Vsftp in Linux

A Preliminary Study of Linux system vsftp-Linux Enterprise Application-Linux server application information. The following is a detailed description. I spent one day studying the ftp software vsftp in Linux, and finally built a simple ftp server. Vsftpd is a good FTP server software. In terms of security, vsftpd is designed mainly for privilege.

Two security measures:
1: by reducing the pid permission to log on to the FTP server, intruders cannot obtain valid management permissions, so that our system is safer.

2: vsftpd uses the chroot software to allow users to only perform unimportant directory activities, rather than using all the functions of the LINUX system. chroot mainly changes the location of the root directory, for example, if you want A user to log on to service A and execute any commands in the/tmp/pub directory, and restrict the user to use service A only in the/tmp/pub directory, then, use chroot/tmp/pub commend to change/tmp/pub to the root directory/of Service A. In this way, the user cannot exit/tmp/pub, and the user can only be active in this directory.

If vsftpd is installed through tar, make, and make install, it will be started with xinetd (super server) by default, that is, it will be started in non-independent mode, and must be modified to start in independent mode.

# Decompress
Tar-zxf vsftpd-2.0.5.tar.gz
Cd./vsftpd-2.0.5

# Vsftpd must use nobody as the operator. Generally, it already exists. If no user is added

Useradd nobody

#/Usr/share/empty/
As a temporary directory, it usually exists. If not, run the following command to create
Mkdir-pv/usr/share/empty/

# Compile
Make
Make install
# If make install does not have an installation file, you can manually execute the following command

Cp vsftpd/usr/local/sbin/vsftpd
Cp vsftpd. conf/etc/vsftpd. conf
Cp vsftpd. conf.5/usr/local/man/man5
Cp vsftpd.8/usr/local/man/man8
Cp vsftpd. xinetd/etc/xinetd. d/vsftpd

# Restart the xinetd service
/Etc/rc. d/init. d/xinetd restart

Because it is compiled and installed by yourself, you must confirm disable = YES in/etc/xinetd. d/vsftpd.

If NO is changed and the listen = YES vsftpd in vsftpd. conf is used, it can be started in single-user mode.

The following error occurs:
500 OOPS: cocould not bind listening IPv4 socket

1: xinetd has been started, and VSFTPD is set to single-user mode. Therefore, the xinetd service must be stopped first.
Service xinetd stop and then/usr/local/sbin/vsftpd/etc/vsftpd &

2: The listening port in vsftpd. conf is incorrect. The default value is 21.
Listen_port = 2121 login ftp should be ftp 127.0.0.1 2121.

Run the tar command to install the initial installation.

Vsftpd-2.0.5.tar.gz
2. Uninstall the original rpm vsftpd
Rpm-e vsftpd
3. tar xvzf vsftpd-2.0.5.tar.gz
4. cd vsftpd-2.0.5
5. maka
6. useradd nobody
7. mkdir/usr/share/empty
8. mkdir/var/ftp
9. useradd-d/var/ftp
10. chown root. root/var/ftp
11. chmod og-w/var/ftp
12. make install
13. vi/etc/xinetd. d/vsftpd

Change disable = yes to no. Save and exit. Then service xinetd restart, OK! The newly installed vsftp is ready

Done!

####### Configuration file #########

The content in my configuration document is as follows:

# Example config file/etc/vsftpd. conf
#
# The default compiled in settings are fairly paranoid. This sample file
# Loosens things up a bit, to make the ftp daemon more usable.
# Please see vsftpd. conf.5 for all compiled in defaults.
#
# Read this: This example file is NOT an exhaustive list of vsftpd options.
# Please read the vsftpd. conf.5 manual page to get a full idea of vsftpd's
# Capabilities.
#
# Allow anonymous FTP? (Beware-allowed by default if you comment this out ).
Anonymous_enable = YES # Allow Anonymous Logon
#
# Uncomment this to allow local users to log in.
Local_enable = YES # allow local users to log on
#
# Uncomment this to enable any form of FTP write command.
Write_enable = YES # allow any form of FTP write command
#
# Default umask for local users is 077. You may wish to change this to 022,
# If your users CT that (022 is used by most other ftpd's)
Local_umask = 022 # by default, the local user's umask is 077. You may want to change it to 022.
#
# Uncomment this to allow the anonymous FTP user to upload files. This only
# Has an effect if the above global write enable is activated. Also, you will
# Obviously need to create a directory writable by the FTP user.
# Anon_upload_enable = YES # Allow anonymous users to upload files

#
# Uncomment this if you want the anonymous FTP user to be able to create
# New directories.
# Anon_mkdir_write_enable = YES # anonymous ftp users are allowed to create directories.
#
# Activate directory messages-messages given to remote users when they
# Go into a certain directory.
Dirmessage_enable = YES # information displayed when a remote user logs on to a specific directory
#
# Activate logging of uploads/downloads.
Xferlog_enable = YES # activation record upload/Download activity

