Shulou(Shulou.com)06/01 Report--

This article mainly introduces the LINUX Centos7 how to build vsftpd services, the article is very detailed, has a certain reference value, interested friends must read it!

In terms of data transmission security, passive mode is more secure, and ftp connection tools are default passive mode; in terms of network security, active mode is more secure.

Install vsftpd and ftp connection tools

Yum-y install vsftpd ftp

Modify the configuration file of vsftpd

Vim / etc/vsftpd/vsftpd.conf

Modify:

Anonymous_enable=NO / / modified to NO

Chroot_list_enable=YES / / remove the previous # sign

Chroot_list_file=/etc/vsftpd/chroot_list / / remove the previous # sign

Ascii_upload_enable=YES / / remove the previous # sign

Ascii_download_enable=YES / / remove the previous # sign

Local_umask=033 / / modify permissions

Listen=YES / / set vsftpd to have its own daemon

Listen_ipv6=NO

Note: listen and listen_ipv6 cannot set YES at the same time

Add:

Pasv_enable=YES # turn on passive mode

Pasv_min_port=30000 # passive mode minimum port

Pasv_max_port=40000 # passive mode maximum port

Pasv_promiscuous=YES # turn off port security check

Pasv_address= Public Network IP address # Local area Network Construction ignores this item

Allow_writeable_chroot=YES

Cmds_allowed=FEAT,REST,CWD,LIST,MDTM,MKD,NLST,PASS,PASV,PORT,PWD,QUIT,RMD,RNFR,RNTO,RETR,SIZE,TYPE,USER,ACCT,STOR,APPE,CDUP,HELP,MODE,NOOP,REIN,STAT,STOU,STRU,SYST

Note: the cmds_allowed parameter cannot have spaces. Here, you can upload, download, rename, replace, delete empty folders, but not delete files. For security reasons, the passive mode port should be larger than 10000, and the ftp service cannot be accessed if the port range is too small.

Set up the ftp user blacklist (add local users to the following two files)

Cut-d:-f 1 / etc/passwd > > / etc/vsftpd/ftpusers

Cut-d:-f 1 / etc/passwd > > / etc/vsftpd/user_list

Note: if added only in ftpusers, the user will be prompted with an incorrect password when logging in to ftp, and permission will be denied when adding in user_list.

Suggestion: add it on both sides

Create a ftp user (the newly created user is not on the blacklist)

Useradd-s / sbin/nologin bing / / user name is bing

Passwd bing / / set password

Note: the home directory of ftp users defaults to / home/ username /

Restrict ftp users from leaving its home directory

Touch / etc/vsftpd/chroot_list

Cut-d:-f 1 / etc/passwd > > / etc/vsftpd/chroot_list

The firewall opens the ftp so that the system does not have to shut down the firewall completely

Firewall-cmd-zone=public-add-port=21/tcp-permanent

Firewall-cmd-zone=public-add-port=30000-40000/tcp-permanent

Firewall-cmd-add-service=ftp-permanent

Firewall-cmd-reload

Firewall-cmd-- list-services / / check whether ftp is open

Firewall-cmd-- zone=public-- list-ports / / View open ports

Note: you also need to add the port range of passive mode in the security group rules of Ali Cloud console, otherwise the ftp service will not be accessed.

Configure selinux to allow ftb access to home and public network access

Getsebool-a | grep ftp / / View the ftp Boolean value of setenforce

Setsebool-P ftpd_full_access on

Setsebool-P ftpd_connect_all_unreserved on

Setsebool-P ftpd_use_passive_mode on

Semanage port-a-t ftp_port_t-p tcp 30000-40000

Semanage port-l | grep ftp / / View the ftp port opened by selinux

Note: if the semanage command is not installed by default, report an error and run the following command

Yum-y install policycoreutils-python / / install selinux port management tools

Set home directory permissions

Chmod 777 / home/bing

Start and set self-boot

Service vsftpd start

Systemctl enable vsftpd.service

Note: accessing the ftp server on the windows side requires setting the passive mode, as shown in the following figure

Additional: uninstall of ftp

Back up files before uninstalling

Mkdir / bak

Cp-fr / home/bing/* / bak

Uninstall ftp

Yum remove-y vsftpd

Delete Profil

Rm-fr / etc/vsftpd

Delete ftp user

Userdel-fr bing

These are all the contents of the article "how to build vsftpd Services in Centos7 in LINUX". Thank you for reading! Hope to share the content to help you, more related knowledge, welcome to follow the industry information channel!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.