CentOS6.6
2?vsftpd-2.2.2
Second, the installation
$ yum install -y vsftpd
[root@oracledbserver mohan]# yum install vsftpd
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.vodien.com
* extras: mirror.vodien.com
* updates: mirror.vastspace.net
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
–> Running transaction check
—> Package vsftpd.x86_64 0:2.2.2-13.el6_6.1 will be installed
–> Finished Dependency Resolution
Dependencies Resolved
============================================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================================
Installing:
vsftpd x86_64 2.2.2-13.el6_6.1 updates 151 k
Transaction Summary
============================================================================================================================================================================================================
Install 1 Package(s)
Total download size: 151 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-13.el6_6.1.x86_64.rpm | 151 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1
Verifying : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1
Installed:
vsftpd.x86_64 0:2.2.2-13.el6_6.1
Complete!
Third, the configuration
$ vi /etc/vsftpd/vsftpd.conf
isten_address=192.168.1.61
listen_port=21 # specified listening port
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
ftpd_banner=Welcome to Mohan FTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
pasv_min_port=65400
pasv_max_port=65410
listen_address=192.168.1.61 # specified listen address
listen_port=21 # specified listening port
anonymous_enable=NO # does not allow anonymous access
local_enable=YES # allow local users
write_enable=YES # allowed to upload
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES #
xferlog_enable=YES # Enable the log
connect_from_port_20=YES # 20-port connection using ftp
xferlog_file=/var/log/xferlog # specified log file location
xferlog_std_format=YES # specify the log format to standard output
chroot_local_user=YES # Allow Directory Jump
chroot_list_enable=YES # allow the user to specify the file directory permissions Jump
chroot_list_file=/etc/vsftpd/chroot_list # in the file specifies the user can jump
listen=YES # allows you to specify the listener
pam_service_name=vsftpd # define pam module file name (The module may not be used, has been userlist substitute)
userlist_enable=YES # allowed to file in the user login
userlist_deny=NO # specified file in addition to the user can log in, the other not and will not allow
userlist_file=/etc/vsftpd/user_list # In this configuration file to specify which users can log on
tcp_wrappers=YES # allows the firewall to allow and block specific ip
pasv_enable=YES # run in passive mode
pasv_min_port=65400 # assign the starting port
pasv_max_port=65410 # distribution end port
Fourth, run
$ chkconfig vsftpd on
$ chkconfig –list vsftpd
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
$ /etc/init.d/vsftpd start
/etc/init.d/vsftpd Start
$ setenforce 0 or echo “SELINUX=disabled”> /etc/selinux/config (restart to take effect)
# Develop a data port 21 and port 20 will automatically open
$ iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT
Port # open passive mode
$ iptables -A INPUT -m state –state NEW -p tcp –dport 65400:65410 -j ACCEPT
$ useradd mohan -s /sbin/nologin
$ echo “mohan”|passwd mohan123 –stdin
Fifth, check
Six customers to upload test
# Install the client
$ Yum install -y ftp
Configuring FTP server and Restricting their access
Configuration FTP server:
VSFTPD is responsible for the FTP service.
open: /etc/vsftpd/vsftpd.conf
Change Configuration File: vsftpd.conf
###Allow anonymous FTP? (Beware – allowed by default if you comment this out).
#Restrict Annonomous Users to be logged in
anonymous_enable=NO
### Restrict the ftp users to their home directories
chroot_local_user=YES
~~Save & Close
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file
#### Restrict specific users to use ftp.
open: vi user_list
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp
add user names not allowed to use ftp access
Open: /etc/vsftpd/ftpusers
By adding the name of the users we can restrict or, allow any user to use ftp
~~Save & Close
#####Creating a group to give access ftp access & Creating Home Directories to be restricted:
# creating groups:
groupadd ftp-usrs
# creating a home directories:
Creating An FTP server:
###VSFTPD is responsible for the FTP service.
open: /etc/vsftpd/vsftpd.conf
Change Configuration File: vsftpd.conf
### Allow anonymous FTP? (Beware – allowed by default if you comment this out).
#Restrict Annonomous Users to be logged in
anonymous_enable=NO
### Restrict the ftp users to their home directories
chroot_local_user=YES
~~Save & Close
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file
### Restrict specific users to use ftp.
open: vi user_list
# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp
add user names not allowed to use ftp access
Open: /etc/vsftpd/ftpusers
By adding the name of the users we can restrict or, allow any user to use ftp
~~Save & Close
#####Creating a group to give access ftp access & Creating Home Directories to be restricted:
# creating groups:
groupadd ftp-usrs
# creating a home directories:
mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs
# creating users to be entered in the specific group:
usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1
##### Restricting sftp service to limited groups:
open: /etc/ssh/sshd_config
#### Deny groups or, users who cant not use the sftp protocols
#write:
DenyUsers alice f1
DenyGroups ftp-usrs
#Allowing groups or, users access
write:
AllowUsers alice f1
AllowGroups ftp-usrs
~~Save & Close
@@@@@@
Restart ftp & stfp service
service vsftpd restart
/etc/init.d/sshd restart
!!!!!!!!
Access the file by restricted ftp & sftp service
mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs
# creating users to be entered in the specific group:
usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1
##### Restricting sftp service to limited groups:
open: /etc/ssh/sshd_config
#### Deny groups or, users who cant not use the sftp protocols
#write:
DenyUsers alice f1
DenyGroups ftp-usrs
#Allowing groups or, users access
write:
AllowUsers alice f1
AllowGroups ftp-usrs
~~Save & Close
@@@@@@
Restart ftp & stfp service
service vsftpd restart
/etc/init.d/sshd restart
!!!!!!!!
Access the file by restricted ftp & sftp service
Recent Comments