Shulou(Shulou.com)06/01 Report--

Vsftpdvsftpd is very secure FTP daemon, and security is one of its biggest features. Let's take a look at the quick configuration of vsftpd.

The main configuration files for vsftpd:

/ etc/pam.d/vsftpd

/ etc/vsftpd

/ etc/vsftpd/ftpusers

/ etc/vsftpd/user_list

/ etc/vsftpd/vsftpd.conf

User category:

Anonymous user:

Anonymous default account and home directory ftp, / var/ftp

/ var/ftp directory properties cannot be changed

The master group ftp of its anonymous subdirectory

Anon_upload_enable=YES enables anonymous user's upload anon_mkdir_write_enable=YES enables write permission anon_other_write_enable=YES 's permission to upload files is 600,

System users:

At least prohibit system users from accessing the ftp service, / etc/vsftpd/ftpusers,PAM (/ etc/pam.d/vsftpd)

User's account authentication requires pam_unix.so related to / etc/passwd

Need to rely on the system account to distinguish permissions

Local_umask=022

Define the blacklist of visiting users: / etc/pam.d/vsftpd

Auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

Lock the user's root directory

Virtual user: non-system user, user account is not a user account that can log in to the operating system (non / etc/passwd)

The general default setting is that the default path accessed by the user through the vsftpd service is the user's own home directory; by default, you can switch between all paths that you have permission to access.

Imprison users in their home directories; users must revoke their read rights to their home directories

Chroot_local_user=YES

Upload and download rate:

Anon_max_rate=0 local_max_rate=0

Limit the number of concurrent connections:

Max_clients=2000 max_per_ip=50 configures authentication of mysql and vsftp:

1. Install the development environment: when compiling, install the corresponding development environment first

Yum install mariadb-server mariadb-devel pam-devel

two。 Install gcc and install the development package group directly

Yum install "Devlopment Tools"Server Platform Development"

3. Compile and install pam_mysql

] # tar xf pam_mysql-0.7RC1.tar.gz. / configure\-- with-pam=/usr\-- with-mysql=/usr\-- with-pam-mods-dir=/usr/lib64/security/ # indicates the village meal path of the module make & & make install

4. Configure the vsftpd.conf file:

Pam_service_name=vsftpd.vusers # indicates the pam file name guest_enable=YES # turns on guest mode guest_username=vuser # Guest user

5. Write pam files: README can view

Auth required / usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2 account required / usr/lib64/security/pam_mysql.so user=vsftpd passwd=vsftpd host=127.0.0.1 db=vsftpd table=users usercolumn=name passwdcolumn=password crypt=2

6. Create the msyql table:

Vim / etc/my.cnf [mysqld] skip_name_resolve=ON innodb_file_per_table=ON log_bin=mysql-bin

Authorized user to log in remotely:

GRANT ALL ON vsftpd.* TO vsftpd@'127.0.0.1' IDENTIFIED BY 'vsftpd'; FLUSH PRIVILEGES; CREATE DATABASE vsftpd; use vsftpd; CREATE TABLE users (id INT UNSIGNED NOT NULL AUTO_INCREMENT PRIMARY KEY, name VARCHAR (100) NOT NULL, password CHAR (48) NOT NULL UNIQUE KEY (name)) INSERT INTO users (name,password) VALUES ('centos',PASSWORD (' centos')), ('redhat',PASSWORD (' redhat'))

7. Create user and root directory, virtual user mapping

Mkdir-p / ftproot/vuser useradd-d / ftproot/vuser vuser changes the user's write permission to the home directory chmod Amurw / ftproot/vuser/

8. Edit the vsftpd.conf file

Indicates the profile path of the virtual user user_config_dir=/etc/vsftpd/vusers_config/

9. Create a profile for each user:

Vim / etc/vsftpd/vusers_config/centos anon_upload_enable=YES anon_mkdir_write_enable=YES

10. Next, test the access to the service.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.