Linux: part1 : FTP

Reference p.xx を参照。

--------------------------
sec.15-1 basic --- files
--------------------------
#yum install vsftpd
----------------------------------------------------
Files
----------------------------------------------------
/etc/logrotate.d/vsftpd
etc/rc.d/init.d/vsftpd
/etc/vsftpd/ftpusers
/etc/vsftpduser_list
/etc/vsfptd/vsftpd.conf
/usr/sbin/vsftpd
/var/ftp/pub
/var/log/xferlog
----------------------------------------------------
Packet-filtering
----------------------------------------------------
/etc/sysconfig/iptables
-A INPUT -m state --state NEW -m tcp -p tcp --dport 21 -j ACCEPT
-A INPUT -m state --state NEW -m tcp -p tcp --dport 22 -j ACCEPT

*helper-module for FTP(通常より複雑な通信をFTPが実施するために必要)
/etc/sysconfi/iptables-config
IPTABLES_MODULES="nf_conntrack_ftp"

/etc/vsftpd/vsftpd.conf
#service iptables restart

----------------------------------------------------
Configuration: vsftpdはSSHと同じようにTCP Wrapperのアクセス制御の対象となっている
----------------------------------------------------
/etc/hosts.allow
sshd:192.168.2.1
vsftpd:ALL

/etc/hosts.deny
ALL:ALL

#service vsftpd start
#chkconfig vsftpd on

----------------------------------------------------
Verification
----------------------------------------------------
*tested by anonymous user
dir …pub will be displayed.

*directory for public users of anonymous
cp screenshot.png /var/ftp/pub/

*changing SELinux
#sesebool -P ftp_home_dir on

/etc/vsftpd/vsftpd.conf
anonymous_enable=NO     <--- disabling anonymous users
#service vsftpd restart

--------------------------
sec.15-2 Login by general users
--------------------------
*configuratin of general users who cannot login FTP@ /etc/vsftpd/ftpusers

*useradd -s /sbin/nologin ftponly
passwd ftponly

#ssh -l ftponly 192.168.2.10