Shulou(Shulou.com)06/02 Report--

1. There is now a FTP and WEB server within the company. FTP is mainly used to maintain the content of the company's website, including uploading files, creating directories, updating web pages, and so on. The company now has two departments responsible for maintenance tasks, which are managed by xuegod1 and xuegod2 accounts respectively. First, only xuegod1 and xuegod2 accounts are allowed to log in to the FTP server, but not to the local system, and the root directory of these two accounts is limited to / var/www/html, and cannot enter any directory outside this directory.

Description: it is best to find a static website by yourself, and then upload it to / var/www/html through ftp, which can be accessed normally through the browser

1. Install httpd and vsftpd

[root@Centos-6-70] # yum-y install httpd vsftpd

2. Create the system user xue to specify the add directory as / var/www/html and join the apache group

[root@Centos-6-70 www] # useradd-s / sbin/nologin-d / var/www/html/-g apache xue

Useradd: warning: the home directory already exists.

Not copying any file from skel directory into it.

[root@Centos-6-70 www] #

[root@Centos-6-70 www] # echo "123456" | passwd-- stdin xue

Changing password for user xue.

Passwd: all authentication tokens updated successfully.

3. Give system users read and write permissions to / var/www/html

[root@Centos-6-70 www] # chown-R apache:apache html/

[root@Centos-6-70 www] # chmod-R 775 html/

[root@Centos-6-70 www] # ll-d html/

Drwxrwxr-x 2 apache apache 4096 May 13 15:09 html/

[root@Centos-6-70 www] #

4. Create a virtual user text file

[root@Centos-6-70 vsftpd] # vim vusers.txt

Xuegod1

12345678

Xuegod2

12345678

5. Generate virtual user database

[root@Centos-6-70 vsftpd] # db_load-T-t hash-f / etc/vsftpd/vusers.txt / etc/vsftpd/vusers.db

6. Delete virtual user text files to prevent disclosure

[root@Centos-6-70 vsftpd] # rm vusers.txt

Rm: remove regular file `vusers.txt'? Y

[root@Centos-6-70 vsftpd] #

7. Modify the file access permissions of the virtual user database

[root@Centos-6-70 vsftpd] # chmod 644 vusers.db

[root@Centos-6-70 vsftpd] # ll vusers.db

-rw-r--r-- 1 root root 12288 May 13 07:27 vusers.db

[root@Centos-6-70 vsftpd] #

8. Modify pam authentication configuration

[root@Centos-6-70 pam.d] # cat vsftpd

#% PAM-1.0

# session optional pam_keyinit.so force revoke

# auth required pam_listfile.so item=user sense=deny file=/etc/vsftpd/ftpusers onerr=succeed

# auth required pam_shells.so

# auth include password-auth

# account include password-auth

# session required pam_loginuid.so

# session include password-auth

Auth required / lib64/security/pam_userdb.so db=/etc/vsftpd/vusers

Account required / lib64/security/pam_userdb.so db=/etc/vsftpd/vusers

[root@Centos-6-70 pam.d] #

9. Modify vsftpd main configuration file vsftpd.conf

Anonymous_enable=NO # does not allow anonymous login

Local_enable=YES # allow local users to log in

Chroot_local_user=YES # all users are restricted to their home directories

Chroot_list_enable=NO # does not allow exceptional users to switch to other directories

Pam_service_name=vsftpd # specifies the PAM file name and configures the PAM module used by vsftpd to be vsftpd

User_config_dir=/etc/vsftpd/vuserconfig # set the home directory of the virtual account to / etc/vsftpd/vuserconfig

