Initial ConfigurationThe original configuration file for vsftpd is perfectly suited to a secure anonymous FTP server and makes a good basis to start customising,
It should be backed up to ensure any errors can be restored quickly from a known good file.
[bash]# cp /etc/vsftpd/vsftpd.conf /etc/vsftpd/vsftpd.conf.original
[bash]# vi /etc/vsftpd/vsftpd.conf
To display a welcome banner to every new user that connects, set the banner_file
banner_file=/etc/vsftpd/welcome.banner
This directive puts the FTP server into active mode for the data connection, the default is passive mode ("YES").
pasv_enable=YES
Starting The Server
Now that the FTP server has been configured, the runlevels should be set and checked to ensure the server will start as required.
[bash]# chkconfig --level 345 vsftpd on[bash]# chkconfig --list vsftpd
Controlling User Access
In vsftpd's initial state anonymous users are are allowed full download access to all the resources available through the FTP server, and adjustments to the configuration are required to enforce a more secure environment.
Anonymous UsersThe default setting for allowing anonymous users is YES. To disable anonymous access it is not enough to comment out the following parameter, it MUST be changed to NO, otherwise anonymous still has access.
anonymous_enable=YES
anonymous_enable=NO
If the FTP server is going to be accessible to the general public, then the anonymous account can be granted the rights to upload files to the server and create new directories inside the FTP root directory. Give serious consideration to these abilities before implementing them.
#anon_upload_enable=YES#anon_mkdir_write_enable=YES
Always avoid where possible, allowing anonymous users the ability to upload files to the FTP server. This has the potential to allow users of pirate software to abuse your system for further distribution. Always check the files on a regular basis for any sign of abuse.To restrict the upload rate of connected anonymous users, set the anon_max_rate to an appropriate value for your connection. The rate at which system account users can upload can also be restricted using the local_max_rate parameter.
Rates are in bytes per second, "0" is disabled.
anon_max_rate=10485760
local_max_rate=0
You may for some reason decide to limit the amount of users that connect to your server at anytime, and how many simultaneous connections can be maintained from each IP address.
max_clients=500max_per_ip=4
-Thanks
@Roshan
1 comment:
Amiable post and this enter helped me alot in my college assignement. Gratefulness you for your information.
Post a Comment