ftp (vsftpd) 설치

Remark:

CentOS 에 ftp (vsftpd) 를 설치 하고 fileziller 로 파일을 계정폴더에 올려 보자.

1. nologin의 절대경로를 which 명령어로 찾는다.


# which nologin
/usr/sbin/nologin

# which nologin

/usr/sbin/nologin

2. vi 명령어로 /etc/shells 파일을 열어 제일 아래 줄에 /usr/sbin/nologin을 추가

적용후 재부팅


#vi /etc/shells
# /etc/shells: valid login shells
/bin/sh
/bin/dash
/bin/bash
/bin/rbash
/usr/bin/rc

/usr/sbin/nologin

#vi /etc/shells

# /etc/shells: valid login shells

/bin/sh

/bin/dash

/bin/bash

/bin/rbash

/usr/bin/rc

/usr/sbin/nologin

3. Install VSFTPD


# sudo yum install vsftpd

# sudo yum install vsftpd

4. launch when the system boots


# sudo systemctl start vsftpd
# sudo systemctl enable vsftpd

# sudo systemctl start vsftpd

# sudo systemctl enable vsftpd

5. firewall to allow FTP traffic on Port 21

* firewall : tcp 21 open or * iptables : tcp 21 open

6. configuration


# sudo vi /etc/vsftpd/vsftpd.conf

# sudo vi /etc/vsftpd/vsftpd.conf


anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
 
chroot_local_user=YES
 
#tcp setting  
listen=YES 
#listen_ipv6=YES 
 
rsa_cert_file=/etc/ssl/certs/vsftpd.pem
pam_service_name=vsftpd
 
userlist_enable=YES  #로그인 제한걸기 
tcp_wrappers=YES
 
# Add
force_dot_files=YES
hide_ids=YES
max_per_ip=10
max_clients=20
allow_writeable_chroot=YES

anonymous_enable=NO

local_enable=YES

write_enable=YES

local_umask=022

dirmessage_enable=YES

xferlog_enable=YES

connect_from_port_20=YES

xferlog_file=/var/log/xferlog

xferlog_std_format=YES

chroot_local_user=YES

#tcp setting

listen=YES

#listen_ipv6=YES

rsa_cert_file=/etc/ssl/certs/vsftpd.pem

pam_service_name=vsftpd

userlist_enable=YES #로그인 제한걸기

tcp_wrappers=YES

# Add

force_dot_files=YES

hide_ids=YES

max_per_ip=10

max_clients=20

allow_writeable_chroot=YES

6.1 tcp6 setting (:::21)


# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25069           0.0.0.0:*               LISTEN      1660/sshd
tcp6       0      0 :::21                   :::*                    LISTEN      27564/vsftpd
tcp6       0      0 :::25069                :::*                    LISTEN      1660/sshd
tcp6       0      0 ::1:631                 :::*                    LISTEN      1655/cupsd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2292/master
tcp6       0      0 :::5051                 :::*                    LISTEN      1778/zagent
tcp6       0      0 :::33060                :::*                    LISTEN      20219/mysqld

# netstat -tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:25069 0.0.0.0:* LISTEN 1660/sshd

tcp6 0 0 :::21 :::* LISTEN 27564/vsftpd

tcp6 0 0 :::25069 :::* LISTEN 1660/sshd

tcp6 0 0 ::1:631 :::* LISTEN 1655/cupsd

tcp6 0 0 ::1:25 :::* LISTEN 2292/master

tcp6 0 0 :::5051 :::* LISTEN 1778/zagent

tcp6 0 0 :::33060 :::* LISTEN 20219/mysqld

6.2 tcp setting (0.0.0.0:21 )


# netstat -tnlp
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:25069           0.0.0.0:*               LISTEN      1660/sshd
tcp        0      0 0.0.0.0:21              0.0.0.0:*               LISTEN      27564/vsftpd
tcp6       0      0 :::25069                :::*                    LISTEN      1660/sshd
tcp6       0      0 ::1:631                 :::*                    LISTEN      1655/cupsd
tcp6       0      0 ::1:25                  :::*                    LISTEN      2292/master
tcp6       0      0 :::5051                 :::*                    LISTEN      1778/zagent
tcp6       0      0 :::33060                :::*                    LISTEN      20219/mysqld

# netstat -tnlp

Active Internet connections (only servers)

Proto Recv-Q Send-Q Local Address Foreign Address State PID/Program name

tcp 0 0 0.0.0.0:25069 0.0.0.0:* LISTEN 1660/sshd

tcp 0 0 0.0.0.0:21 0.0.0.0:* LISTEN 27564/vsftpd

tcp6 0 0 :::25069 :::* LISTEN 1660/sshd

tcp6 0 0 ::1:631 :::* LISTEN 1655/cupsd

tcp6 0 0 ::1:25 :::* LISTEN 2292/master

tcp6 0 0 :::5051 :::* LISTEN 1778/zagent

tcp6 0 0 :::33060 :::* LISTEN 20219/mysqld

7. Apply the above settings


# systemctl restart vsftpd

# systemctl restart vsftpd

8. vsftpd status


# service vsftpd status

Redirecting to /bin/systemctl status vsftpd.service
● vsftpd.service - Vsftpd ftp daemon
   Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)
   Active: active (running) since 화 2021-01-19 16:35:25 KST; 2 days ago
 Main PID: 6369 (vsftpd)
    Tasks: 1
   CGroup: /system.slice/vsftpd.service
           └─6369 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf

# service vsftpd status

Redirecting to /bin/systemctl status vsftpd.service

● vsftpd.service - Vsftpd ftp daemon

Loaded: loaded (/usr/lib/systemd/system/vsftpd.service; enabled; vendor preset: disabled)

Active: active (running) since 화 2021-01-19 16:35:25 KST; 2 days ago

Main PID: 6369 (vsftpd)

Tasks: 1

CGroup: /system.slice/vsftpd.service

└─6369 /usr/sbin/vsftpd /etc/vsftpd/vsftpd.conf