Install Vsftpd FTP Server
Vsftpd Defaults
- Default port: TCP / UDP - 21 and 20
- The main configuration file: /etc/vsftpd/vsftpd.conf
- Users that are not allowed to login via ftp: /etc/vsftpd/ftpusers
Configure Vsftpd Server
Open the configuration file, type:
Turn off standard ftpd xferlog log format:
# vi /etc/vsftpd/vsftpd.confTurn off standard ftpd xferlog log format:
xferlog_std_format=NO
Turn on verbose vsftpd log format. The default vsftpd log file is /var/log/vsftpd.log:
log_ftp_protocol=YES
Above to directives will enable logging of all FTP transactions. Lock down users to their home directories:
chroot_local_user=YES
Create warning banners for all FTP users:
banner_file=/etc/vsftpd/issue
Create /etc/vsftpd/issue file with a message compliant with the local site policy or a legal disclaimer:
NOTICE TO USERS Use of this system constitutes consent to security monitoring and testing. All activity is logged with your host name and IP address.
Turn On Vsftpd Service
Turn on vsftpd on boot:
Start the service:
# chkconfig vsftpd onStart the service:
# service vsftpd start
# netstat -tulpn | grep :21Configure Iptables To Protect The FTP Server
Open file /etc/sysconfig/iptables, enter:
Add the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:
# vi /etc/sysconfig/iptablesAdd the following lines, ensuring that they appear before the final LOG and DROP lines for the RH-Firewall-1-INPUT:
-A RH-Firewall-1-INPUT -m state --state NEW -p tcp --dport 21 -j ACCEPT
Open file /etc/sysconfig/iptables-config, enter:
Ensure that the space-separated list of modules contains the FTP connection tracking module:
# vi /etc/sysconfig/iptables-configEnsure that the space-separated list of modules contains the FTP connection tracking module:
IPTABLES_MODULES="ip_conntrack_ftp"
Save and close the file. Restart firewall:
# service iptables restarthttp://www.cyberciti.biz/tips/rhel-fedora-centos-vsftpd-installation.html 