banned_emails enable setting can be set to black List # chroot_local_user = yes # chroot_list_enable = yes # chroot_list_file =/etc/vsftpd/chroot_list restrict chroot_list users to access the upper-level directory of their FTP root directory # whether to use the LS-R command listen = yespam_service_name = vsftpd list Pam files related to vsftpd userlist_enable = Yes start/etc/vsftpd/user_list configuration file userlist_deny = No/etc/vsftpd/user_list users can access the vsftp server # userlist_deny = No/etc/vsftpd/user_list file users cannot access the vsftp server TCP_WRAPPERS = Yes Enable TCP warppers support. This section describes the main configuration file of vsftpd. Next we will configure to allow only system users to access the server. # Useradd ftpuser-S/sbin/nologin for security, create a user ftpuser # Cat/etc/vsftpd who cannot log on to the system. conf | grep-V "^ #" Signature = nolocal_enable = yeswrite_enable = yeslocal_umask = Signature = yesxferlog_enable = Signature = yesxferlog_file =/var/log/Signature = 120ftpd_banner = welto blah FTP service. please don't cut or remove the FTP server files and folders. listen = yespam_service_name = vsftpduserlist_enable = yesuserlist_deny = No. Only/etc/vsftpd/user is allowed. in the list file, log on to TCP_WRAPPERS = yeslocal_root =/var/FTP and set the FTP root directory dual_log_enable = yesvsftpd_log_file =/var/log/vsftpd of the local user. log enable detailed log record client connection server details use_localtime = Yes start local time pasv_enable = yespasv_min_port = 30001pasv_max_port = 31000 enable Passive Mode Server Response port accept_timeout = 60 Passive Mode Server waiting for client response max_client = 100 Max client connections max_per_ip = 10 Max connections per client local_max_rate = 50000 limit the transmission rate of all local users, the Unit is the port allowed by the byte enabling firewall # Vim/etc/sysconfig/iptables-A input-p tcp-m tcp -- dport 30001: 31000-J ACCEPT-A inputs-p tcp-M state -- state new-m tcp -- dport 21-J ACCEPT-A input-p tcp-M state -- state new-m tcp -- dport 20- j. ACCEPT-A output-p tcp-M state -- state new-m tcp -- dport 20-J ACCEPT-A output-p tcp-M state -- state new-m tcp -- dport 21-J accept restart the vsftpd server # service vsftpd restart
This article is from the "Linux" blog. For more information, contact the author!