Redhat LINUX5 Installation Vsftp__linux

I heard Vsftp is very famous Linux, FTP security is very important, directed at this name Very secure FTP, so I tried
1. First check to see if my Redhat5 has been installed
rpm-qa| grep vsftpd
If you have already installed, you will receive the VSTFP version number information, if it does not appear, it is not installed

2. If there is no installation, you must choose a way to install
can go to the official website to download
http://vsftpd.beasts.org
can also be installed with a CD-ROM, RedHat 5 of the security plate, so I choose to install the CD
(1) First mount the CD to the system:
Mount/dev/cdrom/mnt
So the contents of the CD are mounted on the/MNT device, and you can now access the contents of the disc via/MNT.
(2) Install the VSFTP on the CD and start the VSFTP
RPM-IVH vsftpd*
(3) Change the starting mode to start automatically when the system starts
Chkconfig vsftpd on
You can also view the startup mode
Chkconfig--list |grep vsftpd
Can be started randomly as soon as 2--5 is on
(4) Start FTP
Service VSFTPD Start
(5) Connection test
Vsftp default installation directory is:/ETC/VSFTPD
There is an FTP directory by default: Var/ftp
Vsftp default is to allow anonymous user "Anonymous" login, allow download, but not allowed to upload

If not, it may be the reason for the Linux firewall
Stop firewall: Service iptables stop
Open firewall: Service iptables start

3 vsftp configuration file：
/etc/vsftpd/vsftpd.conf----------Primary configuration file
/ETC/RC.D/INIT.D/VSFTPD----------Startup script
/ETC/PAM.D/VSFTPD-----------Pam Authentication file (file=/etc/vsftpd/ftpusers field in this file that indicates that the user who blocked access is from a user in the/etc/vsftpd/ftpusers file)
/etc/vsftpd/ftpusers-------------prohibit the use of VSFTPD user list files. Records do not allow access to the FTP server's list of users, the administrator can put some security threats to the system user account records in this file, so that users from FTP login to obtain greater than the right to upload the download operation, and the system caused damage.
/etc/vsftpd/user_list-------------prohibit or allow the use of VSFTPD user list files. The user defaults specified in this file (that is, set userlist_deny=yes in/etc/vsftpd/vsftpd.conf) also do not have access to the FTP server, and when Userlist_deny=no is set, only User_ is allowed The user specified in the list accesses the FTP server.
/var/ftp-----------------------------Anonymous user home directory, the local user home directory is:/home/user home directory, that is, after logging into their home directory
/var/ftp/pub------------------------Anonymous user's download directory, this directory needs to empower the root chmod 1777 pub (1 for special permissions so that cannot be deleted after upload)
/etc/logrotate.d/vsftpd.log---vsftpd log file

4 from the above known/etc/vsftpd/vsftpd.conf as the vsftp of the main configuration file, you can make modifications to this file, but it is best to back up the files before you modify them
The following is an introduction to some of the details of this document

# Example Config file/etc/vsftpd/vsftpd.conf

# The default compiled in settings are fairly paranoid. This sample file

# loosens things up a bit and make the FTP daemon more usable.

# Please have a vsftpd.conf.5 for all compiled in defaults.

# READ This:this Example file is ' not ' an exhaustive list of vsftpd options.

# Please read the VSFTPD.CONF.5 manual page to get a full idea of vsftpd ' s

# capabilities.

# Allow anonymous FTP? (beware-allowed by default if your comment this.)

Anonymous_enable=yes (whether to allow Anonymous logon to the FTP server, the default setting is YES to allow users to use the user name FTP or anonymous FTP login, password for the user's e-mail address.) If anonymous access is not allowed to remove front # and set to No)

# Uncomment this to allow the local users to log in.

Local_enable=yes (that is, the user account on the Linux system) is allowed to log on to the FTP server, the default is YES, the local user enters the user's home directory after logging in, and the anonymous user enters the download directory of the anonymous user after logging in/var/ Ftp/pub: If only anonymous users are allowed to access, the front Plus # will prevent local users from accessing the FTP server. ）

# Uncomment this to enable the any form of the FTP write command.

Write_enable=yes (allows local users to have write access to the FTP server file, the default setting is YES)

# Default Umask for Local users are 077. You are wish to the change this to 022,

# If your users expect that (022 are used by most other ftpd ' s)

# local_umask=022 (or other value, set the local user's file mask to the default 022, or set it to a different value based on personal preference, the default value is 077)

# Uncomment this to allow the anonymous FTP user to upload files. This is only

# has an effect if the above global write-enable is activated. Also, you'll

# obviously need to create a directory writable by the FTP user.

#anon_upload_enable =yes (Allow anonymous users to upload files, write_enable=yes should be set by default to YES)

# Uncomment this if your want the anonymous FTP user to is able to create

# New directories.

#anon_mkdir_write_enable =yes (Allow anonymous users to create a new folder, the default setting is YES)

# Activate Directory messages-messages given to remote users when they

# go into a certain directory.

#dirmessage_enable =yes (whether to activate the directory welcome information feature, when users first access a directory on the server in CMD mode, the FTP server displays the welcome information, by default, the welcome information is through the directory. Messag e files obtained, this file saves custom welcome information, which is established by the user himself.

