Linux Nine Yin Canon of the Great Voldemort Fist fragment 1 (FTP,NFS)

? File Transfer Protocol: Files Transfer protocol is a set of standard protocols for file transfer over a network, using client/server mode. It belongs to the application layer of the Network transport protocol.

Server side: VSFTPD

Client: Lftp

Installation: yum-y Install VSFTPD lftp

User Authentication profile:/etc/pam.d/vsftpd

Service script:/usr/lib/systemd/system/vsftpd.service

Configuration file:/etc/vsftpd/vsftpd.conf

Anonymous user shared file location:/var/ftp

System User Shared file location: User home Directory

Virtual User Shared file location: The home directory of the system user for which it is mapped

First, VSFTPD service configuration options

• LISTEN_PORT=21: Command Port monitoring
• Connect_from_port_20=yes: Active mode port is 20
• FTP_DATA_PORT=20: Specify the port for active mode
• pasv_min_port=6000 | PASV_MAX_PORT=6010: Passive mode port range, 0 is randomly assigned
• Use_localtime=yes: Use local time
• Max_clients=0: Maximum number of concurrent connections
• Max_per_ip=0: The maximum number of simultaneous connections per IP
• NOPRIV_USER=NOBODY:VSFTPD service Specifies user identity run
• Anon_max_rate=0: Maximum transfer rate for anonymous users
• Local_max_rate=0: Maximum transfer rate for local users
• CONNECT_TIMEOUT=60: Active mode data connection timeout duration
• ACCEPT_TIMEOUT=60: Passive mode data connection Timeout duration
• DATA_CONNECTION_TIMEOUT=300: Data connection No data output time-out timeout
• IDLE_SESSION_TIMEOUT=60: No command operation timeout length
• Ascii_upload_enable=yes: First upload in text mode
• Ascii_download_enable=yes: First download in text mode

Anonymous user-Related:

• Anonymous_enable=yes: Support for anonymous users
• No_anon_password=yes: (default No) anonymous user skipped password check
• Anon_world_readable_only: (default Yes) can only download all read files
• Anon_upload_enable=yes: Allow anonymous uploads, note: File system permissions
• Anon_mkdir_write_enable=yes: Allow anonymous users to create folders
• anon_umask=077: Specify Umask for anonymous users to upload files
• Anon_other_write_enable=yes: Anonymous users can delete and modify uploaded files
• Chown_uploads=yes: (default No) modify the default owner and permissions of the uploaded file
• Chown_username=user1: The owner of an anonymously uploaded file is modified to User1
• chown_upload_mode=0644: Modify the permissions of an anonymously uploaded file to 644

System User-Related:

• Guest_enable=yes: All system users are mapped to guest users
• Guest_username=ftp: With the above option in effect, specify the guest user
• Local_enable=yes: Whether to allow Linux users to log on
• Write_enable-yes: Allow Linux users to upload files
• LOCAL_UMASK=022: Specify default permissions for system users to upload files
• Local_root=/ftproot: directory where non-anonymous users are logged in
• Chroot_local_user=yes: (default no, no imprisonment) imprison system users in the home directory
• Chroot_list_enable=yes

• Chroot_list_file=/etc/vsftpd/chroot_list

When Chroot_local_user=yes, the user in Chroot_list is not imprisoned
When Chroot_local_user=no, the user is imprisoned in Chroot_list

Log Related:

Xferlog_enable=yes: (default) enable record upload download log

Xferlog_std_format=yes: (default) Use WU-FTP log format

Xferlog_file=/var/log/xferlog: (default) can be automatically generated

Dual_log_enable=yes: Use the VSFTPD log format, which is not enabled by default

Vsftpd_log_file=/var/log/vsftpd.log: (default) can be automatically generated

Login prompt information related to:

Ftpd_banner=welcome to blah FTP service.

Banner_file=/etc/vsftpd/ftpbanner.txt: Displays the prompt information in the specified file, giving priority to this entry into effect

Dirmessage_enable=yes: (default) directory Access prompt Information

Message_file=.message: (default) information is stored in the specified directory. Message

Access Control Related:

PAM_SERVICE_NAME=VSFTPD: Specifying the PAM module configuration file

User authentication with PAM module

Pam configuration file:/etc/pam.d/vsftpd

/etc/vsftpd/ftpusers: The user refuses to log on by default in this file

Userlist_enable=yes: This setting is default

Userlist_deny=yes: (Default) blacklist, do not prompt password, no white list

Userlist_file=/etc/vsftpd/users_list: User authentication blacklist, this is the default value

Experiment: Implement FTPS based on SSL

[[Email protected] ~] #ldd 'which vsftpd' | grep libssl.so     #查看 Whether SSL    is supported Libssl.so. Ten =/lib64/libssl.so. Ten (0x00007feea94e2000)

1. Create a self-signed certificate

[Email protected] ~]#cd/etc/pki/tls/certs/[[email protected] certs]# makeVSFTPD.PEMcountry Name (2 Letter code) [Xx]:cnstate or province name (full name) []:Beijing company LTD : mageduorganizational Unit name (eg, section) []:Common name (eg, your name or your server' 
    s hostname) []:vsftpd.ftp.com

2. Configure VSFTPD service and support SSL

[Email protected] certs]#vim/etc/vsftpd/vsftpd.confanonymous_enable=YES   ssl_ Enable  =YES        # enable Sslallow_anon_ssl=No     # Anonymous does not support SSL                                                                     force_local_logins_ssl=  Yes  # Local user login encryption Force_local_data_ssl=YES    # Local data transfer encryption Rsa_cert_file=/etc/pki/ TLS/CERTS/VSFTPD. PEM   # certificate file 

3. Testing with FileZilla and other client tools

Linux Nine Yin Canon of the Great Voldemort Fist fragment 1 (FTP,NFS)