#
# Make sure PORT transfer connections originate from port 20 (ftp-data ).
Connect_from_port_20 = YES # confirm that the transmission connection port starts from 20
#
# If you want, you can arrange for uploaded anonymous files to be owned
# A different user. Note! Using "root" for uploaded files is not
# Recommended!
# Chown_uploads = YES
# Chown_username = whoever
#
# You may override where the log file goes if you like. The default is shown
# Below.
Xferlog_file =/var/log/vsftpd. log # You can specify the location and name of the log file at will. The following is the default
#
# If you want, you can have your log file in standard ftpd xferlog format
# Xferlog_std_format = YES
#
# You may change the default value for timing out an idle session.
# Idle_session_timeout = 600 # You can set the default idle timeout time
#
# You may change the default value for timing out a data connection.
# Data_connection_timeout = 120 # You can set the default data connection timeout value
#
# It is recommended that you define on your system a unique user which
# Ftp server can use as a totally isolated and unprivileged user.
# Nopriv_user = ft1_cure
#
# Enable this and the server will recognize asynchronous ABOR requests. Not
# Recommended for security (the code is non-trivial). Not enabling it,
# However, may confuse older FTP clients.
# Async_abor_enable = YES # requests from some old ftp clients may be rejected
#
# By default the server will pretend to allow ASCII mode but in fact ignore
# The request. Turn on the below options to have the server actually do ASCII
# Mangling on files when in ASCII mode.
# Beware that on some FTP servers, ASCII support allows a denial of service
# Attack (DoS) via the command "SIZE/big/file" in ASCII mode. vsftpd
# Predicted this attack and has always been safe, reporting the size of
# Raw file.
# ASCII mangling is a horrible feature of the protocol.
# Ascii_upload_enable = YES
# Ascii_download_enable = YES
#
# You may fully customise the login banner string:
# Ftpd_banner = Welcome to blah FTP service.
#
# You may specify a file of disallowed anonymous e-mail addresses. Apparently
# Useful for combatting certain DoS attacks.
# You can use a list to specify which local users can only be active in their own directories. If chroot_local_user = YES, the specified users in this list are unrestricted.

# Deny_email_enable = YES
# (Default follows)
# Banned_email_file =/etc/vsftpd. banned_emails
#
# You may specify an explicit list of local users to chroot () to their home
# Directory. If chroot_local_user is YES, then this list becomes a list
# Users to NOT chroot ().
Chroot_list_enable = YES
# (Default follows)

# Specify users active in their own directories

Chroot_list_file =/etc/vsftpd. chroot_list
#
# You may activate the "-R" option to the builtin ls. This is disabled
# Default to avoid remote users being able to cause excessive I/O on large
# Sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
# Thsence of the "-R" option, so there is a strong case for enabling it.
# Ls_recurse_enable = YES
Listen = YES # standalone mode (listener)
Listen_port = 21 # listening port
Guest_enable = YES # allow guest users to access
Guest_username = virtual # Set the Guest user to virtual
Pam_service_name = ftp. vu # specifies the authentication File
User_config_dir =/etc/vsftpd_user_conf # specify virtual user directory settings

######## Vsftp ############
Virtual user, advanced settings

1: Change disable = NO to YES in vi/etc/xinetd. d/vsftpd!
2: Add listen = YES to the end of vi/etc/vsftpd. conf.
3: service xinetd stop
3:/usr/local/sbin/vsftpd/etc/vsftpd. conf &
The independent service has been started.

Create three user lists through files
Cat <! > Login.txt
> Download
> 123456
> Upload
> 123456
> Lxt
> 12345
>!
The format of this file is: Single Behavior username, even number of behavior passwords

1: db_load-T-t hash-f login.txt/etc/vsftpd_login.db (password generation db_load is the Berkeley Software)

2: chmod 600/etc/vsftpd_login.db

3: cd vsftpd-2.0.5/EXAMPLE; cp VIRYUAL_USERS/vsftpd. pam/etc/pam. d/ftp. vu (enter your solution
Package source code directory, copy the virtual user authentication file to/etc/pam. d)

4: useradd-d/home/ftpsite virtual; chmod 700/home/ftpsite; su-virtual-c "echo
Hello>/homt/ftpsite/test. file # create the ftp directory accessed by the virtual user and set
# Permission and create a file for downloading the experiment

5: vi/etc/vsftpd. conf Insert the following configuration statement in this file
Guest_enable = YES enable virtual user
Guest_username = virtual maps virtual users to local virtual users
Pam_service_name = ftp. vu specifies that the PAM Configuration File is ftp. vu)
User_config_dir =/etc/vsftpd_user_conf specifies the storage path of different virtual user configuration files)

6: mkdir/etc/vsftpd_user_conf
# Open the download permission of the download user-only download

7: echo "anon_world_readable_only = NO">/etc/vsftpd_user_conf/download
# Create an upload configuration file

8: cp/etc/vsftpd_user_conf/download/etc/vsftpd_user_conf/upload
Vi/etc/vsftpd_user_conf/upload
Write_enable = YES # Add write permission
Anon_upload_enable = YES # Add upload permission
Anon_mkdir_write_enable = YES # Add the permission to create a directory
# Create superuser Permissions

9: cp/etc/vsftpd_user_conf/upload/etc/vsftpd_user_conf/admin
Anno_other_writer_enable = YES, which increases the Administrator's permission to delete/rename a user.

Some configuration files and startup programs can be copied to the corresponding directory in the compiled source code directory for a long time.

How to uninstall vsftpd (tar installation)
Rm/usr/local/sbin/vsftpd
Rm/usr/local/man/man5/vsftpd. conf.5
Rm/usr/loval/man/man8/vsftpd.8
Rm/etc/xinetd. d/vsftpd
Rm/etc/vsftpd. conf

The installation and configuration of a basic vsftpd is complete, and the FTP server software pro ftp is relatively simple. It should be similar in general. Anyone with any good opinions on ftp installation and configuration should have such opinions, you can leave a message, Thank you.