This shows you the differences between two versions of the page.
vsftpd [2009/06/12 08:24] k2patel |
vsftpd [2020/08/10 02:35] |
||
---|---|---|---|
Line 1: | Line 1: | ||
- | ====== VsFTPD ====== | ||
- | Very secure, but hard to configure for virtual users and chroot.\\ | ||
- | Here i have crack it down one day for my client. | ||
- | |||
- | <code bash | /etc/vsftpd/vsftpd.conf> | ||
- | # Disable Anonymous login | ||
- | |||
- | anonymous_enable=NO | ||
- | |||
- | # Controls whether local logins are permitted or not. If enabled, normal user accounts in /etc/passwd | ||
- | # (or wherever your PAM config references) may be used to log in. | ||
- | # This must be enable for any non-anonymous login to work, including virtual users. | ||
- | |||
- | local_enable=YES | ||
- | |||
- | # This controls whether any FTP commands which change the filesystem are allowed or not. (we override later) | ||
- | |||
- | write_enable=NO | ||
- | |||
- | #by default, virtual users are treated with anonymous (i.e. maximally restricted) privilege. | ||
- | |||
- | anon_upload_enable=NO | ||
- | anon_mkdir_write_enable=NO | ||
- | anon_other_write_enable=NO | ||
- | pam_service_name=ftp | ||
- | chroot_local_user=YES | ||
- | guest_enable=YES | ||
- | guest_username=www | ||
- | listen=YES | ||
- | pasv_min_port=30000 | ||
- | pasv_max_port=30999 | ||
- | user_config_dir=/etc/vsftpd/vsftpd_user_conf | ||
- | userlist_enable=YES | ||
- | userlist_file=/etc/vsftpd/denied_users | ||
- | max_clients=100 | ||
- | max_per_ip=10 | ||
- | </code> | ||
- | |||
- | Additional Log options | ||
- | |||
- | <code bash> | ||
- | xferlog_enable=YES | ||
- | xferlog_std_format=YES | ||
- | dual_log_enable=YES | ||
- | log_ftp_protocol=YES | ||
- | </code> | ||
- | |||
- | * create directory "/etc/vsftpd/vsftpd_user_conf" | ||
- | * create file "/etc/vsftpd/vsftpd_user_conf/www" | ||
- | |||
- | <code bash | /etc/vsftpd/vsftpd_user_conf/www> | ||
- | write_enable=YES | ||
- | dirlist_enable=YES | ||
- | download_enable=YES | ||
- | local_root=/var/www/html | ||
- | </code> | ||
- | |||
- | * create pam auth rule for db4 based database | ||
- | |||
- | <code bash | /etc/pam.d/ftp> | ||
- | auth required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login | ||
- | account required /lib/security/pam_userdb.so db=/etc/vsftpd/vsftpd_login | ||
- | </code> | ||
- | |||
- | * crate text file with username / password. users.txt | ||
- | |||
- | <code bash | /etc/vsftpd/users.txt> | ||
- | www | ||
- | wwwpassword | ||
- | username2 | ||
- | password2 | ||
- | </code> | ||
- | |||
- | * generate database based on users.txt file | ||
- | |||
- | <code bash> | ||
- | db_load -T -t hash -f logins.txt /etc/vsftpd/vsftpd_login.db | ||
- | </code> | ||
- | |||
- | * generate virtual user restriction for second user | ||
- | |||
- | <code bash | /etc/vsftpd/vsftpd_user_conf/username2> | ||
- | local_root=/var/www/html/xyz.com | ||
- | dirlist_enable=YES | ||
- | download_enable=YES | ||
- | write_enable=YES | ||
- | </code> | ||
- | |||
- | DONE |