wget https://security.appspot.com/downloads/vsftpd-3.0.2.tar.gz
tar -zxvf vsftpd-3.0.2.tar.gz
yum -y install gcc openssl-devel libcap-devel tcp_wrappers-devel xinetd
cd vsftpd-3.0.2
sed -i 's/undef VSF_BUILD_TCPWRAPPERS/define VSF_BUILD_TCPWRAPPERS/g' builddefs.h
sed -i 's/undef VSF_BUILD_SSL/define VSF_BUILD_SSL/g' builddefs.h
make
ls -l vsftpd
mkdir /usr/share/empty/
mkdir /var/ftp/
mkdir /etc/vsftpd/
chown root.root /var/ftp
chmod og-w /var/ftp
make install
cp vsftpd.conf /etc/vsftpd
cp RedHat/vsftpd.pam /etc/pam.d/vsftpd
sed -i 's@file=/etc/ftpusers@file=/etc/vsftpd/ftpuser@g' /etc/pam.d/vsftpd
iptables -I INPUT -m state --state NEW -m tcp -p tcp --dport 20:21 -j ACCEPT
/etc/init.d/iptables save
sed -i 's/IPTABLES_MODULES=""/IPTABLES_MODULES="ip_conntrack_ftp"/g' /etc/sysconfig/iptables-config
/etc/init.d/iptables restart
getsebool -a|grep ftp
setsebool -P ftp_home_dir=1
setsebool -P ftpd_is_daemon=1
echo -e \
'anonymous_enable=YES
no_anon_password=YES
anon_max_rate=1000000
data_connection_timeout=60
idle_session_timeout=600
#anon_other_write_enable=YES
#anon_mkdir_write_enable=YES
#anon_upload_enable=YES
#chown_uploads=YES
#chown_username=daemon
local_enable=YES
write_enable=YES
local_umask=022
local_max_rate=100000000
userlist_enable=YES
userlist_deny=YES
userlist_file=/etc/vsftpd/user_list
use_localtime=YES
dirmessage_enable=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_std_format=YES
listen=NO
pam_service_name=vsftpd
tcp_wrappers=YES
banner_file=/etc/vsftpd/welcome.txt
chroot_local_user=YES
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd/chroot_list
allow_writeable_chroot=YES
max_clients=100
max_per_ip=10' > /etc/vsftpd/vsftpd.conf
touch /etc/vsftpd/user_list
echo -e "#Deny Login vsFTPd Account" >> /etc/vsftpd/user_list
grep -v ftp /etc/passwd | awk 'BEGIN {FS=":"} $3 < 500 {print $1}' >> /etc/vsftpd/user_list
touch /etc/vsftpd/welcome.txt
echo 'banner test123' >> /etc/vsftpd/welcome.txt
touch /etc/vsftpd/chroot_list
echo -e "#Permit Change vsFTPd Root Floder Account" >> /etc/vsftpd/chroot_list
sed -i 's@}@\tserver_args\t\t= /etc/vsftpd/vsftpd.conf\n}@g' /etc/xinetd.d/vsftpd
/etc/init.d/xinetd start
useradd -s /sbin/nologin test_account
passwd test_account
##OPTIONS
setsebool -P allow_ftpd_anon_write=1
chcon -R -t public_content_t /var/ftp
chcon -t public_content_rw_t /var/ftp/incoming
ls -lZ /var/ftp
##OPTIONS NFS CLINET for LOCAL FTP USER
account=star
storage=10.5.1.1
useradd -s /sbin/nologin $account
passwd $account
echo "/home auto.home" >> /etc/auto.master
touch /etc/auto.home
echo "$account -rw $storage:/vol/$account" >> /etc/auto.home
/etc/init.d/autofs restart
cd /home/$account
chown $account:root /home/$account
留言列表
