Shulou(Shulou.com)06/02 Report--

1. Anonymous server connection (stand-alone server)

Add the following items to the / etc/sftpd/sftpd.conf configuration file:

Anonymous_enable=yes (anonymous login allowed)

Dirmessage_enable=yes (displays the contents of .message under the directory when changing directories)

Local_umask=022 (local file permissions on FTP, default is 077)

Connect_form_port_20=yes (enable data connection for FTP data port) *

Xferlog_enable=yes (activate uploaded and downloaded logs)

Xferlog_std_format=yes (using standard log format)

Ftpd_banner=XXXXX (Welcome message)

Pam_service_name=vsftpd (authentication method) *

Listen=yes (stand-alone VSFTPD server) *

Function: can only connect to FTP server, not upload or download

Note: all the welcome messages related to the log are optional. No matter what account is marked with an asterisk, it is a basic option for FTP.

2. Enable anonymous FTP server upload permission

Add the following information to the configuration file:

Anon_upload_enable=yes (open upload permission)

Anon_mkdir_write_enable=yes (you can create a directory while uploading files in this directory)

Write_enable=yes (open local user write permissions)

Anon_other_write_enable=yes (anonymous account can have permission to delete)

3. Enable the permission to download from anonymous server

Just add the following information to the configuration file:

Anon_world_readable_only=no

Note: pay attention to the properties of the folder. Anonymous account is the permission for other (other) users to turn on its read and write execution.

(r) read-download (W) write-upload (X) execute-if you don't open the FTP directory, you can't get into it.

4. Ordinary user FTP server connection (stand-alone server)

Just add the following information to the configuration file:

Local_enble=yes (local account can log in)

Write_enable=no (local account has no right to delete and modify files after logging in)

Function: you can log in to the vsftpd server with a local account and have the permission to download and upload

Note: after the anonymous login information is prohibited, the anonymous server can still log in, but can not upload or upload.

5. The user's login is restricted to other directories, only to its home directory.

Set all local users to execute chroot

Chroot_local_user=yes (all local accounts can only be in their own directory)

Set the specified user to execute chroot

Chroot_list_enable=yes (list in the file can be called)

Chroot_list_file=/ any specified path / Vsftpd.chroot_list

Note: vsftpd.chroot_list is not created and needs to be added by yourself. If you want to control the account, you can directly add the account in the file.

6. Restrict local users from accessing FTP

Userlist_enable=yes (use userlistlai to restrict user access)

Userlist_deny=no (people on the list are not allowed to access)

Userlist_file=/ specifies the path where the file is stored / (the path where the file is placed)

Note: userlist_enable=yes anonymous account cannot be logged in.

7. Security option

Idle_session_timeout=600 (seconds) (10 minutes after the user session is idle)

Data_connection_timeout=120 (seconds) (idle data connection for 2 minutes)

Accept_timeout=60 (seconds) (disconnect the client after idle for 1 minute)

Connect_timeout=60 (seconds) (reconnect after 1 minute interruption)

Local_max_rate=50000 (bite) (local user transfer rate 50K)

Anon_max_rate=30000 (bite) (anonymous user transfer rate 30K)

Pasv_min_port=50000 (change the client's data connection port to

Between Pasv_max_port=60000 50000-60000)

Max_clients=200 (maximum number of connections for FTP)

Max_per_ip=4 (maximum connections per IP)

Listen_port=5555 (data connection from port 5555)

8. See who logged in to FTP and killed its process

Ps-xf | grep ftp

Kill process number

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.