10. Create a virtual user configuration folder vuserconfig

[root@Centos-6-70 vsftpd] # mkdir vuserconfig

[root@Centos-6-70 vsftpd] # ll-d vuserconfig/

Drwxr-xr-x 2 root root 4096 May 13 07:48 vuserconfig/

[root@Centos-6-70 vsftpd] #

11. Create and configure virtual user profiles

[root@Centos-6-70 vuserconfig] # cat xuegod1

Guest_enable=yes

Guest_username=xue

Anon_world_readable_only=no

Write_enable=yes

Anon_mkdir_write_enable=yes

Anon_upload_enable=yes

Virtual_use_local_privs=YES

[root@Centos-6-70 vuserconfig] # cat xuegod2

Guest_enable=yes

Guest_username=xue

Anon_world_readable_only=no

Write_enable=yes

Anon_mkdir_write_enable=yes

Anon_upload_enable=yes

Virtual_use_local_privs=YES

[root@Centos-6-70 vuserconfig] #

Restart vsftpd and httpd services and check whether they are successful or not

[root@Centos-6-70 vuserconfig] # netstat-antup | grep vsftpd

Tcp 0 0 0.0.0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0. 0

[root@Centos-6-70 vuserconfig] # netstat-antup | grep httpd

Tcp 0 0: 80: * LISTEN 2148/httpd

[root@Centos-6-70 vuserconfig] #

13. Whether the test is effective

[root@Centos-6-70 home] # lftp-u xuegod1 192.168.70.243

Password:

Lftp xuegod1@192.168.70.243:~ > pwd

Ftp://xuegod1@192.168.70.243

Lftp xuegod1@192.168.70.243:/ > cd / home

Cd: Access failed: 550 Failed to change directory. (/ home)

Lftp xuegod1@192.168.70.243:/ > cd / var/www

Cd: Access failed: 550 Failed to change directory. (/ var/www)

Lftp xuegod1@192.168.70.243:~ > ls

Lftp xuegod1@192.168.70.243:/ > put / home/index.html

559038 bytes transferred

Lftp xuegod1@192.168.70.243:/ > put / home/boot.tar.gz

3145728 bytes transferred

Lftp xuegod1@192.168.70.243:/ > mkdir os

Mkdir ok, `os' created

Lftp xuegod1@192.168.70.243:/ > mv boot.tar.gz grub.tar.gz

Rename successful

Lftp xuegod1@192.168.70.243:/ > mv os iso

Rename successful

Lftp xuegod1@192.168.70.243:/ > rm grub.tar.gz

Rm ok, `grub.tar.gz' removed

Lftp xuegod1@192.168.70.243:/ > rmdir iso

Rmdir ok, `iso' removed

Lftp xuegod1@192.168.70.243:/ > ls

-rw-r--r-- 1,500 48 559038 May 13 08:48 index.html

Lftp xuegod1@192.168.70.243:/ > quit

[root@Centos-6-70 home] #

14. Visit apahce to view the page of the website

15. In the same way, test xuegod2 account login

[root@Centos-6-70 home] # lftp-u xuegod2 192.168.70.243

Password:

Lftp xuegod2@192.168.70.243:~ > ls

-rw-r--r-- 1,500 48 559038 May 13 08:48 index.html

Lftp xuegod2@192.168.70.243:/ > rm index.html

Rm ok, `index.html' removed

Lftp xuegod2@192.168.70.243:/ > cd / home

Cd: Access failed: 550 Failed to change directory. (/ home)

Lftp xuegod2@192.168.70.243:/ > cd / var/www

Cd: Access failed: 550 Failed to change directory. (/ var/www)

Lftp xuegod2@192.168.70.243:/ > put / home/index.html

559038 bytes transferred

Lftp xuegod2@192.168.70.243:/ > put boot.tar.gz

3145728 bytes transferred

Lftp xuegod2@192.168.70.243:/ > mkdir os

Mkdir ok, `os' created

Lftp xuegod2@192.168.70.243:/ > mv boot.tar.gz grub.tar.gz

Rename successful

Lftp xuegod2@192.168.70.243:/ > mv os iso

Rename successful

Lftp xuegod2@192.168.70.243:/ > rm index.html

Rm ok, `index.html' removed

Lftp xuegod2@192.168.70.243:/ > ls

-rw-r--r-- 1,500 48 3145728 May 13 08:50 grub.tar.gz

Drwxr-xr-x 2 500 48 4096 May 13 08:50 iso

Lftp xuegod2@192.168.70.243:/ > rm grub.tar.gz

Rm ok, `grub.tar.gz' removed

Lftp xuegod2@192.168.70.243:/ > rmdir iso

Rmdir ok, `iso' removed

Lftp xuegod2@192.168.70.243:/ > ls

16. Access effect after deleting index.html of hao123 home page

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.