十月 11th, 2017

vsftpd安装

yum安装vsftpd

yum -y install vsftpd

检查是否安装

 rpm -qa|grep vsftpd

创建ftp用户的目录

mkdir /ftphome

创建虚拟用户可以使用ftp不能登陆系统

usadd ftpuser -d /ftpfile -s /sbin/nolog
passwd ftpuser
//输入密码

修改ftphome权限并添加用户配置文件最后需要将配文件引用到ftp配置中

chown -R ftpuser.ftpuser /ftphome
vim chroot_list :wq保存退出

修改selinux

vim /etc/selinux/config 修改 SELINUX=disable 

配置vsftpd.conf

vim /etc/vsftpd/vsftpd.conf 
local_root=/ftphome 
#chroot_local_user=YES 
anon_root=/ftphome
use_localtime=YES

#匿名
#anonymous_enable=YES
anonymous_enable=NO
local_enable=YES
# Uncomment this to enable any form of FTP write command.
write_enable=YES
# Default umask for local users is 077. You may wish to change this to 022,
# if your users expect that (022 is used by most other ftpd's)
local_umask=022
#anon_upload_enable=YES
#anon_mkdir_write_enable=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
#chown_uploads=YES
#chown_username=whoever
xferlog_std_format=YES
#xferlog_file=/var/log/xferlog
xferlog_std_format=YES
#ascii_upload_enable=YES
#ascii_download_enable=YES
ftpd_banner=Welcome to FTP Server
chroot_local_user=NO
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
#listen_ipv6=YES
pam_service_name=vsftpd
userlist_enable=YES
tcp_wrappers=YES
#pasv_enable=YES
pasv_min_port=61001
pasv_max_port=62000
allow_writeable_chroot=YES

添加ftp开机自启

systemctl enable vsftpd.service

安装ftp客户端检验

yum -y install ftp

配置firewall防火墙

firewall常用命令

1、重启、关闭、开启firewalld.service服务
service firewalld restart 重启
service firewalld start 开启
service firewalld stop 关闭
2、查看firewall服务状态
systemctl status firewall
3、查看firewall的状态
firewall-cmd --state
4、查看防火墙规则
firewall-cmd --list-all 

配置防火墙规则(两种方式)  令名方式

 vim /etc/firewalld/zones/public.xml
 <rule family="ipv4">
    <port protocol="tcp" port="61001-62000"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <port protocol="tcp" port="21"/>
    <accept/>
  </rule>
  <rule family="ipv4">
    <port protocol="tcp" port="20"/>
    <accept/>
  </rule>

图形方式

yum -y install firewall-config
//安装成功后使用下面的命令在弹出界面进行配置
firewall-config

熟悉iptables的可以按照下面的方式配置  由于centos7 自带的是firewall没有iptables我们要禁用firewall安装配置配置iptables  禁用firewall

systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动

安装iptables

#先检查是否安装了iptables
service iptables status
#安装iptables
yum install -y iptables
#升级iptables
yum update iptables 
#安装iptables-services
yum install iptables-services 

配置iptables

vim /etc/sysconfig/iptables
-A INPUT  -p TCP --dport 61001:62000 -j ACCEPT  
-A OUTPUT -p TCP --sport 61001:62000 -j ACCEPT 
-A INPUT  -p TCP --dport 20 -j ACCEPT   
-A OUTPUT -p TCP --sport 20 -j ACCEPT
-A INPUT  -p TCP --dport 21 -j ACCEPT
-A OUTPUT -p TCP --sport 21 -j ACCEPT

修改iptable开机启动

systemctl enable iptables.service #iptables开机启动

重新启动机器(修改了selinux重新启动让配置生效)

常用命令
systemctl stop firewalld.service #停止firewall
systemctl disable firewalld.service #禁止firewall开机启动
systemctl stop iptables.service #停止iptables
systemctl disable iptables.service #禁止iptables开机启动
systemctl restart vsftpd.service #重新启动ftp服务

Comments are closed.