May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Categories

WordPress Quotes

History is a relentless master. It has no present, only the past rushing into the future. To try to hold fast is to be swept aside.
John F. Kennedy
May 2020
M T W T F S S
« Mar    
 123
45678910
11121314151617
18192021222324
25262728293031

Short Cuts

2012 SERVER (64)
2016 windows (9)
AIX (13)
Amazon (40)
Ansibile (19)
Apache (135)
Asterisk (2)
cassandra (2)
Centos (211)
Centos RHEL 7 (270)
centos8 (3)
chef (3)
cloud (2)
cluster (3)
Coherence (1)
DB2 (5)
DISK (25)
DNS (9)
Docker (30)
Eassy (11)
ELKS (1)
EXCHANGE (3)
Fedora (6)
ftp (5)
GIT (3)
GOD (2)
Grub (1)
Hacking (10)
Hadoop (6)
health (2)
horoscope (23)
Hyper-V (10)
IIS (15)
IPTABLES (15)
JAVA (7)
JBOSS (32)
jenkins (1)
Kubernetes (7)
Ldap (5)
Linux (188)
Linux Commands (166)
Load balancer (5)
mariadb (14)
Mongodb (4)
MQ Server (24)
MYSQL (84)
Nagios (5)
NaturalOil (13)
Nginx (35)
Ngix (1)
openldap (1)
Openstack (6)
Oracle (35)
Perl (3)
Postfix (19)
Postgresql (1)
PowerShell (2)
Python (3)
qmail (36)
Redis (12)
RHCE (28)
SCALEIO (1)
Security on Centos (29)
SFTP (1)
Shell (64)
Solaris (58)
Sql Server 2012 (4)
squid (3)
SSH (10)
SSL (14)
Storage (1)
swap (3)
TIPS on Linux (28)
tomcat (62)
Ubuntu (1)
Uncategorized (30)
Veritas (2)
vfabric (1)
VMware (28)
Weblogic (38)
Websphere (71)
Windows (19)
Windows Software (2)
wordpress (1)
ZIMBRA (17)

WP Cumulus Flash tag cloud by Roy Tanck requires Flash Player 9 or better.

Who's Online

0 visitors online now
0 guests, 0 bots, 0 members

Hit Counter provided by dental implants orange county

vsftp on CentOS6.6

CentOS6.6

2?vsftpd-2.2.2

Second, the installation

$ yum install -y vsftpd

[root@oracledbserver mohan]# yum install vsftpd
Loaded plugins: fastestmirror, refresh-packagekit, security
Setting up Install Process
Loading mirror speeds from cached hostfile
* base: mirror.vodien.com
* extras: mirror.vodien.com
* updates: mirror.vastspace.net
base | 3.7 kB 00:00
extras | 3.4 kB 00:00
updates | 3.4 kB 00:00
Resolving Dependencies
–> Running transaction check
—> Package vsftpd.x86_64 0:2.2.2-13.el6_6.1 will be installed
–> Finished Dependency Resolution

Dependencies Resolved

============================================================================================================================================================================================================
Package Arch Version Repository Size
============================================================================================================================================================================================================
Installing:
vsftpd x86_64 2.2.2-13.el6_6.1 updates 151 k

Transaction Summary
============================================================================================================================================================================================================
Install 1 Package(s)

Total download size: 151 k
Installed size: 332 k
Is this ok [y/N]: y
Downloading Packages:
vsftpd-2.2.2-13.el6_6.1.x86_64.rpm | 151 kB 00:00
Running rpm_check_debug
Running Transaction Test
Transaction Test Succeeded
Running Transaction
Installing : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1
Verifying : vsftpd-2.2.2-13.el6_6.1.x86_64 1/1

Installed:
vsftpd.x86_64 0:2.2.2-13.el6_6.1

Complete!

Third, the configuration

$ vi /etc/vsftpd/vsftpd.conf

isten_address=192.168.1.61
listen_port=21 # specified listening port
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/xferlog
xferlog_std_format=YES
ftpd_banner=Welcome to Mohan FTP service.
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
listen=YES
pam_service_name=vsftpd
userlist_enable=YES
userlist_deny=YES
tcp_wrappers=YES
userlist_file=/etc/vsftpd/user_list
pasv_enable=YES
pasv_min_port=65400
pasv_max_port=65410

listen_address=192.168.1.61 # specified listen address
listen_port=21 # specified listening port
anonymous_enable=NO # does not allow anonymous access
local_enable=YES # allow local users
write_enable=YES # allowed to upload
local_umask=022 # local user to upload a file mask
dirmessage_enable=YES #
xferlog_enable=YES # Enable the log
connect_from_port_20=YES # 20-port connection using ftp
xferlog_file=/var/log/xferlog # specified log file location
xferlog_std_format=YES # specify the log format to standard output
chroot_local_user=YES # Allow Directory Jump
chroot_list_enable=YES # allow the user to specify the file directory permissions Jump
chroot_list_file=/etc/vsftpd/chroot_list # in the file specifies the user can jump
listen=YES # allows you to specify the listener
pam_service_name=vsftpd # define pam module file name (The module may not be used, has been userlist substitute)
userlist_enable=YES # allowed to file in the user login
userlist_deny=NO # specified file in addition to the user can log in, the other not and will not allow
userlist_file=/etc/vsftpd/user_list # In this configuration file to specify which users can log on
tcp_wrappers=YES # allows the firewall to allow and block specific ip
pasv_enable=YES # run in passive mode
pasv_min_port=65400 # assign the starting port
pasv_max_port=65410 # distribution end port

