day1
1. FTP搭建与访问
2. 启用用户禁锢,黑白名单
3. 使用FTP黑白名单
4. FTP并发入带宽限制
1. FTP搭建与访问
-
安装软件包
yum install vsftpd -y -
启动服务
/etc/init.d/vsftpd start chkconfig vsftpd on -
测试
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1拒绝连接 Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 227 Entering Passive Mode (127,0,0,1,45,157). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Apr 25 07:50 pub 226 Directory send OK. ftp>
2. 启用用户禁锢,黑白名单
-
启用用户禁锢
-
禁锢前
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1拒绝连接 Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): lisi 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> ls 227 Entering Passive Mode (127,0,0,1,204,55). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 16 Apr 25 07:52 lisi.txt 226 Directory send OK. ftp> ls /etc/passwd 227 Entering Passive Mode (127,0,0,1,84,132). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 1442 Apr 27 03:03 passwd -
修改配置文件
vim /etc/vsftpd/vsftpd.conf chroot_local_user=YES -
重新加载服务
/etc/init.d/vsftpd reload -
验证
useradd lisi echo 1 |passwd --stdin lisi ftp 127.0.0.1 Connected to 127.0.0.1 (127.0.0.1). 220 (vsFTPd 2.2.2) Name (127.0.0.1:root): lisi 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 227 Entering Passive Mode (127,0,0,1,214,189). 150 Here comes the directory listing. -rw-r--r-- 1 0 0 16 Apr 25 07:52 lisi.txt 226 Directory send OK. ftp> cd /etc/ 550 Failed to change directory.
3.使用FTP黑白名单
-
使用黑名单
[root@localhost ~]# echo lisi >>/etc/vsftpd/ftpusers [root@localhost ~]# tail -1 /etc/vsftpd/ftpusers lisi ftp /etc/init.d/vsftpd reload [root@localhost ~]# ftp 127.0.0.1 Connected to 127.0.0.1 (127.0.0.1). 220 (vsFTPd 2.2.2) Name (127.0.0.1:root): lisi 331 Please specify the password. Password: 530 Login incorrect. Login failed. ftp> //在黑名单,所有登陆失败 -
使用白名单
vim /etc/vsftpd/vsftpd.conf userlist_deny=NO //仅允许列表中的用户 /etc/init.d/vsftpd reload -
清空原有记录,添加用户lisi
vim /etc/vsftpd/user_list lisi ftp anonymous //添加匿名用户 -
删除黑名单的lisi
vim /etc/vsftpd/ftpuser lisi -
测试
[root@localhost ~]# ftp localhost Trying ::1... ftp: connect to address ::1拒绝连接 Trying 127.0.0.1... Connected to localhost (127.0.0.1). 220 (vsFTPd 2.2.2) Name (localhost:root): ftp 331 Please specify the password. Password: 230 Login successful. Remote system type is UNIX. Using binary mode to transfer files. ftp> dir 227 Entering Passive Mode (127,0,0,1,54,143). 150 Here comes the directory listing. drwxr-xr-x 2 0 0 4096 Mar 22 2017 pub 226 Directory send OK. ftp> exit 221 Goodbye.
4. FTP并发入带宽限制
max_clients:限制并发的客户端个数
max_per_ip:限制每个客户机IP的并发连接数
anon_max_rate:匿名最大速度(字节/秒)
local_max_rate:验证用户最大速率(字节/秒)
-
生成文件
cd /var/ftp/pub dd if=/dev/zero of=123 bs=1M count=100 -
限制并发连接数
vim /etc/vsftpd/vsftpd.conf max_clients=100 max_per_ip=2 /etc/init.d/vsftpd reload -
客户端测试
ftp localhost Trying ::1... ftp: connect to address ::1Connection refused Trying 127.0.0.1... Connected to localhost (127.0.0.1). 421 There are too many connections from your internet address. //连接限制超出 -
限制FTP传输速度
vim /etc/vsftpd/vsftpd.conf anon_max_rate=5000 local_max_rate=500000 /etc/init.d/vsftpd reload -
测试
[root@localhost ~]# wget ftp://127.0.0.1/pub/123 --2018-04-27 14:57:43-- ftp://127.0.0.1/pub/123 => “123” 正在连接 127.0.0.1:21... 已连接。 正在以 anonymous 登录 ... 登录成功! ==> SYST ... 完成。 ==> PWD ... 完成。 ==> TYPE I ... 完成。 ==> CWD (1) /pub ... 完成。 ==> SIZE 123 ... 104857600 ==> PASV ... 完成。 ==> RETR 123 ... 完成。 长度:104857600 (100M) (非正式数据) 100%[==========================================>] 104,857,600 244M/s in 0.4s 2018-04-27 14:57:44 (244 MB/s) - “123” 已保存 [104857600]