[vm20@vm20~]#vi /etc/vsftpd/vsftpd.conf
#Example config file /etc/vsftpd/vsftpd.conf
#
#The default compiled in settings are fairly paranoid. This samplefile
#loosens things up a bit, to make the ftp daemon more usable.
#Please see vsftpd.conf.5 for all compiled in defaults.
#
#READ THIS: This example file is NOT an exhaustive list of vsftpdoptions.
#Please read the vsftpd.conf.5 manual page to get a full idea ofvsftpd's
#capabilities.
#
#Allow anonymous FTP? (Beware - allowed by default if you comment thisout).
anonymous_enable=YES
#
#Uncomment this to allow local users to log in.
local_enable=YES
#
#Uncomment this to enable any form of FTP write command.
write_enable=YES
#
#Default umask for local users is 077. You may wish to change this to022,
#if your users expect that (022 is used by most other ftpd's)
local_umask=022
#
#Uncomment this to allow the anonymous FTP user to upload files. Thisonly
#has an effect if the above global write enable is activated. Also,you will
#obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
#
#Uncomment this if you want the anonymous FTP user to be able tocreate
#new directories.
#anon_mkdir_write_enable=YES
#
#Activate directory messages - messages given to remote users whenthey
#go into a certain directory.
dirmessage_enable=YES
#
#The target log file can be vsftpd_log_file or xferlog_file.
#This depends on setting xferlog_std_format parameter
xferlog_enable=YES
#
#Make sure PORT transfer connections originate from port 20(ftp-data).
connect_from_port_20=YES
#
#If you want, you can arrange for uploaded anonymous files to be ownedby
#a different user. Note! Using "root" for uploaded files isnot
#recommended!
#chown_uploads=YES
#chown_username=whoever
#
#The name of log file when xferlog_enable=YES andxferlog_std_format=YES
#WARNING - changing this filename affects /etc/logrotate.d/vsftpd.log
#xferlog_file=/var/log/xferlog
#
#Switches between logging into vsftpd_log_file and xferlog_file files.
#NO writes to vsftpd_log_file, YES to xferlog_file
xferlog_std_format=YES
#
#You may change the default value for timing out an idle session.
idle_session_timeout=600
#
#You may change the default value for timing out a data connection.
#data_connection_timeout=120
#
#It is recommended that you define on your system a unique user whichthe
#ftp server can use as a totally isolated and unprivileged user.
#nopriv_user=ftpsecure
#
#Enable this and the server will recognise asynchronous ABOR requests.Not
#recommended for security (the code is non-trivial). Not enabling it,
#however, may confuse older FTP clients.
async_abor_enable=YES
#
#By default the server will pretend to allow ASCII mode but in factignore
#the request. Turn on the below options to have the server actually doASCII
#mangling on files when in ASCII mode.
#Beware that on some FTP servers, ASCII support allows a denial ofservice
#attack (DoS) via the command "SIZE /big/file" in ASCIImode. vsftpd
#predicted this attack and has always been safe, reporting the size ofthe
#raw file.
#ASCII mangling is a horrible feature of the protocol.
ascii_upload_enable=YES
ascii_download_enable=YES
#
#You may fully customise the login banner string:
ftpd_banner=Welcometo blah FTP service.
#
#You may specify a file of disallowed anonymous e-mail addresses.Apparently
#useful for combatting certain DoS attacks.
#deny_email_enable=YES
#(default follows)
#banned_email_file=/etc/vsftpd/banned_emails
#
#You may specify an explicit list of local users to chroot() to theirhome
#directory. If chroot_local_user is YES, then this list becomes a listof
#users to NOT chroot().
chroot_local_user=YES
chroot_list_enable=YES
#(default follows)
chroot_list_file=/etc/vsftpd/chroot_list
#
#You may activate the "-R" option to the builtin ls. This isdisabled by
#default to avoid remote users being able to cause excessive I/O onlarge
#sites. However, some broken FTP clients such as "ncftp" and"mirror" assume
#the presence of the "-R" option, so there is a strong casefor enabling it.
#ls_recurse_enable=YES
#
#When "listen" directive is enabled, vsftpd runs instandalone mode and
#listens on IPv4 sockets. This directive cannot be used in conjunction
#with the listen_ipv6 directive.
listen=YES
#
#This directive enables listening on IPv6 sockets. To listen on IPv4and IPv6
#sockets, you must run two copies of vsftpd with two configurationfiles.
#Make sure, that one of the listen options is commented !!
#listen_ipv6=YES
第十四步:修改selinux关于vsftp的设置
1、查看selinux的设置
[vm20@vm20~]#cat /etc/selinux/config
#This file controls the state of SELinux on the system.
#SELINUX= can take one of these three values:
# enforcing - SELinux security policy is enforced.
# permissive - SELinux prints warnings instead of enforcing.
# disabled - No SELinux policy is loaded. SELINUX=enforcing
#SELINUXTYPE= can take one of these two values:
# targeted - Targeted processes are protected,
# mls - Multi Level Security protection.
SELINUXTYPE=targeted
2、查看selinux中有关FTP的设置状态
[vm20@vm20~]#getsebool -a | grep ftp
allow_ftpd_anon_write--> off
allow_ftpd_full_access--> off
allow_ftpd_use_cifs--> off
allow_ftpd_use_nfs--> off
ftp_home_dir--> off
ftpd_connect_db--> off
ftpd_use_passive_mode--> off
httpd_enable_ftp_server--> off
tftp_anon_write--> off
4、再次查看selinux中有关FTP的设置状态
[vm20@vm20~]#getsebool -a | grep ftp
allow_ftpd_anon_write--> off allow_ftpd_full_access--> on
allow_ftpd_use_cifs--> off
allow_ftpd_use_nfs--> off ftp_home_dir--> on
ftpd_connect_db--> off
ftpd_use_passive_mode--> off
httpd_enable_ftp_server--> off
tftp_anon_write--> off
QQ群⑧:
窥视卡
雷达卡
发表于 2015-11-6 14:14:07
提升卡
置顶卡
沉默卡
喧嚣卡
变色卡
千斤顶
显身卡