- Code: Select all
# yum install vsftpd
Vsftpd Defaults
- Code: Select all
1. Default port: TCP / UDP - 21 and 20
2. The main configuration file: /etc/vsftpd/vsftpd.conf
3. Users that are not allowed to login via ftp: /etc/vsftpd/ftpusers
Configure Vsftpd Server
Open the configuration file, type:
- Code: Select all
# vi /etc/vsftpd/vsftpd.conf
Turn off standard ftpd xferlog log format:
- Code: Select all
xferlog_std_format=NO
Turn on verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log:
- Code: Select all
log_ftp_protocol=YES
Above to directives will enable logging of all FTP transactions. Lock down users to their home directories:
- Code: Select all
chroot_local_user=YES
Create warning banners for all FTP users:
- Code: Select all
banner_file=/etc/vsftpd/issue
Create /etc/vsftpd/issue file with a message compliant with the local site policy or a legal disclaimer:
NOTICE TO USERS
All activity is logged with your host name and IP address.
Turn On Vsftpd Service
- Code: Select all
Turn on vsftpd on boot:
# chkconfig vsftpd on
Start the service:
# service vsftpd start
# netstat -tulpn | grep :21
Configure Iptables To Protect The FTP Server
Open file /etc/sysconfig/iptables, enter:
- Code: Select all
# vi /etc/sysconfig/iptables
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:
- Code: Select all
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
Open file /etc/sysconfig/iptables-config, enter:
- Code: Select all
# vi /etc/sysconfig/iptables-config
Ensure that the space-separated list of modules contains the FTP connection tracking module:
- Code: Select all
IPTABLES_MODULES="ip_conntrack_ftp"
Save and close the file. Restart firewall:
- Code: Select all
# service iptables restart
Tip: View FTP Log File
Type the following command:
- Code: Select all
# tail -f /var/log/vsftpd.log