Fourth, run
$ chkconfig vsftpd on
$ chkconfig –list vsftpd
vsftpd 0:off 1:off 2:on 3:on 4:on 5:on 6:off
$ /etc/init.d/vsftpd start
/etc/init.d/vsftpd Start
$ setenforce 0 or echo “SELINUX=disabled”> /etc/selinux/config (restart to take effect)

# Develop a data port 21 and port 20 will automatically open

$ iptables -A INPUT -m state –state NEW -m tcp -p tcp –dport 21 -j ACCEPT

Port # open passive mode
$ iptables -A INPUT -m state –state NEW -p tcp –dport 65400:65410 -j ACCEPT
$ useradd mohan -s /sbin/nologin
$ echo “mohan”|passwd mohan123 –stdin

Fifth, check

Six customers to upload test

# Install the client
$ Yum install -y ftp

Configuring FTP server and Restricting their access

Configuration FTP server:

VSFTPD is responsible for the FTP service.

open: /etc/vsftpd/vsftpd.conf

Change Configuration File: vsftpd.conf

###Allow anonymous FTP? (Beware – allowed by default if you comment this out).

#Restrict Annonomous Users to be logged in

anonymous_enable=NO

### Restrict the ftp users to their home directories

chroot_local_user=YES

~~Save & Close

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file

#### Restrict specific users to use ftp.

open: vi user_list

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp

add user names not allowed to use ftp access

Open: /etc/vsftpd/ftpusers

By adding the name of the users we can restrict or, allow any user to use ftp

~~Save & Close

#####Creating a group to give access ftp access & Creating Home Directories to be restricted:

# creating groups:

groupadd ftp-usrs

# creating a home directories:

Creating An FTP server:

###VSFTPD is responsible for the FTP service.

open: /etc/vsftpd/vsftpd.conf

Change Configuration File: vsftpd.conf

### Allow anonymous FTP? (Beware – allowed by default if you comment this out).

#Restrict Annonomous Users to be logged in

anonymous_enable=NO

### Restrict the ftp users to their home directories

chroot_local_user=YES

~~Save & Close

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file

### Restrict specific users to use ftp.

open: vi user_list

# If userlist_deny=NO, only allow users in this file
# If userlist_deny=YES (default), never allow users in this file, and
# do not even prompt for a password.
# Note that the default vsftpd pam config also checks /etc/vsftpd/ftpusers
# for users that are denied.
# Users that are not allowed to login via ftp

add user names not allowed to use ftp access

Open: /etc/vsftpd/ftpusers

By adding the name of the users we can restrict or, allow any user to use ftp

~~Save & Close

#####Creating a group to give access ftp access & Creating Home Directories to be restricted:

# creating groups:

groupadd ftp-usrs

# creating a home directories:
mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs

# creating users to be entered in the specific group:

usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1

##### Restricting sftp service to limited groups:

open: /etc/ssh/sshd_config

#### Deny groups or, users who cant not use the sftp protocols

#write:

DenyUsers alice f1
DenyGroups ftp-usrs

#Allowing groups or, users access

write:

AllowUsers alice f1
AllowGroups ftp-usrs

~~Save & Close

@@@@@@

Restart ftp & stfp service

service vsftpd restart

/etc/init.d/sshd restart

!!!!!!!!

Access the file by restricted ftp & sftp service

mkdir /home/ftp-docs
man chmod
chmod 750 /home/ftp-docs
chown root:ftp-usrs /home/ftp-docs

# creating users to be entered in the specific group:

usradd -g ftp-usrs -d /home/ftp-docs f1
passwd f1

##### Restricting sftp service to limited groups:

open: /etc/ssh/sshd_config

#### Deny groups or, users who cant not use the sftp protocols

#write:

DenyUsers alice f1
DenyGroups ftp-usrs

#Allowing groups or, users access

write:

AllowUsers alice f1
AllowGroups ftp-usrs

~~Save & Close

@@@@@@

Restart ftp & stfp service

service vsftpd restart

/etc/init.d/sshd restart

!!!!!!!!

Access the file by restricted ftp & sftp service

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

  

  

  

Blue Captcha Image
Refresh

*

Protected by WP Anti Spam