# Activate logging of Uploads/downloads.

xferlog_enable=yes (default = NO If you enable this option, the system will maintain log files that record server uploads and downloads, by default this log file is/var/log/vsftpd.log, or you can pass the following The Xferlog_file option to set it. ）

# Make sure port transfer connections originate from port (ftp-data).

connect_from_port_20=yes (set FTP server will enable the FTP data port connection request, Ftp-data data transmission, 21 for the connection control port)

# If You are want, can arrange for uploaded anonymous files to is owned by

# a different user. note! Using ' root ' for uploaded the files are not

# recommended!-Note that it is not recommended to use the root user to upload files

#chown_uploads =yes (set whether to allow changes to the owner of the uploaded file, in conjunction with one of the following settings)

#chown_username =whoeve R (Set the owner of the uploaded file you want to change and, if necessary, enter a username for the system, for example, you can change the uploaded file to root.) Whoever: anyone)

# You'll override where the log file goes if you like. The default is shown

# below.

#xferlog_file =/var/log/vsftpd.log (Set up system maintenance log file for FTP server upload and download,/var/log/vsftpd.log is the default, you can set up other)

# If You are want, can have your log file in standard FTPD xferlog format

#xferlog_std_format =yes (if this option is enabled, the transfer log file will be written in a standard xferlog format, which defaults to/var/log/xferlog, or through Xferlog_file option to set it, the default value is NO)

#dual_log_enable (If this option is added and enabled, two similar log files will be generated, by default in the/var/log/xferlog and/var/log/vsftpd.log directories.) The former is a wu_ftpd type of transport log, which can be analyzed using standard log tools, which is a vsftpd type of log.

#syslog_enable (If this option is added and enabled, the log that should have been exported to/var/log/vsftpd.log will be exported to the system log)

# You'll change the default value for timing out a idle session.

#idle_session_timeout =600 (sets the data transfer interrupt interval, which indicates that the idle user session is interrupted by 600 seconds, that is, when the data transfer ends, the user should not be connected to the FTP server for more than 600 seconds, This value can be modified according to the actual situation.

# You could change the default value of timing out a data connection.

#data_connection_timeout =120 (sets the data connection timeout, which indicates that the data connection timeout is 120 seconds and can be modified according to the actual situation)

# It is recommended ' Define on your system a unique user which the

# FTP server can use as a totally isolated and unprivileged user.

#nopriv_user =ftpsecure (vsftpd system user required to run the default is nobody)

# Enable This and the server would recognise asynchronous Abor requests. Not

# Recommended for security (the ' Code is non-trivial '). Not enabling it,

# However, may confuse older FTP clients.

#async_abor_enable =yes (if FTP client will release the "Async abor" directive, this setting needs to be enabled, and generally this setting is not safe, so it is usually canceled)

# By default the server'll pretend to allow ASCII mode but in fact ignore

# the request. Turn on the "below options to have" server actually do ASCII

# mangling on files as in ASCII mode.

# beware that on some FTP servers, ASCII support allows a denial of service

# Attack (DoS) via the command "Size/big/file" in ASCII mode. Vsftpd

# predicted this attack and has always been safe, reporting the size of the

# RAW file.

# ASCII mangling is a horrible feature of the protocol.

#ascii_upload_enable =yes (most FTP servers choose to transfer data in ASCII mode, the # can be removed to upload and download files in ASCII mode)

#ascii_download_enable =yes (the # can be removed to achieve the download in ASCII mode)

# Your may fully customise the login banner string:

#ftpd_banner =welcome to blah FTP service. (# Remove the welcome information that can be displayed when you log on to the FTP server, and you can change the content of the welcome message. In addition, if you create a file named. Message in the directory where you want to set the change directory welcome information, and write the welcome information saved, the custom welcome message will be displayed when you enter this directory.

# You may specify a file of disallowed anonymous e-mail addresses. Apparently

# Useful for combatting certain DoS attacks.

#deny_email_enable =yes (some special email address can be resisted.) If you log on to the server with anonymous, you will be required to enter the password, that is, your email address, if you hate some email address, you can use this setting to cancel his logon rights, but must be with the following settings to match

# (default follows)

#banned_email_file =/etc/vsftpd/banned_emails (when the above Deny_email_enable=yes, you can use this setting to specify the email Address can not log on to the VSFTPD server, this file requires users to create their own, a line of email address can be. )

# You may specify a explicit list of local users to Chroot () to their home

# directory. If Chroot_local_user is YES, then this list becomes a list of

# users to not Chroot ().

#chroot_list_enable =yes (when set to NO, users have access to files other than their own directories after they log on to the FTP server, and when set to YES, the user is locked in their home directory, VSFTPD will be below CHR Oot_list_file the location of the value of the option to find the Chroot_list file, this file needs to be established by the user, and then the user will be locked in their own home directory included in it, one user per line

# (default follows)

#chroot_list_file =/etc/vsftpd/chroot_list (this file needs to be established, the user who is included in this file will not be able to switch to a directory other than his or her directory after logging in, automatically CHR by the FTP server Ooted to the user's own home directory, so that users in the Chroot_list file can not be transferred to other users of the FTP home directory, thus conducive to the FTP server security management and privacy protection.

# You may activate the "-r" option to the builtin LS. This is disabled by