Remark :
- FTP 포트로 54021 을 사용하고, FTP-Data 포트로 60019~20 을
사용하도록 설정해 보자. - 서버 방화벽에서 54021, 60019:60023, port가 열려 있어야 한다.
Data 포트 60019 하나로도 사용가능 하나 포트가 작어 작동에 지장이 생긴다. . - Data 포트 개수가 동시 사용자 가능명수와 동일
- 사용자 초가시 : 500 OOPS: vsf_sysutil_bind 500 OOPS: priv_sock_get_int 밸생
- vi /etc/vsftpd.conf (in Ubuntu), vi /etc/vsftpd/vsftpd.conf (in CentOS)
FTP :
File Transfer Protocol (FTP) servers can be useful for providing files to customers and for exchanging files with partners and business associates. However, FTP can become the bane of existence for the admins who must keep these services secure and operational. Poorly secured FTP services can often result in a successful attack on a server. That’s where VSFTP comes in.
VSFTP :
VSFTP is a secure, stable, and fast FTP server. It can greatly decrease the chances of an attacker gaining access to a server via FTP exploits. Want evidence? The Red Hat, OpenBSD, and SuSE FTP sites all have one thing in common: They all run on VSFTP. Even SANS recommends VSFTP as the preferred FTP daemon because of its tight security.
Port Change
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# vi /etc/vsftpd.conf (in Ubuntu), vi /etc/vsftpd/vsftpd.conf (in CentOS) # vi /etc/vsftpd/vsftpd.conf listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES #listen_ipv6=YES pam_service_name=ftp listen_port=54021 pasv_min_port=60019 pasv_max_port=60023 pasv_address= {Server IP} #서버아이피 pasv_addr_resolve=YES pasv_enable=YES log_ftp_protocol=YES force_dot_files=YES hide_ids=YES max_per_ip=10 max_clients=100 allow_writeable_chroot=YES |
port services change
|
1 2 3 4 5 |
# sudo vi /etc/services ftp 21/tcp => ftp 54021/tcp |
firewall open
Inbound range
fpt tcp : 54021
passv tcp : 60019:60020
restart vsftpd
|
1 2 3 |
systemctl restart vsftpd |
filezillar 에서 반드시 수동형으로 체크 해야 정상적으로 파일이 보여진다.
