记录日常工作关于系统运维,虚拟化云计算,数据库,网络安全等各方面问题。
 
0

Centos 安装vsftpd-3.0.3
发表者:admin分类:应用服务2019-04-04 13:38:01 阅读[1619]

vsftpd-3.0.3

Introduction to vsftpd

The vsftpd package contains a very secure and very small FTP daemon. This is useful for serving files over a network.

This package is known to build and work properly using an LFS-8.4 platform.

Package Information

vsftpd Dependencies

Required

libnsl-1.2.0

Optional

libcap-2.26 with PAM, and Linux-PAM-1.3.0

User Notes: http://wiki.linuxfromscratch.org/blfs/wiki/vsftpd

Installation of vsftpd

For security reasons, running vsftpd as an unprivileged user and group is encouraged. Also, a user should be created to map anonymous users. As the root user, create the needed directories, users, and groups with the following commands: 

install -v -d -m 0755 /usr/share/vsftpd/empty &&
install -v -d -m 0755 /home/ftp               &&
groupadd -g 47 vsftpd                         &&
groupadd -g 45 ftp                            &&
adduser  -g vsftpd -s /sbin/nologin vsftpd    &&
adduser  -g ftpd -s /sbin/nologin ftp         &&

useradd -c "vsftpd User"  -d /dev/null -g vsftpd -s /bin/false -u 47 vsftpd &&
useradd -c anonymous_user -d /home/ftp -g ftp    -s /bin/false -u 45 ftp

Build vsftpd as an unprivileged user using the following command: 

make

This package does not come with a test suite.

Once again, become the root user and install vsftpd with the following commands: 

install -v -m 755 vsftpd        /usr/sbin/vsftpd    &&
install -v -m 644 vsftpd.8      /usr/share/man/man8 &&
install -v -m 644 vsftpd.conf.5 /usr/share/man/man5 &&
install -v -m 644 vsftpd.conf   /etc

Command Explanations

install -v -d ...: This creates the directory that anonymous users will use (/home/ftp) and the directory the daemon will chroot into (/usr/share/vsftpd/empty).

[Note]

Note

/home/ftp should not be owned by the user vsftpd, or the user ftp.

echo "#define VSF_BUILD_TCPWRAPPERS" >>builddefs.h: Use this prior to make to add support for tcpwrappers.

echo "#define VSF_BUILD_SSL" >>builddefs.h: Use this prior to make to add support for SSL.

install -v -m ...: The Makefile uses non-standard installation paths. These commands install the files in /usr and /etc.

Configuring vsftpd

Config Files

/etc/vsftpd.conf

Configuration Information

vsftpd comes with a basic anonymous-only configuration file that was copied to /etc above. While still as root, this file should be modified because it is now recommended to run vsftpd in standalone mode. Also, you should specify the privilege separation user created above. Finally, you should specify the chroot directory. man vsftpd.conf will give you all the details. 

cat >> /etc/vsftpd.conf << "EOF"
background=YES
listen=YES
nopriv_user=vsftpd
secure_chroot_dir=/usr/share/vsftpd/empty
EOF

The vsftpd daemon uses seccomp to improve security by default. But it's known to cause vsftpd unable to handle ftp LIST command with recent kernel versions. Append a line to /etc/vsftpd.conf (as the root user) to disable seccomp and workaround this issue: 

cat >> /etc/vsftpd.conf << "EOF"
seccomp_sandbox=NO
EOF

To enable local logins, append the following to the /etc/vsftpd.conf file (as the root user): 

cat >> /etc/vsftpd.conf << "EOF"
local_enable=YES
EOF

In addition, if using Linux-PAM and vsftpd with local user logins, you will need a Linux-PAM configuration file. As the root user, create the /etc/pam.d/vsftpd file, and add the needed configuration changes for Linux-PAM session support using the following commands: 

cat > /etc/pam.d/vsftpd << "EOF" &&
# Begin /etc/pam.d/vsftpd
auth       required     /lib/security/pam_listfile.so item=user sense=deny \
                                                      file=/etc/ftpusers \
                                                      onerr=succeed
auth       required     pam_shells.so
auth       include      system-auth
account    include      system-account
session    include      system-session
EOF

cat >> /etc/vsftpd.conf << "EOF"
session_support=YES
pam_service_name=vsftpd
EOF

或是cp Redhat/vsftpd.pam 到/etc/pam.d/vsftpd
 

Boot Script

Install the /etc/rc.d/init.d/vsftpd init script included in the blfs-bootscripts-20190313 package. 

