Step 1# apt-get install vsftpd
Setp 2# vim /etc/vsftpd.conf
#check the below line are uncomment
listen=YES
anonymous_enable=NO
local_enable=YES
write_enable=YES
local_umask=022
dirmessage_enable=YES
use_localtime=YES
xferlog_enable=YES
connect_from_port_20=YES
xferlog_file=/var/log/vsftpd.log
xferlog_std_format=YES
idle_session_timeout=600
ascii_upload_enable=YES
ascii_download_enable=YES
ftpd_banner=Welcome to blah FTP service.
chroot_list_enable=YES
chroot_list_file=/etc/vsftpd.chroot_list
ls_recurse_enable=YES
secure_chroot_dir=/var/run/vsftpd/empty
pam_service_name=vsftpd
rsa_private_key_file=/etc/ssl/private/vsftpd.pem
userlist_deny=NO
userlist_enable=YES
Configure for SSL/TLS
Step 3# cd
/etc/ssl/private
Step 4# openssl req –utf8 -x509 -nodes -newkey rsa:1024 -keyout /etc/ssl/private/vsftpd.pem -out /etc/ssl/private/vsftpd.pem
Step 6# chmod 400 vsftpd.pem
Step 7 # vi /etc/vsftpd.conf
#add the below lines
in end of the file
# enable SSL
ssl_enable=YES
# require SSL
connection
force_local_data_ssl=YES
# require SSL
connection
force_local_logins_ssl=YES
force_local_logins_ssl=YES
Step 8# /etc/init.d/vsftpd restart
Move the ftp user as Non-System-login user
Step 9# This is necessary because, by default
vsftpd
uses PAM for authentication, and the /etc/pam.d/vsftpd configuration file
contains:
auth required pam_shells.so
#check the above line is present in /etc/pam.d/vsftpd if not add it.
The shells PAM module restricts access to shells listed in the /etc/shells file.
Step 10# To allow users with a shell of
/usr/sbin/nologin access to FTP, but have no shell access, edit /etc/shells
adding the nologin shell:
# vim /etc/shells
#add the below line
/usr/sbin/nologin
Create ftp user
Step 11# mkdir /ftp-user
Shell script:
root@akt-vpc1:/# cat addftp.sh
---------------------------------------------
#!/bin/bash
read -p " Enter The FTP User Name:
" username
adduser --home /ftp-user/$username --shell
/usr/sbin/nologin $username
echo $username >>
/etc/vsftpd.user_list
echo $username >>
/etc/vsftpd.chroot_list
-----------------------------------------------------------
root@akt-vpc1:/# cat delftp.sh
-----------------------------------------------------------
#!/bin/bash
read -p " Enter the FTP User Name to
Delete: " username
deluser --remove-home $username
sed -i '/'$username'/d' /etc/vsftpd.user_list
sed -i '/'$username'/d'
/etc/vsftpd.chroot_list
----------------------------------------------------------
Step 12# vim /etc/vsftpd.user_list (to access
the ftp connection add the ftp user in this file)
Step 13# vim /etc/vsftpd.chroot_list (for
chroot jail add the ftp user in this file)
Step 14# vim /etc/ftpusers (to deny ftp
connection add ftp user in this file)
No comments:
Post a Comment