vsftpd(very secure FTP daemon)是一個完全免費,開源的FTP服務器軟件。
## vsftpd
查詢vsftpd
```
yum info vsftpd
```
安裝和配置vsftpd服務
```
yum install vsftpd -y
systemctl start vsftpd
systemctl enable vsftpd
systemctl status vsftpd
```
查詢socket statistics狀態
```
ss -antp | grep vsftpd
```
設置防火墻例外
```
firewall-cmd --permanent --add-service=ftp
firewall-cmd --reload
firewall-cmd --list-services
```
創建本地用戶,ftp目錄,設置權限
```
useradd user01
passwd user01
mkdir -p /home/user01/ftp
mkdir -p /home/user01/ftp/upload
chmod 550 /home/user01/ftp
chmod 750 /home/user01/ftp/upload
chown -R user01:user01 /home/user01/ftp
```
修改配置文件vi /etc/vsftpd/vsftpd.conf
```
# 禁止匿名訪問
anonymous_enable=NO
# 將用戶限制在主目錄
chroot_local_user=YES
# ftp用戶根目錄為家目錄下的ftp
user_sub_token=$USER
local_root=/home/$USER/ftp
# ftp用戶允許列表/etc/vsftpd/user_list
userlist_enable=YES
userlist_deny=NO
```
清空配置文件/etc/vsftpd/user_list里用戶,然后添加用戶user01
```
cat /etc/vsftpd/user_list | grep -v "^#"
user01
```
重啟vsftpd服務
```
systemctl restart vsftpd
```
禁止ssh登錄
```
# Modify user's login to /sbin/nologin in /etc/passwd
grep user01 /etc/passwd
user01:x:1000:1000::/home/user01:/sbin/nologin
# Add /sbin/nologin into /etc/shells
cat /etc/shells
/bin/sh
/bin/bash
/usr/bin/sh
/usr/bin/bash
/sbin/nologin
```
Pasv Mode (可選)
```
pasv_enable=YES
pasv_min_port=30000
pasv_max_port=31000
```
TLS / SSL / FTPS(可選)
生成證書
```
openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout /etc/vsftpd/vsftpd.pem -out /etc/vsftpd/vsftpd.pem
```
修改配置文件vi /etc/vsftpd/vsftpd.conf(添加下面內容)
```
rsa_cert_file=/etc/vsftpd/vsftpd.pem
rsa_private_key_file=/etc/vsftpd/vsftpd.pem
ssl_enable=YES
allow_anon_ssl=NO
force_local_data_ssl=YES
force_local_logins_ssl=YES
ssl_tlsv1=YES
ssl_sslv2=NO
ssl_sslv3=NO
```
## tftp
查詢tftp
```
yum info tftp
yum info tftp-server
yum info xinetd
```
安裝和配置tftp服務
```
yum install tftp tftp-server xinetd -y
systemctl start tftp xinetd
systemctl enable tftp xinetd
systemctl status tftp
systemctl status xinetd
```
修改配置文件vi /etc/xinetd.d/tftp
```
server_args = -c -s /var/lib/tftpboot
disable = no
```
修改tftp目錄(默認)權限
```
chmod 777 /var/lib/tftpboot
```
設置防火墻例外
```
firewall-cmd --permanent --add-service=tftp
firewall-cmd --reload
firewall-cmd --list-services
```
設置SELINUX
```
setsebool -P tftp_anon_write on
setsebool -P tftp_home_dir on
getsebool -a | grep tftp
```