Remark :
FTP :
File Transfer Protocol (FTP) servers can be useful for providing files to customers and for exchanging files with partners and business associates. However, FTP can become the bane of existence for the admins who must keep these services secure and operational. Poorly secured FTP services can often result in a successful attack on a server. That’s where VSFTP comes in.
VSFTP :
VSFTP is a secure, stable, and fast FTP server. It can greatly decrease the chances of an attacker gaining access to a server via FTP exploits. Want evidence? The Red Hat, OpenBSD, and SuSE FTP sites all have one thing in common: They all run on VSFTP. Even SANS recommends VSFTP as the preferred FTP daemon because of its tight security.
Port Chanage
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 |
# vi /etc/vsftpd/vsftpd.conf listen=YES anonymous_enable=NO local_enable=YES write_enable=YES dirmessage_enable=YES xferlog_enable=YES connect_from_port_20=YES chroot_local_user=YES #listen_ipv6=YES rsa_cert_file=/etc/ssl/certs/vsftpd.pem # if cert install pam_service_name=vsftpd #Or ftp listen_port=50021 pasv_min_port=60010 pasv_max_port=60020 pasv_address= {Server IP} pasv_addr_resolve=YES pasv_enable=YES log_ftp_protocol=YES force_dot_files=YES hide_ids=YES max_per_ip=10 max_clients=100 allow_writeable_chroot=YES |
port services change
|
1 2 3 4 5 |
# sudo vi /etc/services ftp 21/tcp => ftp 50021/tcp |
firewall open
Inbound range
fpt tcp : 50021
passv tcp : 60010:60020
restart vsftpd
Inbound range
fpt tcp : 50021
passv tcp : 60010:60020
|
1 2 3 |
systemctl restart vsftpd |