viernes, 1 de marzo de 2013

instalar vsftpd en centos 6.0

Hola mis amados lectores algo rapido...
root@localhost# yum install vsftpd.x86_64
root@localhost# cp -rfv /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.old

root@localhost# vim /etc/vsftpd/vsftpd.conf
# Example config file /etc/vsftpd/vsftpd.conf
  2 #
  3 # The default compiled in settings are fairly paranoid. This sample file
  4 # loosens things up a bit, to make the ftp daemon more usable.
  5 # Please see vsftpd.conf.5 for all compiled in defaults.
  6 #
  7 # READ THIS: This example file is NOT an exhaustive list of vsftpd options.
  8 # Please read the vsftpd.conf.5 manual page to get a full idea of vsftpd's
  9 # capabilities.
 10 #
 11 # Allow anonymous FTP? (Beware - allowed by default if you comment this out).
 12 anonymous_enable=YES
 13 #
 14 # Uncomment this to allow local users to log in.
 15 local_enable=YES
 16 #
 17 # Uncomment this to enable any form of FTP write command.
 18 write_enable=YES
 19 #
 20 # Default umask for local users is 077. You may wish to change this to 022,
 21 # if your users expect that (022 is used by most other ftpd's)
 22 local_umask=022
 23 #
 24 # Uncomment this to allow the anonymous FTP user to upload files. This only
 25 # has an effect if the above global write enable is activated. Also, you will
 26 # obviously need to create a directory writable by the FTP user.
 27 #anon_upload_enable=YES
 28 #
 29 # Uncomment this if you want the anonymous FTP user to be able to create
 30 # new directories.
 31 #anon_mkdir_write_enable=YES
 32 #
 33 # Activate directory messages - messages given to remote users when they
 34 # go into a certain directory.
 35 dirmessage_enable=YES
 36 #
 37 # The target log file can be vsftpd_log_file or xferlog_file.
 38 # This depends on setting xferlog_std_format parameter
39 xferlog_enable=YES
 40 #
 41 # Make sure PORT transfer connections originate from port 20 (ftp-data).
 42 connect_from_port_20=YES
 43 #
 44 # If you want, you can arrange for uploaded anonymous files to be owned by
 45 # a different user. Note! Using "root" for uploaded files is not
 46 # recommended!
 47 #chown_uploads=YES
 48 #chown_username=whoever
 49 #
 50 # The name of log file when xferlog_enable=YES and xferlog_std_format=YES
 51 # WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
 52 #xferlog_file=/var/log/xferlog
 53 #
 54 # Switches between logging into vsftpd_log_file and xferlog_file files.
 55 # NO writes to vsftpd_log_file, YES to xferlog_file
 56 xferlog_std_format=YES
 57 #
 58 # You may change the default value for timing out an idle session.
 59 idle_session_timeout=600
 60 #
 61 # You may change the default value for timing out a data connection.
 62 data_connection_timeout=120
 63 #
 64 # It is recommended that you define on your system a unique user which the
 65 # ftp server can use as a totally isolated and unprivileged user.
 66 #nopriv_user=ftpsecure
 67 #
 68 # Enable this and the server will recognise asynchronous ABOR requests. Not
 69 # recommended for security (the code is non-trivial). Not enabling it,
 70 # however, may confuse older FTP clients.
71 #async_abor_enable=YES
 72 #
 73 # By default the server will pretend to allow ASCII mode but in fact ignore
 74 # the request. Turn on the below options to have the server actually do ASCII
 75 # mangling on files when in ASCII mode.
 76 # Beware that on some FTP servers, ASCII support allows a denial of service
 77 # attack (DoS) via the command "SIZE /big/file" in ASCII mode. vsftpd
 78 # predicted this attack and has always been safe, reporting the size of the
 79 # raw file.
 80 # ASCII mangling is a horrible feature of the protocol.
 81 #ascii_upload_enable=YES
 82 #ascii_download_enable=YES
 83 #
 84 # You may fully customise the login banner string:
 85 ftpd_banner=Welcome to blah FTP service.
 86 #
 87 # You may specify a file of disallowed anonymous e-mail addresses. Apparently
 88 # useful for combatting certain DoS attacks.
 89 #deny_email_enable=YES
 90 # (default follows)
 91 #banned_email_file=/etc/vsftpd/banned_emails
 92 #
 93 # You may specify an explicit list of local users to chroot() to their home
 94 # directory. If chroot_local_user is YES, then this list becomes a list of
 95 # users to NOT chroot().
 96 chroot_local_user=YES
 97 #chroot_list_enable=YES
 98 # (default follows)
 99 #chroot_list_file=/etc/vsftpd/chroot_list
100 #
101 # You may activate the "-R" option to the builtin ls. This is disabled by
102 # default to avoid remote users being able to cause excessive I/O on large
103 # sites. However, some broken FTP clients such as "ncftp" and "mirror" assume
104 # the presence of the "-R" option, so there is a strong case for enabling it.
105 ls_recurse_enable=YES
106 #
107 # When "listen" directive is enabled, vsftpd runs in standalone mode and
108 # listens on IPv4 sockets. This directive cannot be used in conjunction
109 # with the listen_ipv6 directive.
110 listen=YES
111 #
112 # This directive enables listening on IPv6 sockets. To listen on IPv4 and IPv6
113 # sockets, you must run two copies of vsftpd with two configuration files.
114 # Make sure, that one of the listen options is commented !!
115 #listen_ipv6=YES
116 
117 pam_service_name=vsftpd
118 userlist_enable=YES
119 tcp_wrappers=YES

Si se necesita permitir el acceso utilizando las cuentas de usuarios del anfitrión local, a fin de que éstos puedan acceder a sus directorio de inicio, se debe habilitar la política ftp_home_dir:
setsebool -P ftp_home_dir 1
Para hacer que SELinux permita acceder a los usuarios locales al resto del sistema de archivos, ejecute el siguiente mandato:
setsebool -P allow_ftpd_full_access 1

No hay comentarios:

 
;