Of Stack

linux proftpd 1.3.4 c installation configuration instance

  • 2020-05-12 06:32:05
  • OfStack

1. Download and install the software 


[root@chenghy ~]# cd /root
[root@chenghy ~]# wget ftp://ftp.proftpd.org/distrib/source/proftpd-1.3.4c.tar.gz
[root@chenghy ~]# tar zxvf proftpd-1.3.4c.tar.gz
[root@chenghy ~]# cd proftpd-1.3.4c
[root@chenghy ~]# ./configure --prefix=/usr/local/proftpd
[root@chenghy ~]# make
[root@chenghy ~]# make install

2. Modify the configuration file 


[root@chenghy ~]# vim /usr/local/proftpd/etc/proftpd.conf
ServerName           "chenghy's FTP Server"
ServerType           standalone       #  Run as a separate process 
DefaultServer          on
Port               21           # FTP port 
Umask              002          #  Permissions are recommended to be set to 002
UseReverseDNS          off          #  ban DNS The check 
IdentLookups          off          #  ban DNS The check 
ServerIdent           off          #  Hide software version information 
AllowRetrieveRestart      on           #  Download breakpoint continuation 
AllowStoreRestart        on           #  Upload and upload 
##  Virtual user authentication information 
AuthOrder            mod_auth_file.c      #  Only virtual users are allowed to log in 
AuthUserFile          /usr/local/proftpd/etc/ftp.users
AuthGroupFile          /usr/local/proftpd/etc/ftp.group
DefaultRoot           ~           #  Restrict the user to the root directory 
PassivePorts          20000  30000        #  Passive mode port segment 
SystemLog            /var/log/proftpd/proftpd.log   #  Software log 
TransferLog           /var/log/proftpd/proftpd.xfer.log
LogFormat            default     "%h %u %t %D \"%r\" %s %b"  #  Log format 
ExtendedLog           /var/log/proftpd/access.log WRITE,READ default  #  Access log 
MaxInstances          250          #  Maximum connection allowed 
MaxClients           20           #  Maximum number of users 
MaxLoginAttempts        3           #  Maximum number of attempts to connect 
TimeoutLogin          30           #  Authentication timeout 
TimeoutIdle           120          #  Stunned the timeout 
TimeoutNoTransfer        300          #  No data transmission timeout 
User              nobody         #  define ftp Which user to run as 
Group              nobody        #  define ftp Which user group to run as 
<Directory ~/>
AllowOverwrite         on      #  Allow write overwrite 
    <Limit LOGIN CWD RETR READ DIRS>   #  Set virtual user read permissions 
        AllowALL
    </Limit>
    <Limit ALL>             #  Set up the omd All user privileges 
        Order allow,deny
        AllowUser omd
        DenyALL
    </Limit>
</Directory>

3. Add virtual users and groups 


[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=bsmp --home=/home/omd/file/ --uid=2001 --gid=2000 --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftp.users
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=omd --home=/home/omd/ --uid=2002 --gid=2000 --shell=/sbin/nologin --file=/usr/local/proftpd/etc/ftp.users
[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --group --name=myftp --gid=2000 --member=bsmp --member=omd --file=/usr/local/proftpd/etc/ftp.group

4. Set permissions on the user directory 


[root@chenghy ~]# chown -R 2002:2000 /home/omd/

#### The next two lines are used to delete users and groups ########### 

[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --passwd --name=bsmp --delete-user --file=/usr/local/proftpd/etc/ftp.users[root@chenghy ~]# /usr/local/proftpd/bin/ftpasswd --group --name=myftp --delete-group --file=/usr/local/proftpd/etc/ftp.group

5. Add proftpd to system services

According to the online information to modify/etc/rc d/init d/proftpd files found configuration is not successful, then modify the finished configuration 1 under this file 


[root@chenghy ~]# vim /etc/rc.d/init.d/proftpd
#!/bin/sh
# Source function library.
. /etc/rc.d/init.d/functions
RETVAL=0
start() {
    echo -n $"Starting proftpd : "
    daemon /usr/local/proftpd/sbin/proftpd -c /usr/local/proftpd/etc/proftpd.conf 2>/dev/null
# daemon Command is /etc/rc.d/init.d/functions The built-in 
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && touch /var/lock/subsys/proftpd
}
stop() {
    echo -n $"Shutting down proftpd : "
    killproc proftpd
# killproc Command is /etc/rc.d/init.d/functions The built-in 
    RETVAL=$?
    echo
    [ $RETVAL -eq 0 ] && rm -f /var/lock/subsys/proftpd
}
# See how we were called.
case "$1" in
    start)
        start
        ;;
    stop)
        stop
        ;;
    restart)
        stop
        start
        ;;
    *)
        echo "Usage: proftpd { start | stop | restart }"
esac
[root@chenghy ~]# chmod 755 /etc/rc.d/init.d/proftpd
[root@chenghy ~]# chkconfig add proftpd
[root@chenghy ~]# chkconfig --level 35 proftpd on
[root@chenghy ~]# service proftpd start

6. Firewall setup

Only active mode access is allowed to add the following,,, only passive mode access to add the following,,, both allow to add the following,,. 


[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20 -j ACCEPT
[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 21 -j ACCEPT
[root@chenghy ~]# iptables -A RH-Firewall-1-INPUT -p tcp -m tcp --dport 20000:30000 -j ACCEPT

Related articles: