wget https://security.appspot.com/downloads/vsftpd-3.0.0.tar.gz
tar -zxvf vsftpd-3.0.0.tar.gz
yum -y install gcc openssl-devel
cd vsftpd-3.0.0
sed -i 's/undef VSF_BUILD_TCPWRAPPERS/define VSF_BUILD_TCPWRAPPERS/g' builddefs.h
sed -i 's/undef VSF_BUILD_SSL/define VSF_BUILD_SSL/g' builddefs.h
make
ls -l vsftpd
useradd nobody
mkdir /usr/share/empty/
mkdir /var/ftp/
mkdir /etc/vsftpd/
useradd -d /var/ftp ftp
chown root.root /var/ftp
chmod og-w /var/ftp
make install
cp vsftpd /usr/local/sbin/vsftpd
cp vsftpd.conf /etc/vsftpd
cp RedHat/vsftpd.pam /etc/pam.d/vsftpd
sed -i 's@file=/etc/ftpusers@file=/etc/vsftpd/ftpuser@g' /etc/pam.d/vsftpd
echo -e \
'#!/bin/bash
# chkconfig: - 60 50
#description:vsftpd
#conf:/etc/vsftpd/vsftp.conf
#cp vsftpd /etc/init.d/vsftpd
#chmod 755 /etc/init.d/vsftpd
#chkconfig --add vsftpd
#chkconfig vsftpd on
if [ -f /etc/init.d/functions ]
then
. /etc/init.d/functions
elif [ -f /etc/rc.d/init.d/functions ]
then
. /etc/rc.d/init.d/functions
else
exit 0
fi
vsftpd=/usr/local/sbin/vsftpd
ftpconf=/etc/vsftpd/vsftpd.conf
prog=vsftpd
RETVAL=0
start() {
if [ -n "`/sbin/pidof $prog`" ]
then
echo "$prog: already running"
return 1
fi
echo "Starting $prog:"
base=$prog
$vsftpd $ftpconf&
if [ -z "`/sbin/pidof $prog`" ]
then
RETVAL=1
fi
if [ $RETVAL -ne 0 ]
then
echo "Startup failure"
else
echo "Startup success"
fi
return $RETVAL
}
stop() {
if [ -z "`/sbin/pidof $prog`" ]
then
RETVAL=1
fi
if [ $RETVAL -ne 0 ]
then
echo "vsftpd no have run"
else
echo "Stopping $prog:"
killall $vsftpd
RETVAL=$?
if [ $RETVAL -ne 0 ]
then
echo "Shutdown failure"
else
echo "Shutdown success"
fi
fi
}
case "$1" in
start)
start
;;
stop)
stop
;;
status)
status $vsftpd
RETVAL=$?
;;
restart)
stop
RETVAL=$?
start
RETVAL=$?
;;
*)
echo "Usage: $prog {start|stop|restart|status}"
exit 1
esac
exit $RETVAL' >> /etc/init.d/vsftpd
chmod a+x /etc/init.d/vsftpd
iptables -I RH-Firewall-1-INPUT -m state --state NEW -m tcp -p tcp --dport 20:21 -j ACCEPT
/etc/init.d/iptables save
sed -i 's/IPTABLES_MODULES="ip_conntrack_netbios_ns"/IPTABLES_MODULES="ip_conntrack_netbios_ns
ip_conntrack_ftp"/g' /etc/sysconfig/iptables-config
/etc/init.d/iptables restart
getsebool -a|grep ftp
setsebool -P ftp_home_dir=1
setsebool -P ftpd_is_daemon=1
echo -e \
'anonymous_enable=YES
no_anon_password=YES
anon_max_rate=1000000
data_connection_timeout=60
idle_session_timeout=600
#anon_other_write_enable=YES
#anon_mkdir_write_enable=YES
#anon_upload_enable=YES
#chown_uploads=YES
#chown_username=daemon
local_enable=YES
write_enable=YES
local_umask=022
local_max_rate=100000000
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd/user_list
use_localtime=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=YES
pam_service_name=vsftpd
tcp_wrappers=YES
banner_file=/etc/vsftpd/welcome.txt
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
max_clients=100
max_per_ip=10' > /etc/vsftpd/vsftpd.conf
touch /etc/vsftpd/user_list
echo -e "#Deny Login vsFTPd Account" >> /etc/vsftpd/user_list
grep -v ftp /etc/passwd | awk 'BEGIN {FS=":"} $3 < 500 {print $1}' >> /etc/vsftpd/user_listtouch /etc/vsftpd/welcome.txt
echo 'banner test123' >> /etc/vsftpd/welcome.txt
touch /etc/vsftpd/chroot_list
echo -e "#Permit Change vsFTPd Root Floder Account" >> /etc/vsftpd/chroot_list
/etc/init.d/vsftpd start
useradd -s /sbin/nologin test_account
passwd test_account
##OPTIONS
setsebool -P allow_ftpd_anon_write=1
chcon -R -t public_content_t /var/ftp
chcon -t public_content_rw_t /var/ftp/incoming
ls -lZ /var/ftp
留言列表
