zoukankan      html  css  js  c++  java
  • 安装vsftpd

    通用安装和配置

    1.下载安装包并安装


    wget http://mirror.centos.org/centos/7/os/x86_64/Packages/vsftpd-3.0.2-25.el7.x86_64.rpm
    rpm -ivh vsftpd-3.0.2-25.el7.x86_64.rpm

    2.创建ftp宿主用户


    useradd ftpuser -s /sbin/nologin
    echo "96@wB&RjaAql" | passwd --stdin ftpuser

    3.备份配置文件


    cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf_bak`date "+%Y%m%d"`
    echo '' > /etc/vsftpd/vsftpd.conf

    4.设置登陆标语


    echo "dirmessage_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "ftpd_banner=Welcome to login FTP service." >> /etc/vsftpd/vsftpd.conf

    5.禁止匿名用户登陆


    echo "anonymous_enable=NO" >> /etc/vsftpd/vsftpd.conf
    echo "anon_upload_enable=NO" >> /etc/vsftpd/vsftpd.conf
    echo "anon_mkdir_write_enable=NO" >> /etc/vsftpd/vsftpd.conf
    echo "anon_other_write_enable=NO" >> /etc/vsftpd/vsftpd.conf

    6.启用日志记录


    echo "xferlog_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "xferlog_std_format=YES" >> /etc/vsftpd/vsftpd.conf
    echo "xferlog_file=/var/log/vsftpd.log" >> /etc/vsftpd/vsftpd.conf

    7.启用异步传输


    echo "async_abor_enable=YES" >> /etc/vsftpd/vsftpd.conf

    8.启用文本(ASCII)传输模式


    echo "ascii_upload_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "ascii_download_enable=YES" >> /etc/vsftpd/vsftpd.conf

    9.启用被动连接模式


    echo "connect_from_port_20=NO" >> /etc/vsftpd/vsftpd.conf
    echo "pasv_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "pasv_min_port=55000" >> /etc/vsftpd/vsftpd.conf
    echo "pasv_max_port=56000" >> /etc/vsftpd/vsftpd.conf

    10.开启上传下载删除等操作权限


    echo "write_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "cmds_allowed=FEAT,REST,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RMD,RNFR,RNTO,RETR,DELE,SIZE,TYPE,USER,ACCT,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST,STOR" >> /etc/vsftpd/vsftpd.conf

    11.设置文件的默认权限(目录为755,文件为644)


    echo "local_umask=022" >> /etc/vsftpd/vsftpd.conf

    12.启用白名单(使用user_list文件,避免用ftpusers文件)


    echo "userlist_enable=YES" >> /etc/vsftpd/vsftpd.conf
    echo "userlist_deny=NO" >> /etc/vsftpd/vsftpd.conf

    13.启用pam认证


    echo "pam_service_name=vsftpd" >> /etc/vsftpd/vsftpd.conf

    14.解决pam文件中shell不存在问题

    详情请参考:https://blog.csdn.net/woshijipinglong/article/details/92636979
    sed -i 's/pam_shells.so/pam_nologin.so/g'       /etc/pam.d/vsftpd

    15.关闭selinux和防火墙


    setenforce 0
    sed -i "/SELINUX=enforcing/cSELINUX=disabled" /etc/selinux/config
    systemctl disable firewalld && systemctl stop firewalld && systemctl status firewalld

    16.清空白名单


    echo '' > /etc/vsftpd/user_list

    配置FTP采用本地用户登陆

    17.开启本地用户登陆


    echo "local_enable=YES" >> /etc/vsftpd/vsftpd.conf

    18.锁定用户活动范围为家目录


    echo "chroot_local_user=YES" >> /etc/vsftpd/vsftpd.conf
    echo "allow_writeable_chroot=YES" >> /etc/vsftpd/vsftpd.conf
    echo "chroot_list_enable=NO" >> /etc/vsftpd/vsftpd.conf

    19.将本地用户添加到白名单中


    echo "ftpuser" >>  /etc/vsftpd/user_list

    20.启动ftp服务


    systemctl enable vsftpd && systemctl restart vsftpd &&systemctl status vsftpd

    验证

    1.安装ftp客户端


    yum -y install ftp

    2.登陆

    ftp
    open 127.0.0.1 21
    ftpuser
    96@wB&RjaAql
    put test
    get test
    delete test
    ls

  • 相关阅读:
    PAT 甲级 1115 Counting Nodes in a BST (30 分)
    PAT 甲级 1114 Family Property (25 分)
    PAT 甲级 1114 Family Property (25 分)
    Python Ethical Hacking
    Python Ethical Hacking
    Python Ethical Hacking
    Python Ethical Hacking
    Python Ethical Hacking
    Python Ethical Hacking
    Python Ethical Hacking
  • 原文地址:https://www.cnblogs.com/jipinglong/p/11230851.html
Copyright © 2011-2022 走看看