Friday, August 6, 2010

FTP Server Installation and Configuration In Linux Server

Linux comes with various ftp servers to setup FTP service such as:

  • proftpd - Versatile, virtual-hosting FTP daemon 
  • vsftpd - The Very Secure FTP Daemon
  • ftpd - FTP server
  • wu-ftpd - powerful and widely used FTP server
  • wzdftpd - A portable, modular, small and efficient ftp server
  • pure-ftpd - Pure-FTPd FTP server

Install and Configuration of vsftpd 

In centos 

yum install vsftpd 

Configure /etc/vsftpd/vsftpd.conf

# Allow anonymous FTP?
anonymous_enable=YES
...
# The directory which vsftpd will try to change
# into after an anonymous login. (Default = /var/ftp)
anon_root=/data/directory
...
# Uncomment this to allow local users to log in.
local_enable=YES
...
# Uncomment this to enable any form of FTP write command.
# (Needed even if you want local users to be able to upload files)
write_enable=YES
...
# Uncomment to allow the anonymous FTP user to upload files. This only
# has an effect if global write enable is activated. Also, you will
# obviously need to create a directory writable by the FTP user.
#anon_upload_enable=YES
...
# Uncomment this if you want the anonymous FTP user to be able to create
# new directories.
#anon_mkdir_write_enable=YES
...
# Activate logging of uploads/downloads.
xferlog_enable=YES
...
# You may override where the log file goes if you like.
# The default is shown below.
xferlog_file=/var/log/vsftpd.log
...
anon_root=/data/directory   the root directory that visitors will visit

  

FTP Security  

In /etc/vsftpd/ftpusers 

 For added security, you may restrict FTP access to certain users by adding them to the list of users in the /etc/vsftpd.ftpusers file. The VSFTPD package creates this file with a number of entries for privileged users that normally shouldn't have FTP access. As FTP doesn't encrypt passwords, thereby increasing the risk of data or passwords being compromised, it is a good idea to let these entries remain and add new entries for additional security

Anonymous Upload

If you want remote users to write data to your FTP server, then you should create a write-only directory within /var/ftp/pub. This will allow your users to upload but not access other files uploaded by other users

. The commands you need are:
# mkdir /var/ftp/pub/upload
# chmod 722 /var/ftp/pub/upload

FTP Greeting Banner

Change the default greeting banner in the vsftpd.conf file to make it harder for malicious users to determine the type of system you have. The directive in this file is. 

ftpd_banner= New Banner Here

Start VSFTP 

service vsftpd start

 

 

 


No comments:

Post a Comment