make install-vsftpd

Contents

Installed Program: vsftpd
Installed Libraries: None
Installed Directories: /usr/share/vsftpd, /home/ftp

Short Descriptions

vsftpd

is the FTP daemon.

启动脚本内容如下:

[root@cwtbs ~]# cat /etc/init.d/vsftpd
#!/bin/bash
#
### BEGIN INIT INFO
# Provides: vsftpd
# Required-Start: $local_fs $network $named $remote_fs $syslog
# Required-Stop: $local_fs $network $named $remote_fs $syslog
# Short-Description: Very Secure Ftp Daemon
# Description: vsftpd is a Very Secure FTP daemon. It was written completely from
#              scratch
### END INIT INFO
# vsftpd      This shell script takes care of starting and stopping
#             standalone vsftpd.
#
# chkconfig: - 60 50
# description: Vsftpd is a ftp daemon, which is the program \
#              that answers incoming ftp service requests.
# processname: vsftpd
# config: /etc/vsftpd.conf
# Source function library.
. /etc/rc.d/init.d/functions
# Source networking configuration.
. /etc/sysconfig/network
RETVAL=0
prog="vsftpd"
start() {
        # Start daemons.
        if [ -d /etc ] ; then
                for i in `ls /etc/vsftpd.conf`; do
                        site=`basename $i .conf`
                        echo -n $"Starting $prog for $site: "
                        /usr/sbin/vsftpd $i &
                        RETVAL=$?
                        [ $RETVAL -eq 0 ] && {
                           touch /var/lock/subsys/$prog
                           success $"$prog $site"
                        }
                        echo
                done
        else
                RETVAL=1
        fi
        return $RETVAL
}
stop() {
        # Stop daemons.
        echo -n $"Shutting down $prog: "
        killproc $prog
        RETVAL=$?
        echo
        [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/$prog
        return $RETVAL
}
# See how we were called.
case "$1" in
  start)
        start
        ;;
  stop)
        stop
        ;;
  restart|reload)
        stop
        start
        RETVAL=$?
        ;;
  condrestart)
        if [ -f /var/lock/subsys/$prog ]; then
            stop
            start
            RETVAL=$?
        fi
        ;;
  status)
        status $prog
        RETVAL=$?
        ;;
  *)
        echo $"Usage: $0 {start|stop|restart|condrestart|status}"
        exit 1
esac
exit $RETVAL


启用vsftpd 服务

下面是添加ftpadmin 账号与ftp目录

  145  useradd -d /var/www/html/ -s /sbin/nologin ftpadmin


#vi /etc/vsftpd.conf
将配置文件中”anonymous_enable=YES “改为 “anonymous_enable=NO”
取消如下配置前的注释符号:
local_enable=YES
write_enable=YES
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list

保存退出


编辑/etc/vsftpd/chroot_list文件,

将ftpadmin的帐户名添加进去,保存退出


修改ftpadmin 密码

  147  passwd ftpadmin


  148  systemctl restart vsftpd.service
  
修改ftp目录的用户组。
  169  chown -R ftpadmin /var/www/html


使用ftp功能测试,ftp登陆正常。


如果报530错误,重启动系统后再试试



转载请标明出处【Centos 安装vsftpd-3.0.3】。

《www.micoder.cc》 虚拟化云计算,系统运维,安全技术服务.

Tags: [阅读全文...]
网站已经关闭评论