====== 71 vsftpd ======

A simple FTP Server

===== Installation =====

<code> # yum install vsftpd </code>
===== Modifying the Configuration File =====

<code console> # vi /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
↓ Disable anonymous user login
anonymous_enable=NO

ascii_upload_enable=NO
ascii_download_enable=NO
 ↓ Allow uploads and downloads in ASCII mode
ascii_upload_enable=YES
ascii_download_enable=YES

#ftpd_banner=Welcome to blah FTP service.
↓ Uncomment this line to prevent the software name and version from displaying on login.
ftpd_banner=Welcome to blah FTP service.

#chroot_local_user=YES #chroot_list_enable=YES
↓ By default, deny access beyond the home directory ↓ Enable the list of users allowed to access beyond the home directory
chroot_local_user=YES chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list ↓ List of users allowed to access beyond the home directory #chroot_list_file=/etc/vsftpd/chroot_list

#ls_recurse_enable=YES
↓ Enable recursive deletion of directories
ls_recurse_enable=YES

Add the following at the bottom: 
use_localtime=YES ← Set the timestamp to Japan time 
pasv_addr_resolve=YES ← Obtain the PASV mode connection IP address from the hostname 
pasv_address=centossrv.dip.jp ← The hostname that resolves to the PASV mode connection IP address ※ 
pasv_min_port=60010 ← Minimum port number for PASV mode connection
pasv_max_port=60040 ← Maximum port number for PASV mode connection
ssl_enable=YES ← Enable SSL
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem ← Specify the server certificate
force_local_logins_ssl=NO ← Do not enforce SSL connection for login (use only if non-encrypted connections are also allowed)
force_local_data_ssl=NO ← Do not enforce SSL connection for data transfer (use only if non-encrypted connections are also allowed) </code>

===== Creating a Server Certificate =====

<code console>
# cd /etc/pki/tls/certs/
# make vsftpd.pem
</code>
===== Registering Users Allowed to Access Beyond the Home Directory =====

<code console>
# echo centos >> /etc/vsftpd/chroot_list
</code>

===== Registering Users Denied Access to the FTP Server =====

<code console>
# echo centos >> /etc/vsftpd/ftpusers
</code>

===== Editing hosts.allow =====

<code console>
# vi /etc/hosts.allow
------ Add the following ------
vsftpd : .jp : allow
ALL : ALL : deny </code>

===== Opening Passive Mode Ports in iptables =====

<code console>
# vi /etc/sysconfig/iptables
------------ Add the following ---------------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 60010:60040 -j ACCEPT

# /etc/init.d/iptables restart
</code>
===== Setting vsftpd to Start Automatically =====

<code console> # chkconfig vsftpd on </code>
===== Starting vsftpd =====

<code console>
# service vsftpd start
</code>
====== Difference Between PASV Mode and ACTIVE Mode ======

[[http://ameblo.jp/itboy/entry-10249857007.html]] [[http://www.nina.jp/server/basic/ftp.html]]
[[http://y-router.com/yamaha06/ftp02.html]] Active mode is not well-suited to working with firewalls and NAT.

===== Enabling Deletion Logs =====

<code|/etc/vsftpd/vsftpd.conf>
log_ftp_protocol=YES
dual_log_enable=YES
</code>

Deletion logs:

<code>
# tail vsftpd.log
Fri Sep 6 03:20:47 2022 [pid 841836] [hoge@hogehoge.com] OK UPLOAD: Client "XXX.XXX.XXX.XXX", "/test.txt", 5 bytes, 0.13Kbyte/sec
Fri Sep 6 03:21:51 2022 [pid 841836] [hoge@hogehoge.com] FTP command: Client "XXX.XXX.XXX.XXX", "DELE /test.txt" </code>
{{tag>vsftp ftp}}