User Tools

Site Tools


Translations of this page:



最近の更新



Tag Cloud

en:01_linux:01_net:71_vsftpd

71 vsftpd

A simple FTP Server

Installation

 # yum install vsftpd 

Modifying the Configuration File

 # vi /etc/vsftpd/vsftpd.conf
anonymous_enable=YES
 Disable anonymous user login
anonymous_enable=NO

ascii_upload_enable=NO
ascii_download_enable=NO
  Allow uploads and downloads in ASCII mode
ascii_upload_enable=YES
ascii_download_enable=YES

#ftpd_banner=Welcome to blah FTP service.
 Uncomment this line to prevent the software name and version from displaying on login.
ftpd_banner=Welcome to blah FTP service.

#chroot_local_user=YES #chroot_list_enable=YES
 By default, deny access beyond the home directory  Enable the list of users allowed to access beyond the home directory
chroot_local_user=YES chroot_list_enable=YES

chroot_list_file=/etc/vsftpd/chroot_list  List of users allowed to access beyond the home directory #chroot_list_file=/etc/vsftpd/chroot_list

#ls_recurse_enable=YES
 Enable recursive deletion of directories
ls_recurse_enable=YES

Add the following at the bottom: 
use_localtime=YES  Set the timestamp to Japan time 
pasv_addr_resolve=YES  Obtain the PASV mode connection IP address from the hostname 
pasv_address=centossrv.dip.jp  The hostname that resolves to the PASV mode connection IP address  
pasv_min_port=60010  Minimum port number for PASV mode connection
pasv_max_port=60040  Maximum port number for PASV mode connection
ssl_enable=YES  Enable SSL
rsa_cert_file=/etc/pki/tls/certs/vsftpd.pem  Specify the server certificate
force_local_logins_ssl=NO  Do not enforce SSL connection for login (use only if non-encrypted connections are also allowed)
force_local_data_ssl=NO  Do not enforce SSL connection for data transfer (use only if non-encrypted connections are also allowed) 

Creating a Server Certificate

# cd /etc/pki/tls/certs/
# make vsftpd.pem

Registering Users Allowed to Access Beyond the Home Directory

# echo centos >> /etc/vsftpd/chroot_list

Registering Users Denied Access to the FTP Server

# echo centos >> /etc/vsftpd/ftpusers

Editing hosts.allow

# vi /etc/hosts.allow
------ Add the following ------
vsftpd : .jp : allow
ALL : ALL : deny 

Opening Passive Mode Ports in iptables

# vi /etc/sysconfig/iptables
------------ Add the following ---------------
-A RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 60010:60040 -j ACCEPT

# /etc/init.d/iptables restart

Setting vsftpd to Start Automatically

 # chkconfig vsftpd on 

Starting vsftpd

# service vsftpd start

Difference Between PASV Mode and ACTIVE Mode

Enabling Deletion Logs

/etc/vsftpd/vsftpd.conf

log_ftp_protocol=YES
dual_log_enable=YES

Deletion logs:

# tail vsftpd.log
Fri Sep 6 03:20:47 2022 [pid 841836] [hoge@hogehoge.com] OK UPLOAD: Client "XXX.XXX.XXX.XXX", "/test.txt", 5 bytes, 0.13Kbyte/sec
Fri Sep 6 03:21:51 2022 [pid 841836] [hoge@hogehoge.com] FTP command: Client "XXX.XXX.XXX.XXX", "DELE /test.txt" 
en/01_linux/01_net/71_vsftpd.txt · Last modified: 2024/09/08 10:36 by matsui