March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

March 2024
M T W T F S S
 123
45678910
11121314151617
18192021222324
25262728293031

vsftp on CentOS6.6

CentOS6.6

2?vsftpd-2.2.2

Second, the installation

$ yum install -y vsftpd

[root@oracledbserver mohan]# yum install vsftpd
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.vodien.com
* extras: mirror.vodien.com
* updates: mirror.vastspace.net
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
–> Running transaction check
—> Package vsftpd.x86_64 0:2.2.2-13.el6_6.1 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================================
Installing:
vsftpd x86_64 2.2.2-13.el6_6.1 updates 151 k

Transaction Summary
============================================================================================================================================================================================================
Install 1 Package(s)

Total download size: 151 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-13.el6_6.1.x86_64.rpm | 151 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1
Verifying : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1

Installed:
vsftpd.x86_64 0:2.2.2-13.el6_6.1

Complete!

Third, the configuration

$ vi /etc/vsftpd/vsftpd.conf

isten_address=192.168.1.61
listen_port=21 # specified listening port
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
ftpd_banner=Welcome to Mohan FTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
pasv_min_port=65400
pasv_max_port=65410

listen_address=192.168.1.61 # specified listen address
listen_port=21 # specified listening port
anonymous_enable=NO # does not allow anonymous access
local_enable=YES # allow local users
write_enable=YES # allowed to upload
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES #
xferlog_enable=YES # Enable the log
connect_from_port_20=YES # 20-port connection using ftp
xferlog_file=/var/log/xferlog # specified log file location
xferlog_std_format=YES # specify the log format to standard output
chroot_local_user=YES # Allow Directory Jump
chroot_list_enable=YES # allow the user to specify the file directory permissions Jump
chroot_list_file=/etc/vsftpd/chroot_list # in the file specifies the user can jump
listen=YES # allows you to specify the listener
pam_service_name=vsftpd # define pam module file name (The module may not be used, has been userlist substitute)
userlist_enable=YES # allowed to file in the user login
userlist_deny=NO # specified file in addition to the user can log in, the other not and will not allow
userlist_file=/etc/vsftpd/user_list # In this configuration file to specify which users can log on
tcp_wrappers=YES # allows the firewall to allow and block specific ip
pasv_enable=YES # run in passive mode
pasv_min_port=65400 # assign the starting port
pasv_max_port=65410 # distribution end port

Fourth, run
$ chkconfig vsftpd on
$ chkconfig –list vsftpd
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
$ /etc/init.d/vsftpd start
/etc/init.d/vsftpd Start
$ setenforce 0 or echo “SELINUX=disabled”> /etc/selinux/config (restart to take effect)

# Develop a data port 21 and port 20 will automatically open

$ iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT

Port # open passive mode
$ iptables -A INPUT -m state –state NEW -p tcp –dport 65400:65410 -j ACCEPT
$ useradd mohan -s /sbin/nologin
$ echo “mohan”|passwd mohan123 –stdin

Fifth, check

Six customers to upload test

# Install the client
$ Yum install -y ftp

Configuring FTP server and Restricting their access

Configuration FTP server:

VSFTPD is responsible for the FTP service.

open: /etc/vsftpd/vsftpd.conf

Change Configuration File: vsftpd.conf

###Allow anonymous FTP? (Beware – allowed by default if you comment this out).

#Restrict Annonomous Users to be logged in

anonymous_enable=NO

### Restrict the ftp users to their home directories

chroot_local_user=YES

~~Save & Close

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file

#### Restrict specific users to use ftp.

open: vi user_list

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp

add user names not allowed to use ftp access

Open: /etc/vsftpd/ftpusers

By adding the name of the users we can restrict or, allow any user to use ftp

~~Save & Close

#####Creating a group to give access ftp access & Creating Home Directories to be restricted:

# creating groups:

groupadd ftp-usrs

# creating a home directories:

Creating An FTP server:

###VSFTPD is responsible for the FTP service.

open: /etc/vsftpd/vsftpd.conf

Change Configuration File: vsftpd.conf

### Allow anonymous FTP? (Beware – allowed by default if you comment this out).

#Restrict Annonomous Users to be logged in

anonymous_enable=NO

### Restrict the ftp users to their home directories

chroot_local_user=YES

~~Save & Close

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file

### Restrict specific users to use ftp.

open: vi user_list

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp

add user names not allowed to use ftp access

Open: /etc/vsftpd/ftpusers

By adding the name of the users we can restrict or, allow any user to use ftp

~~Save & Close

#####Creating a group to give access ftp access & Creating Home Directories to be restricted:

# creating groups:

groupadd ftp-usrs

# creating a home directories:
mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs

# creating users to be entered in the specific group:

usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1

##### Restricting sftp service to limited groups:

open: /etc/ssh/sshd_config

#### Deny groups or, users who cant not use the sftp protocols

#write:

DenyUsers alice f1
DenyGroups ftp-usrs

#Allowing groups or, users access

write:

AllowUsers alice f1
AllowGroups ftp-usrs

~~Save & Close

@@@@@@

Restart ftp & stfp service

service vsftpd restart

/etc/init.d/sshd restart

!!!!!!!!

Access the file by restricted ftp & sftp service

mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs

# creating users to be entered in the specific group:

usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1

##### Restricting sftp service to limited groups:

open: /etc/ssh/sshd_config

#### Deny groups or, users who cant not use the sftp protocols

#write:

DenyUsers alice f1
DenyGroups ftp-usrs

#Allowing groups or, users access

write:

AllowUsers alice f1
AllowGroups ftp-usrs

~~Save & Close

@@@@@@

Restart ftp & stfp service

service vsftpd restart

/etc/init.d/sshd restart

!!!!!!!!

Access the file by restricted ftp & sftp service

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>