Install the vsftpd Server
Vsftpd is currently one of the best FTP server tools in Linux,
Among them, VS is the abbreviation of "very secure" (very secure). It can be seen that its biggest advantage is security. In addition,
It also has the advantages of small size, customizable, and high efficiency.
Check if vsftpd is installed. If the result shows a similar vsftpd-2.0.1-5.EL4.5, it indicates that it is already installed:
[Root @ centos4 ~] # Rpm-Qa | grep vsftpd
Null lines are returned, indicating no installation. We can install it on the GUI.
In the graphic environment, click the "applications → system settings → Add/Remove application" menu item,
Select the "FTP server" option under "server" and click "Update,
Follow the prompts to install the tool (you need to load the Linux installation CD before installation ).
1:
Check vsftpd after installation:
[Root @ centos4 ~] # Rpm-Qa | grep vsftpd
Vsftpd-2.0.1-5.EL4.5
[Root @ centos4 ~] #
Start vsftpd
[Root @ centos4 ~] #/Etc/rc. d/init. d/vsftpd start
Starting vsftpd For vsftpd: [OK]
[Root @ centos4 ~] #
Restart the vsftpd service
[Root @ centos4 ~] #/Etc/rc. d/init. d/vsftpd restart
Shutting down vsftpd: [OK]
Starting vsftpd For vsftpd: [OK]
Stop vsftpd service
[Root @ centos4 ~] #/Etc/rc. d/init. d/vsftpd stop
Shutting down vsftpd: [OK]
[Root @ centos4 ~] #/Etc/rc. d/init. d/vsftpd start
Starting vsftpd For vsftpd: [OK]
[Root @ centos4 ~] #
We started to log on to the Linux FTP server from windows through the FTP client software filezilla.
Filezilla Configure connection 2-Figure 4:
Figure 2:
Figure 3:
Figure 4:
Window log on to the FTP server in cmd 5:
Figure 5:
Vsftpd Configuration
Vsftpd. ftpusers: located in the/etc directory. It specifies which user accounts cannot access the FTP server, such as root.
Vsftpd. user_list: located in the/etc directory. The user account in this file cannot access the FTP server by default. Access is allowed only when the userlist_enable = no option is enabled in the vsftpd. conf configuration file.
Vsftpd. conf: located in the/etc/vsftpd directory. Customize FTP server configurations, such as user logon control, user permission control, timeout settings, server function options, server performance options, and server response messages.
(1) User Logon Control
Anonymous_enable = Yes, allows anonymous users to log on.
No_anon_password = yes. You do not need to enter a password when logging on as an anonymous user.
Local_enable = Yes, allow local users to log on.
Deny_email_enable = yes, you can create a file to save the blacklist of some anonymous emails to prevent these people from using DoS attacks.
Banned_email_file =/etc/vsftpd. banned_emails. When the deny_email_enable function is enabled, the required path for saving the email blacklist is/etc/vsftpd. banned_emails by default ).
(2) user permission Control
Write_enable = yes. enable the global upload permission.
Local_umask = 022. The umask of the local user's uploaded file is set to 022 (the default value is 077. Generally, it can be changed to 022 ).
Anon_upload_enable = Yes, which allows anonymous users to have the upload permission. Obviously, you must enable write_enable = yes to use this option. At the same time, we must create a directory that allows ftp users to read and write data (as mentioned earlier, FTP is mapped to user accounts by anonymous users ).
Anon_mkdir_write_enable = yes. Anonymous Users are allowed to create directories.
Chown_uploads = yes. If this option is enabled, the owner of the file to be uploaded anonymously will be changed to another user account. Note that you are advised not to specify the root account as the owner of the file to be uploaded anonymously!
Chown_username = whoever. When chown_uploads = yes is enabled, the specified owner account must be replaced by an appropriate user account.
Chroot_list_enable = yes. You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = Yes, the specified users in this list are unrestricted.
Chroot_list_file =/etc/vsftpd. chroot_list. If chroot_local_user = Yes, specify the Save path for the List (chroot_local_user) (/etc/vsftpd. chroot_list by default ).
Nopriv_user = ft1_cure: Specifies a secure User Account to allow the FTP server to be used as an independent user with full isolation and no privileges. This is a recommended option For vsftpd systems.
Async_abor_enable = yes. We strongly recommend that you do not enable this option, otherwise it may cause errors!
Ascii_upload_enable = yes; ascii_download_enable = yes. By default, the server will pretend to accept requests in asc ii mode but ignore such requests, enabling these two options enables the server to implement transmission in asc ii mode.
Note: enabling the ascii_download_enable option will enable malicious remote users to use commands such as "size/big/file" in asc ii mode to consume a large amount of FTP server I/O resources.
The configuration options in asc ii mode are divided into upload and download, so that we can allow upload in asc ii mode (this can prevent the upload of malicious files such as scripts from crashing ), this vulnerability does not cause DoS attacks.
(3) User connection and timeout options
Idle_session_timeout = 600. You can set the default idle time-out period. If you do not wait for this period, the server will be kicked out.
Data_connection_timeout = 120, set the default data connection timeout time.
(4) server logs and welcome information
Dirmessage_enable = Yes, which allows you to display information for directory configuration and the content of the message_file file under each directory.
Ftpd_banner = welcome to blah FTP service. You can customize the welcome information that ftp users can see when they log on to the server.
Xferlog_enable = Yes, enabling the function of recording upload/Download activity logs.
Xferlog_file =/var/log/vsftpd. log. You can customize the log file storage path and file name. The default value is/var/log/vsftpd. log.
The reference information is from the network.