- 1添加用户 proftp (该用户无法登录系统,没有宿主目录)
useradd proftp -s /sbin/nologin -M - 2设置ftp目录权限
chmod 777 /ftp/jlc_oa - 3配置 /etc/proftpd.conf
- PersistentPasswd off
UseReverseDNS off
User proftp #设置启动用户
Group proftp #设置启动用户组
DefaultRoot /qdb/www/information/storage/app/ftp #共享根目录
PidFile /var/run/proftpd/proftpd.pid
MaxInstances 20
UseSendfile off - Define the log formats
LogFormat default “%h %l %u %t \”%r\” %s %b”
LogFormat auth “%v [%P] %h %t \”%r\” %s” - http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab">Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab - Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm - http://www.proftpd.org/docs/howto/Vhost.html
">Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html - Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022 - Allow users to overwrite files and change permissions
AllowOverwrite yes
AllowAll
- A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
User ftp
Group ftp
AccessGrantMsg “Anonymous login ok, restrictions apply.” - http://www.castaglia.org/proftpd/contrib/ftpasswd
chmod +x ftpasswd">4安装ftpasswd
cd /usr/sbin/
wget http://www.castaglia.org/proftpd/contrib/ftpasswd
chmod +x ftpasswd - 5创建虚拟用户jlc_oa
ftpasswd —passwd —name jlc_oa —file /etc/ftpd.passwd —uid 5000 —gid 5000 —home /qdb/www/information/storage/app/ftp/jlc_oa/ —shell /bin/false - 6配置iptables
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state —state NEW -m tcp —dport 21 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10021 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10022 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10023 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10024 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10025 -j ACCEPT - 7重启proftpd并查看端口
service proftpd restart
lsof -i:21
yum install proftpd
chkconfig proftpd on
1添加用户 proftp (该用户无法登录系统,没有宿主目录)
useradd proftp -s /sbin/nologin -M
2设置ftp目录权限
chmod 777 /ftp/jlc_oa
3配置 /etc/proftpd.conf
ServerName “test.com”
ServerIdent on “FTP Server ready.”
ServerAdmin root@315i.com
DefaultServer on
UseEncoding UTF-8 CP936 #设置中文编码格式
Port 21 #设置21端口
AllowRetrieveRestart on #允许断点继传(上传)
AllowStoreRestart on #允许断点继传(下载)
UseIPv6 off #禁用ipv6
VRootEngine on
DefaultRoot ~ !adm
VRootAlias /etc/security/pam_env.conf etc/security/pam_env.conf
AuthPAMConfig proftpd
# 用 mod_auth_file.c 验证登录用户名和密码
AuthOrder mod_auth_file.c #mod_auth_pam.c* mod_auth_unix.c
PersistentPasswd off
UseReverseDNS off
User proftp #设置启动用户
Group proftp #设置启动用户组
DefaultRoot /qdb/www/information/storage/app/ftp #共享根目录
PidFile /var/run/proftpd/proftpd.pid
MaxInstances 20
UseSendfile off
Define the log formats
LogFormat default “%h %l %u %t \”%r\” %s %b”
LogFormat auth “%v [%P] %h %t \”%r\” %s”
PassivePorts 10021 10025 #设置允许端口10021-10025
RequireValidShell off
AuthUserFile /etc/ftpd.passwd #设置虚拟用户名密码文件
TLSEngine on
TLSRequired on
TLSRSACertificateFile /etc/pki/tls/certs/proftpd.pem
TLSRSACertificateKeyFile /etc/pki/tls/certs/proftpd.pem
TLSCipherSuite ALL:!ADH:!DES
TLSOptions NoCertRequest
TLSVerifyClient off
#TLSRenegotiate ctrl 3600 data 512000 required off timeout 300
TLSLog /var/log/proftpd/tls.log
TLSSessionCache shm:/file=/var/run/proftpd/sesscache
Dynamic ban lists (http://www.proftpd.org/docs/contrib/mod_ban.html)
# Enable this with PROFTPD_OPTIONS=-DDYNAMIC_BAN_LISTS in /etc/sysconfig/proftpd
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
LoadModule mod_ban.c
BanEngine on
BanLog /var/log/proftpd/ban.log
BanTable /var/run/proftpd/ban.tab
BanOnEvent MaxLoginAttempts 2/00:10:00 01:00:00
Allow the FTP admin to manually add/remove bans
BanControlsACLs all allow user ftpadm
Global Config - config common to Server Config and all virtual hosts
# See: http://www.proftpd.org/docs/howto/Vhost.html
Umask 022 is a good standard umask to prevent new dirs and files
# from being group and world writable
Umask 022
Allow users to overwrite files and change permissions
AllowOverwrite yes
AllowAll
AllowAll
A basic anonymous configuration, with an upload directory
# Enable this with PROFTPD_OPTIONS=-DANONYMOUS_FTP in /etc/sysconfig/proftpd
User ftp
Group ftp
AccessGrantMsg “Anonymous login ok, restrictions apply.”
User ftp
Group ftp
AccessGrantMsg “Anonymous login ok, restrictions apply.”
# We want clients to be able to login with "anonymous" as well as "ftp"<br /> UserAlias anonymous ftp# Limit the maximum number of anonymous logins<br /> MaxClients 10 "Sorry, max %m users -- try again later"# Put the user into /pub right after login<br /> #DefaultChdir /pub# We want 'welcome.msg' displayed at login, '.message' displayed in<br /> # each newly chdired directory and tell users to read README* files. <br /> DisplayLogin /welcome.msg<br /> DisplayChdir .message<br /> DisplayReadme README*# Cosmetic option to make all files appear to be owned by user "ftp"<br /> DirFakeUser on ftp<br /> DirFakeGroup on ftp# Limit WRITE everywhere in the anonymous chroot<br /> <Limit WRITE SITE_CHMOD><br /> DenyAll<br /> </Limit># An upload directory that allows storing files but not retrieving<br /> # or creating directories.<br /> <Directory uploads/*><br /> AllowOverwrite no<br /> <Limit READ><br /> DenyAll<br /> </Limit><Limit STOR><br /> AllowAll<br /> </Limit><br /> </Directory># Don't write anonymous accesses to the system wtmp file (good idea!)<br /> WtmpLog off# Logging for the anonymous transfers<br /> ExtendedLog /var/log/proftpd/access.log WRITE,READ default<br /> ExtendedLog /var/log/proftpd/auth.log AUTH auth
AllowAll
DenyAll
DenyAll
AllowUser jlc_oa
4安装ftpasswd
cd /usr/sbin/
wget http://www.castaglia.org/proftpd/contrib/ftpasswd
chmod +x ftpasswd
5创建虚拟用户jlc_oa
ftpasswd —passwd —name jlc_oa —file /etc/ftpd.passwd —uid 5000 —gid 5000 —home /qdb/www/information/storage/app/ftp/jlc_oa/ —shell /bin/false
6配置iptables
vi /etc/sysconfig/iptables
-A INPUT -p tcp -m state —state NEW -m tcp —dport 21 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10021 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10022 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10023 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10024 -j ACCEPT
-A INPUT -p tcp -m state —state NEW -m tcp —dport 10025 -j ACCEPT
7重启proftpd并查看端口
service proftpd restart
lsof -i:21
若有收获,就点个赞吧
0 人点赞
